Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/ae2929-674d-4946-8053-a4368a1b5f63/1/sw9NJEKhsLka-DwDz7QletNiVgs.roa
File:                     sw9NJEKhsLka-DwDz7QletNiVgs.roa (raw, json)
Hash identifier:          JLH9iGNCsr6v3KlA3y9iexE4KS3L7pvxKKJrAlUDsd8=
Subject key identifier:   B3:0F:4D:24:42:A1:B0:B9:1A:F8:3C:03:CF:B4:25:7A:D3:62:56:0B
Certificate issuer:       /CN=11e07556c191867add90101580ecf5d5b7429671
Certificate serial:       018CCA29005036EBCB951BD5847543F5BE74
Authority key identifier: 11:E0:75:56:C1:91:86:7A:DD:90:10:15:80:EC:F5:D5:B7:42:96:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EeB1VsGRhnrdkBAVgOz11bdClnE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/ae2929-674d-4946-8053-a4368a1b5f63/1/sw9NJEKhsLka-DwDz7QletNiVgs.roa
Signing time:             Tue 02 Jan 2024 12:32:13 +0000
ROA not before:           Tue 02 Jan 2024 12:32:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211384
IP address blocks:        193.3.32.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/ae2929-674d-4946-8053-a4368a1b5f63/1/EeB1VsGRhnrdkBAVgOz11bdClnE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/ae2929-674d-4946-8053-a4368a1b5f63/1/EeB1VsGRhnrdkBAVgOz11bdClnE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EeB1VsGRhnrdkBAVgOz11bdClnE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 10:04:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:00:50:36:eb:cb:95:1b:d5:84:75:43:f5:be:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11e07556c191867add90101580ecf5d5b7429671
        Validity
            Not Before: Jan  2 12:32:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b30f4d2442a1b0b91af83c03cfb4257ad362560b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:c7:8f:59:d9:26:85:d2:83:ad:b7:64:d3:00:
                    3b:10:c5:68:03:43:09:c6:7e:e9:fc:3f:f0:94:40:
                    25:82:ae:59:63:fa:8c:1e:92:5e:13:45:08:15:e8:
                    b5:05:2e:a4:45:e8:c1:9d:9e:c8:7a:0b:b7:18:ba:
                    30:15:6d:ff:03:3f:9e:f3:b5:27:ed:09:aa:39:45:
                    a7:13:40:00:95:56:0f:45:a8:36:a0:ea:33:42:80:
                    c7:86:fb:ec:e6:ed:ad:cf:cd:cf:e2:24:4c:40:ea:
                    99:dc:be:80:ce:55:ff:16:e6:ca:d0:8c:4d:f6:b4:
                    be:f1:82:b3:52:67:15:2b:2a:3a:a7:22:ea:ab:fe:
                    6b:01:cd:23:78:45:1b:73:ed:fe:1c:7b:3f:31:57:
                    c7:73:6d:02:6c:2c:36:e7:f8:51:9c:83:73:e8:5e:
                    d9:5e:ab:17:9b:3b:73:e7:3b:e1:4b:6d:b2:a3:7c:
                    ce:c3:52:dc:e9:c2:35:dc:97:91:8a:b5:4a:66:65:
                    97:f2:25:03:c7:dc:05:8e:77:48:2c:0a:5a:87:e6:
                    32:b4:82:26:ed:25:7d:73:99:ba:2a:1b:9b:5a:8d:
                    7c:23:ea:ba:07:04:4c:e7:22:77:f6:60:11:3f:31:
                    41:eb:c9:0b:bd:6f:c2:da:0a:7e:28:cb:99:1f:2f:
                    be:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:0F:4D:24:42:A1:B0:B9:1A:F8:3C:03:CF:B4:25:7A:D3:62:56:0B
            X509v3 Authority Key Identifier:
