Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/6c808e-0015-4d62-81d8-ecb7ae2722c1/1/swm48vI840zUfl2DaxMs8hbeLoo.roa
File:                     swm48vI840zUfl2DaxMs8hbeLoo.roa (raw, json)
Hash identifier:          JjFou/0kBbJgWy4DCqB6G2CRT7ZKW8RECYymrqJxYxE=
Subject key identifier:   B3:09:B8:F2:F2:3C:E3:4C:D4:7E:5D:83:6B:13:2C:F2:16:DE:2E:8A
Certificate issuer:       /CN=16f145727d34ae6607a615301283eeebd5d6291c
Certificate serial:       01941F8C900FB4020CBD950E2C478B563515
Authority key identifier: 16:F1:45:72:7D:34:AE:66:07:A6:15:30:12:83:EE:EB:D5:D6:29:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FvFFcn00rmYHphUwEoPu69XWKRw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/6c808e-0015-4d62-81d8-ecb7ae2722c1/1/swm48vI840zUfl2DaxMs8hbeLoo.roa
Signing time:             Wed 01 Jan 2025 01:48:13 +0000
ROA not before:           Wed 01 Jan 2025 01:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7233
IP address blocks:        77.238.189.0/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/6c808e-0015-4d62-81d8-ecb7ae2722c1/1/FvFFcn00rmYHphUwEoPu69XWKRw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/6c808e-0015-4d62-81d8-ecb7ae2722c1/1/FvFFcn00rmYHphUwEoPu69XWKRw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FvFFcn00rmYHphUwEoPu69XWKRw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 22:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:90:0f:b4:02:0c:bd:95:0e:2c:47:8b:56:35:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=16f145727d34ae6607a615301283eeebd5d6291c
        Validity
            Not Before: Jan  1 01:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b309b8f2f23ce34cd47e5d836b132cf216de2e8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:b4:92:47:20:8f:77:ff:95:42:bc:fd:f9:00:
                    05:f6:b6:d8:16:8a:21:ee:fb:cd:f4:85:04:3b:ee:
                    8e:c8:f2:a4:b1:a3:4c:37:66:1a:e2:16:18:5a:59:
                    95:d1:90:3a:da:60:3f:c2:43:a5:d0:8d:d3:a0:dc:
                    3c:61:d2:95:0c:af:7a:9a:ff:fa:f3:9f:36:4c:bc:
                    6e:61:d9:8f:c5:78:f6:34:0f:00:8e:5c:e2:d9:83:
                    ec:55:b1:97:38:ed:17:57:35:85:1a:1a:17:3b:3a:
                    99:63:eb:66:47:9b:e6:ec:92:8a:fc:a2:7a:2b:25:
                    ee:ab:31:53:58:99:b7:e6:2f:86:f6:21:74:18:08:
                    9b:3f:fe:63:5a:bd:10:71:18:14:ce:cc:3a:11:eb:
                    f0:51:fc:cf:b4:3b:6d:50:a9:c7:28:dd:e8:35:dc:
                    f7:12:85:20:22:fb:9d:08:8a:2a:a9:5f:ee:75:2a:
                    fc:30:a1:90:ad:2b:89:64:ef:7f:2b:f5:bc:05:6c:
                    58:35:da:9b:b4:43:91:89:08:45:2e:c6:1a:25:fe:
                    64:1b:7a:99:cb:a2:36:11:f0:24:62:13:64:cb:80:
                    3d:8a:7c:e8:5a:0c:55:2b:65:8c:ea:fc:65:c3:3b:
                    7f:ca:17:2c:b6:2d:af:2c:97:05:58:9f:33:eb:67:
                    84:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:09:B8:F2:F2:3C:E3:4C:D4:7E:5D:83:6B:13:2C:F2:16:DE:2E:8A
            X509v3 Authority Key Identifier:
