Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/SWbtiDhJekAGKrMxaIr0DPXQOzg.roa
File:                     SWbtiDhJekAGKrMxaIr0DPXQOzg.roa (raw, json)
Hash identifier:          xUg9JN0E8iV/LnVbnu54/5qiJiwqupilOIRHtpvUcCQ=
Subject key identifier:   49:66:ED:88:38:49:7A:40:06:2A:B3:31:68:8A:F4:0C:F5:D0:3B:38
Certificate issuer:       /CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
Certificate serial:       019422FC0C6AFF186B384947FC402724B675
Authority key identifier: 98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/SWbtiDhJekAGKrMxaIr0DPXQOzg.roa
Signing time:             Wed 01 Jan 2025 17:48:51 +0000
ROA not before:           Wed 01 Jan 2025 17:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        81.22.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:0c:6a:ff:18:6b:38:49:47:fc:40:27:24:b6:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982cf809c0e3e8e5552f9d0dd2e27e0dd2d8dabe
        Validity
            Not Before: Jan  1 17:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4966ed8838497a40062ab331688af40cf5d03b38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b0:a7:ae:59:b4:2d:26:66:13:a6:33:00:58:
                    55:6c:5e:80:95:ba:29:df:82:5a:78:54:a1:d4:6d:
                    5a:70:ba:17:86:15:7e:94:4d:ba:01:e0:89:d1:67:
                    72:38:31:e9:5e:e6:2b:ac:e8:dc:af:18:3f:af:c2:
                    8b:c3:d1:5b:0b:be:50:e1:a7:c8:3f:80:73:1e:e2:
                    d1:af:b8:f7:34:bf:66:ca:ce:cd:ba:b7:71:22:82:
                    12:ff:ad:a3:82:a7:6a:0c:78:ef:87:0b:6a:04:4f:
                    9c:af:30:fa:8a:d8:71:c2:a5:be:34:ea:6c:3e:22:
                    0e:e2:4c:11:90:3a:bc:54:68:a6:85:5c:25:16:7b:
                    37:0a:62:d3:a8:7d:2f:65:a2:ed:dc:37:44:f4:ca:
                    a9:f6:65:15:30:27:3f:37:68:db:2d:04:84:dc:ec:
                    57:a3:15:ab:91:73:1a:9e:d7:af:bc:17:97:a4:ed:
                    98:d5:b4:bd:63:03:e5:fb:33:4c:a8:2b:a8:4d:15:
                    ae:06:75:73:6d:9e:6b:50:40:25:c4:a5:d7:9e:e8:
                    be:ae:c1:5c:74:09:3f:c0:73:57:f3:58:03:2b:fc:
                    90:a4:ca:d2:00:36:53:8b:80:05:80:d5:31:f2:68:
                    c1:1e:c3:fd:2b:0f:67:f4:a9:22:52:5d:f3:11:13:
                    92:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:66:ED:88:38:49:7A:40:06:2A:B3:31:68:8A:F4:0C:F5:D0:3B:38
            X509v3 Authority Key Identifier:
