Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/z_SWV7VAL7jD0J7Zrt4iui3NiEE.roa
File:                     z_SWV7VAL7jD0J7Zrt4iui3NiEE.roa (raw, json)
Hash identifier:          EOaU/eNzghYkOZwhONOgi3XiNKfBuQ1asvOLusf+Gdw=
Subject key identifier:   CF:F4:96:57:B5:40:2F:B8:C3:D0:9E:D9:AE:DE:22:BA:2D:CD:88:41
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       019180675AE0896664A65E3DB079D70094E8
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/z_SWV7VAL7jD0J7Zrt4iui3NiEE.roa
Signing time:             Fri 23 Aug 2024 18:02:22 +0000
ROA not before:           Fri 23 Aug 2024 18:02:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214307
IP address blocks:        92.240.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:80:67:5a:e0:89:66:64:a6:5e:3d:b0:79:d7:00:94:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Aug 23 18:02:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cff49657b5402fb8c3d09ed9aede22ba2dcd8841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:36:96:f9:9f:47:e1:eb:09:42:e6:46:a4:4b:
                    4f:d2:21:ff:35:2d:36:76:77:74:bd:bd:af:8c:7a:
                    77:b4:b0:40:a5:dd:98:e6:5c:7e:7c:0b:e8:ad:eb:
                    06:00:92:41:8b:43:a2:e1:62:d0:cf:93:d5:74:52:
                    45:0f:58:3a:65:87:47:30:61:eb:06:14:ef:39:95:
                    78:a6:a5:d4:cd:17:f4:30:01:c8:a8:4c:da:6f:8e:
                    c3:be:87:eb:52:2b:c4:1a:df:28:1f:75:d0:17:47:
                    53:8d:d9:39:c9:70:9a:12:ba:b7:fe:58:aa:33:e4:
                    4b:73:a6:8f:f9:0b:ac:9c:de:2b:38:f6:01:d6:39:
                    ee:47:35:05:7d:54:80:65:2e:51:f0:9e:0d:68:1a:
                    bc:26:b9:ea:87:8a:a1:2a:7f:f4:5d:7b:99:fa:64:
                    c5:66:26:46:7c:a5:20:75:84:31:bd:af:aa:d5:70:
                    98:27:b2:57:33:78:2c:92:63:e7:2d:96:27:01:ef:
                    2c:b5:87:ae:26:03:25:8b:fa:2a:b4:bb:69:f1:cf:
                    80:01:43:9a:2f:ae:c9:85:cf:3f:ed:23:0e:d2:89:
                    a1:a3:4c:ed:64:4d:f8:d2:bb:20:49:d0:d7:fa:47:
                    50:52:56:4b:2c:69:c5:99:fd:92:38:8c:23:65:d7:
                    ce:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:F4:96:57:B5:40:2F:B8:C3:D0:9E:D9:AE:DE:22:BA:2D:CD:88:41
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/z_SWV7VAL7jD0J7Zrt4iui3NiEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.240.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:3b:91:31:51:39:76:e1:b0:b8:87:6b:1c:d5:6c:f4:a2:c0:
         34:9e:ed:a7:31:89:ec:98:7a:b0:c6:7b:75:4a:ee:77:6d:0b:
         17:7d:a6:3d:13:29:41:36:b0:83:17:56:e9:ff:c4:31:13:a3:
         2d:c5:9b:80:52:14:e1:27:3f:40:e7:00:c1:ad:fa:74:06:13:
         e0:5c:b3:f9:cf:81:d7:21:73:40:33:9c:e9:f2:7e:72:d5:dc:
         95:54:dc:1a:cb:a4:51:53:be:11:29:77:5f:ac:6f:db:ea:f3:
         dd:ff:c1:5f:5a:d0:7a:9c:ed:77:61:4f:8f:71:5d:9a:75:8f:
         8e:d7:28:7b:97:8f:e0:98:ef:01:49:d6:ca:31:bd:38:43:dc:
         1b:75:ec:05:18:9f:9c:ba:3b:1e:13:db:20:b5:0d:ef:83:77:
         d2:ba:90:c4:6e:e6:6f:69:bb:a9:f3:37:80:c5:5a:61:4e:0f:
         0c:a1:5c:ee:21:98:d0:31:a9:3a:e7:59:fe:e6:47:6e:00:67:
         31:aa:92:ec:ad:b8:17:22:5b:4a:34:17:a8:98:7a:8d:98:94:
         f7:5c:5d:d4:7a:df:cb:bf:5c:ea:a6:85:31:16:db:62:d7:ae:
         fb:16:6a:ae:9e:5c:ad:e8:ac:41:02:3e:96:8b:15:4c:71:8a:
         0f:86:f0:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGAZ1rgiWZkpl49sHnXAJToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwODIzMTgwMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmY0OTY1N2I1NDAyZmI4YzNkMDllZDlhZWRlMjJiYTJkY2Q4ODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTaW+Z9H4esJQuZGpEtP0iH/NS02
dnd0vb2vjHp3tLBApd2Y5lx+fAvoresGAJJBi0Oi4WLQz5PVdFJFD1g6ZYdHMGHr
BhTvOZV4pqXUzRf0MAHIqEzab47DvofrUivEGt8oH3XQF0dTjdk5yXCaErq3/liq
M+RLc6aP+QusnN4rOPYB1jnuRzUFfVSAZS5R8J4NaBq8Jrnqh4qhKn/0XXuZ+mTF
ZiZGfKUgdYQxva+q1XCYJ7JXM3gskmPnLZYnAe8stYeuJgMli/oqtLtp8c+AAUOa
L67Jhc8/7SMO0omho0ztZE340rsgSdDX+kdQUlZLLGnFmf2SOIwjZdfO3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM/0lle1QC+4w9Ce2a7eIrotzYhBMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvel9TV1Y3VkFMN2pEMEo3WnJ0NGl1aTNOaUVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXPCUMA0G
CSqGSIb3DQEBCwUAA4IBAQAqO5ExUTl24bC4h2sc1Wz0osA0nu2nMYnsmHqwxnt1
Su53bQsXfaY9EylBNrCDF1bp/8QxE6MtxZuAUhThJz9A5wDBrfp0BhPgXLP5z4HX
IXNAM5zp8n5y1dyVVNway6RRU74RKXdfrG/b6vPd/8FfWtB6nO13YU+PcV2adY+O
1yh7l4/gmO8BSdbKMb04Q9wbdewFGJ+cujseE9sgtQ3vg3fSupDEbuZvabup8zeA
xVphTg8MoVzuIZjQMak651n+5kduAGcxqpLsrbgXIltKNBeomHqNmJT3XF3Uet/L
v1zqpoUxFtti1677Fmqunlyt6KxBAj6WixVMcYoPhvB7
-----END CERTIFICATE-----