                keyid:16:F1:45:72:7D:34:AE:66:07:A6:15:30:12:83:EE:EB:D5:D6:29:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FvFFcn00rmYHphUwEoPu69XWKRw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/6c808e-0015-4d62-81d8-ecb7ae2722c1/1/swm48vI840zUfl2DaxMs8hbeLoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/6c808e-0015-4d62-81d8-ecb7ae2722c1/1/FvFFcn00rmYHphUwEoPu69XWKRw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.238.189.0/25

    Signature Algorithm: sha256WithRSAEncryption
         82:be:5e:e2:f4:87:4f:aa:c4:1c:1a:8c:f4:dc:66:7f:1c:54:
         0c:98:82:e1:c8:4a:b3:61:84:39:8d:86:85:bd:53:0f:a9:80:
         38:7e:13:c1:30:bb:3d:04:14:59:34:8a:23:f2:71:19:a3:46:
         06:97:66:99:b7:b8:13:a5:a1:9f:0c:6e:b2:c3:fd:cc:b8:f9:
         47:79:12:6b:30:3f:59:d4:e7:93:5a:3a:bc:d2:d7:b6:3d:08:
         d7:d0:6b:17:20:8f:85:bb:ff:78:7f:8d:d4:4a:fe:fc:fd:fb:
         b3:31:5a:91:d0:52:01:2e:b2:46:ed:2d:75:af:cf:79:f7:70:
         8d:8d:fa:da:ae:0c:67:bd:5c:e2:62:16:3d:45:f0:06:e2:0e:
         e8:9b:4a:8c:5e:17:1f:08:23:3d:80:59:f9:cd:84:af:f1:d4:
         c7:63:80:9f:60:f3:39:6c:62:50:53:64:6b:fb:00:b8:10:50:
         c9:37:d8:79:19:fd:f0:60:34:84:ab:8f:67:0e:ff:12:4e:62:
         42:8b:3b:90:3a:19:39:4e:d6:95:88:c4:4a:6e:53:df:36:9c:
         87:9f:5f:b7:b5:57:3f:77:5a:7e:81:2b:17:72:5d:17:93:fd:
         86:3b:3c:13:95:e6:d9:8a:ac:2b:25:58:b1:ae:c6:c5:cb:22:
         1b:2f:b9:8b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjJAPtAIMvZUOLEeLVjUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE2ZjE0NTcyN2QzNGFlNjYwN2E2MTUzMDEyODNlZWViZDVk
NjI5MWMwHhcNMjUwMTAxMDE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzA5YjhmMmYyM2NlMzRjZDQ3ZTVkODM2YjEzMmNmMjE2ZGUyZThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsbSSRyCPd/+VQrz9+QAF9rbYFooh
7vvN9IUEO+6OyPKksaNMN2Ya4hYYWlmV0ZA62mA/wkOl0I3ToNw8YdKVDK96mv/6
8582TLxuYdmPxXj2NA8Ajlzi2YPsVbGXOO0XVzWFGhoXOzqZY+tmR5vm7JKK/KJ6
KyXuqzFTWJm35i+G9iF0GAibP/5jWr0QcRgUzsw6EevwUfzPtDttUKnHKN3oNdz3
EoUgIvudCIoqqV/udSr8MKGQrSuJZO9/K/W8BWxYNdqbtEORiQhFLsYaJf5kG3qZ
y6I2EfAkYhNky4A9inzoWgxVK2WM6vxlwzt/yhcsti2vLJcFWJ8z62eE/wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLMJuPLyPONM1H5dg2sTLPIW3i6KMB8GA1UdIwQY
MBaAFBbxRXJ9NK5mB6YVMBKD7uvV1ikcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRnZGRmNuMDBybVlIcGhVd0VvUHU2OVhXS1J3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi82YzgwOGUtMDAxNS00ZDYyLTgxZDgt
ZWNiN2FlMjcyMmMxLzEvc3dtNDh2STg0MHpVZmwyRGF4TXM4aGJlTG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi82YzgwOGUtMDAxNS00ZDYyLTgxZDgtZWNiN2FlMjcyMmMx
LzEvRnZGRmNuMDBybVlIcGhVd0VvUHU2OVhXS1J3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUHTe69ADAN
BgkqhkiG9w0BAQsFAAOCAQEAgr5e4vSHT6rEHBqM9NxmfxxUDJiC4chKs2GEOY2G
hb1TD6mAOH4TwTC7PQQUWTSKI/JxGaNGBpdmmbe4E6WhnwxussP9zLj5R3kSazA/
WdTnk1o6vNLXtj0I19BrFyCPhbv/eH+N1Er+/P37szFakdBSAS6yRu0tda/Pefdw
jY362q4MZ71c4mIWPUXwBuIO6JtKjF4XHwgjPYBZ+c2Er/HUx2OAn2DzOWxiUFNk
a/sAuBBQyTfYeRn98GA0hKuPZw7/Ek5iQos7kDoZOU7WlYjESm5T3zach59ft7VX
P3dafoErF3JdF5P9hjs8E5Xm2YqsKyVYsa7GxcsiGy+5iw==
-----END CERTIFICATE-----