                keyid:98:2C:F8:09:C0:E3:E8:E5:55:2F:9D:0D:D2:E2:7E:0D:D2:D8:DA:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCz4CcDj6OVVL50N0uJ-DdLY2r4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/SWbtiDhJekAGKrMxaIr0DPXQOzg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/6168d7-946c-4574-91ea-82ad14555eaa/1/mCz4CcDj6OVVL50N0uJ-DdLY2r4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.22.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:17:23:a1:f4:01:94:a9:6c:c7:c1:5e:02:35:82:39:79:e3:
         1c:b4:b8:d7:2c:e9:c7:8a:5c:2f:8d:69:85:84:c5:4a:24:c4:
         7d:fb:a6:c2:1e:4b:54:b0:ed:a8:9a:f4:17:df:13:67:f4:4c:
         0a:3e:64:7d:f8:93:5b:ea:38:7e:59:1a:ec:16:04:d3:d1:bd:
         55:30:ae:c8:02:07:10:ba:03:28:0d:0b:a9:a6:5c:ea:7d:91:
         32:75:09:6b:36:ed:f0:af:6a:94:67:12:ad:97:3b:a5:5b:08:
         32:e3:54:71:5d:7a:1e:69:e7:a3:57:54:95:40:05:78:16:bb:
         f0:9d:a2:19:b7:8d:9b:cd:14:84:6c:78:6d:d6:6a:3c:23:79:
         54:cb:48:b8:4c:16:08:dc:86:fb:b7:f7:5d:7c:b5:18:63:17:
         18:cc:24:00:84:9e:f4:ec:30:cd:3a:5f:b6:7c:9c:f0:15:f1:
         d4:01:db:95:e4:46:3d:d9:62:72:0e:4e:5f:b3:3c:af:0c:86:
         00:89:51:7d:27:eb:28:c7:14:a3:b5:94:5b:30:d1:2e:fb:b6:
         13:ea:cb:08:4d:eb:47:72:dc:d8:0e:05:ae:a7:63:7c:72:42:
         c2:3b:1a:b3:ed:15:f4:c6:dd:cc:2d:42:5d:a2:06:81:87:4c:
         ac:d6:6f:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Axq/xhrOElH/EAnJLZ1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmNmODA5YzBlM2U4ZTU1NTJmOWQwZGQyZTI3ZTBkZDJk
OGRhYmUwHhcNMjUwMTAxMTc0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTY2ZWQ4ODM4NDk3YTQwMDYyYWIzMzE2ODhhZjQwY2Y1ZDAzYjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbCnrlm0LSZmE6YzAFhVbF6Albop
34JaeFSh1G1acLoXhhV+lE26AeCJ0WdyODHpXuYrrOjcrxg/r8KLw9FbC75Q4afI
P4BzHuLRr7j3NL9mys7NurdxIoIS/62jgqdqDHjvhwtqBE+crzD6ithxwqW+NOps
PiIO4kwRkDq8VGimhVwlFns3CmLTqH0vZaLt3DdE9Mqp9mUVMCc/N2jbLQSE3OxX
oxWrkXMantevvBeXpO2Y1bS9YwPl+zNMqCuoTRWuBnVzbZ5rUEAlxKXXnui+rsFc
dAk/wHNX81gDK/yQpMrSADZTi4AFgNUx8mjBHsP9Kw9n9KkiUl3zEROS1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElm7Yg4SXpABiqzMWiK9Az10Ds4MB8GA1UdIwQY
MBaAFJgs+AnA4+jlVS+dDdLifg3S2Nq+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEt
ODJhZDE0NTU1ZWFhLzEvU1didGlEaEpla0FHS3JNeGFJcjBEUFhRT3pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC82MTY4ZDctOTQ2Yy00NTc0LTkxZWEtODJhZDE0NTU1ZWFh
LzEvbUN6NENjRGo2T1ZWTDUwTjB1Si1EZExZMnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURaLMA0G
CSqGSIb3DQEBCwUAA4IBAQA1FyOh9AGUqWzHwV4CNYI5eeMctLjXLOnHilwvjWmF
hMVKJMR9+6bCHktUsO2omvQX3xNn9EwKPmR9+JNb6jh+WRrsFgTT0b1VMK7IAgcQ
ugMoDQupplzqfZEydQlrNu3wr2qUZxKtlzulWwgy41RxXXoeaeejV1SVQAV4Frvw
naIZt42bzRSEbHht1mo8I3lUy0i4TBYI3Ib7t/ddfLUYYxcYzCQAhJ707DDNOl+2
fJzwFfHUAduV5EY92WJyDk5fszyvDIYAiVF9J+soxxSjtZRbMNEu+7YT6ssITetH
ctzYDgWup2N8ckLCOxqz7RX0xt3MLUJdogaBh0ys1m8g
-----END CERTIFICATE-----