                keyid:11:E0:75:56:C1:91:86:7A:DD:90:10:15:80:EC:F5:D5:B7:42:96:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EeB1VsGRhnrdkBAVgOz11bdClnE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/ae2929-674d-4946-8053-a4368a1b5f63/1/sw9NJEKhsLka-DwDz7QletNiVgs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/ae2929-674d-4946-8053-a4368a1b5f63/1/EeB1VsGRhnrdkBAVgOz11bdClnE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.32.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:49:36:24:c8:0e:60:e6:4c:5b:53:ff:87:6d:5f:6e:3f:24:
         dd:5d:0c:2d:1f:85:45:b1:50:a9:73:cc:31:ba:da:44:c5:9b:
         c3:fc:ba:8c:34:89:d8:f5:18:79:52:bc:89:71:80:e9:31:12:
         49:19:d7:85:03:4c:cc:4f:dc:7c:0b:a8:0f:f4:45:1b:75:48:
         00:47:87:f4:d9:df:de:aa:ea:43:e5:c8:4a:f9:be:85:45:cd:
         c9:68:4f:b8:48:99:8b:b5:72:d8:0c:ba:88:2e:99:60:84:50:
         17:a6:15:cf:8a:74:0c:8b:45:29:5b:ea:9b:87:b9:b8:ff:0f:
         8b:43:75:21:94:5c:7f:c6:f7:46:56:fb:8b:3f:0a:71:60:3e:
         20:8e:c7:9c:17:98:8a:de:eb:2d:4b:59:40:82:22:48:89:27:
         09:7a:7e:26:8a:fc:99:f5:90:9c:54:2a:a6:af:35:17:38:bd:
         5d:8a:17:24:c8:b8:09:fc:b6:66:d9:e8:3a:12:bf:d7:62:dd:
         09:4e:b5:64:11:8a:ce:b3:eb:7b:ec:3c:95:b0:e8:c9:81:59:
         ca:00:f4:7b:c8:d1:7d:ea:6c:20:69:4b:d6:ce:c4:b0:0e:91:
         be:33:d6:51:cf:7a:fc:81:45:ad:b1:2d:5a:65:b9:f2:37:51:
         8d:44:03:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKQBQNuvLlRvVhHVD9b50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExZTA3NTU2YzE5MTg2N2FkZDkwMTAxNTgwZWNmNWQ1Yjc0
Mjk2NzEwHhcNMjQwMTAyMTIzMjEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzBmNGQyNDQyYTFiMGI5MWFmODNjMDNjZmI0MjU3YWQzNjI1NjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiMePWdkmhdKDrbdk0wA7EMVoA0MJ
xn7p/D/wlEAlgq5ZY/qMHpJeE0UIFei1BS6kRejBnZ7Iegu3GLowFW3/Az+e87Un
7QmqOUWnE0AAlVYPRag2oOozQoDHhvvs5u2tz83P4iRMQOqZ3L6AzlX/FubK0IxN
9rS+8YKzUmcVKyo6pyLqq/5rAc0jeEUbc+3+HHs/MVfHc20CbCw25/hRnINz6F7Z
XqsXmztz5zvhS22yo3zOw1Lc6cI13JeRirVKZmWX8iUDx9wFjndILApah+YytIIm
7SV9c5m6KhubWo18I+q6BwRM5yJ39mARPzFB68kLvW/C2gp+KMuZHy++yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMPTSRCobC5Gvg8A8+0JXrTYlYLMB8GA1UdIwQY
MBaAFBHgdVbBkYZ63ZAQFYDs9dW3QpZxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWVCMVZzR1JobnJka0JBVmdPejExYmRDbG5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9hZTI5MjktNjc0ZC00OTQ2LTgwNTMt
YTQzNjhhMWI1ZjYzLzEvc3c5TkpFS2hzTGthLUR3RHo3UWxldE5pVmdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9hZTI5MjktNjc0ZC00OTQ2LTgwNTMtYTQzNjhhMWI1ZjYz
LzEvRWVCMVZzR1JobnJka0JBVmdPejExYmRDbG5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMgMA0G
CSqGSIb3DQEBCwUAA4IBAQC7STYkyA5g5kxbU/+HbV9uPyTdXQwtH4VFsVCpc8wx
utpExZvD/LqMNInY9Rh5UryJcYDpMRJJGdeFA0zMT9x8C6gP9EUbdUgAR4f02d/e
qupD5chK+b6FRc3JaE+4SJmLtXLYDLqILplghFAXphXPinQMi0UpW+qbh7m4/w+L
Q3UhlFx/xvdGVvuLPwpxYD4gjsecF5iK3ustS1lAgiJIiScJen4mivyZ9ZCcVCqm
rzUXOL1dihckyLgJ/LZm2eg6Er/XYt0JTrVkEYrOs+t77DyVsOjJgVnKAPR7yNF9
6mwgaUvWzsSwDpG+M9ZRz3r8gUWtsS1aZbnyN1GNRAPB
-----END CERTIFICATE-----