Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/SjwnSK46vCNi7OUZXpQIR2HzOhE.roa
File:                     SjwnSK46vCNi7OUZXpQIR2HzOhE.roa (raw, json)
Hash identifier:          SLuA6D+AER4vxLTWKIHbpVGz+G7I6E/14CaA7Clp0k8=
Subject key identifier:   4A:3C:27:48:AE:3A:BC:23:62:EC:E5:19:5E:94:08:47:61:F3:3A:11
Certificate issuer:       /CN=844582ca704717eb0c94be4d89413f4bc2d8b8e5
Certificate serial:       018CCA2A8A450F104B4106F5E2ED1AA47CF5
Authority key identifier: 84:45:82:CA:70:47:17:EB:0C:94:BE:4D:89:41:3F:4B:C2:D8:B8:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/SjwnSK46vCNi7OUZXpQIR2HzOhE.roa
Signing time:             Tue 02 Jan 2024 12:33:54 +0000
ROA not before:           Tue 02 Jan 2024 12:33:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56335
IP address blocks:        147.78.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:8a:45:0f:10:4b:41:06:f5:e2:ed:1a:a4:7c:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844582ca704717eb0c94be4d89413f4bc2d8b8e5
        Validity
            Not Before: Jan  2 12:33:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4a3c2748ae3abc2362ece5195e94084761f33a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:19:e9:41:ee:c3:8e:07:79:bd:11:02:c7:6b:
                    e4:83:c6:00:c5:fd:98:71:98:03:4f:c4:00:32:47:
                    52:8f:a1:ef:d1:7e:64:0a:16:93:8c:ff:5e:7c:4e:
                    04:1d:f2:5d:9c:98:71:be:9d:c5:17:ff:5e:06:41:
                    9e:d7:09:40:cb:9e:86:08:03:b3:26:03:22:d3:15:
                    be:2a:17:ac:b8:e0:b3:ca:03:d5:b0:eb:a7:94:7d:
                    67:fe:5c:d5:2e:4b:6a:a3:e0:15:03:4f:51:91:43:
                    07:08:7b:c3:2f:ab:33:e3:6a:ab:70:e2:fb:45:e3:
                    7b:6d:d8:d3:19:27:43:f7:f3:61:05:23:2f:f9:da:
                    0b:e9:57:3b:8e:08:da:ed:91:71:50:73:e6:a2:59:
                    a8:30:00:c2:00:a7:b9:e6:21:72:79:ec:81:0c:70:
                    a7:51:9e:6d:ed:11:bb:84:ae:94:53:6d:17:26:ad:
                    ff:7f:db:08:08:c0:d3:0d:0d:61:2f:f5:32:b4:c9:
                    4e:db:15:5c:1d:c8:f0:0a:c0:03:1e:88:c7:93:49:
                    57:cb:49:2c:4c:e6:15:55:59:82:b4:41:6d:d2:f4:
                    bd:37:c9:9e:57:09:89:6c:43:a9:6b:48:c1:29:cb:
                    50:c0:11:34:1e:09:fd:78:e5:99:69:d2:cc:cf:7c:
                    08:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:3C:27:48:AE:3A:BC:23:62:EC:E5:19:5E:94:08:47:61:F3:3A:11
            X509v3 Authority Key Identifier:
                keyid:84:45:82:CA:70:47:17:EB:0C:94:BE:4D:89:41:3F:4B:C2:D8:B8:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEWCynBHF-sMlL5NiUE_S8LYuOU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/SjwnSK46vCNi7OUZXpQIR2HzOhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/735e42-c608-46b6-8f70-f23f66f8d242/1/hEWCynBHF-sMlL5NiUE_S8LYuOU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.78.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:dc:76:d2:41:ac:88:92:c9:8c:39:26:62:73:b4:46:c1:18:
         55:dd:22:59:72:da:80:7d:6d:63:d4:33:6e:7b:8a:b2:60:a5:
         37:1e:14:3b:90:f1:52:65:ec:23:ef:54:ed:b5:1b:f7:56:08:
         ea:c1:13:84:68:c6:e3:d3:3c:2e:26:68:66:22:dc:9c:61:e9:
         16:56:43:98:a3:b8:ff:dd:e8:e8:51:64:99:03:f1:eb:f9:aa:
         3f:92:ca:bb:ac:19:06:f1:7e:bc:2f:41:fa:f1:cc:ca:80:87:
         09:52:3e:fa:e8:3b:58:38:c0:ce:8e:16:b9:e7:5d:2a:98:9d:
         96:2f:2d:48:90:1c:df:b4:b9:b9:a0:0e:18:47:8e:28:37:c1:
         ae:9c:a1:f7:55:d2:3d:eb:0c:ac:98:81:da:9e:2b:1b:f8:54:
         45:6f:e2:8f:f2:c5:d1:88:74:be:69:06:e2:a7:a8:01:28:9e:
         fb:a5:2c:a2:cc:69:46:26:09:b2:1e:bd:cc:52:96:11:85:13:
         36:43:73:c0:0d:c4:2f:a2:ce:af:ce:fc:a7:ab:a7:cb:b3:03:
         67:e7:74:b9:89:2c:4d:a8:3b:6c:36:77:82:c6:53:b3:97:02:
         ce:0d:bd:4a:1e:6d:df:55:c5:9d:b5:42:71:2e:46:07:7f:23:
         39:6d:77:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKopFDxBLQQb14u0apHz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NDU4MmNhNzA0NzE3ZWIwYzk0YmU0ZDg5NDEzZjRiYzJk
OGI4ZTUwHhcNMjQwMTAyMTIzMzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTNjMjc0OGFlM2FiYzIzNjJlY2U1MTk1ZTk0MDg0NzYxZjMzYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3hnpQe7Djgd5vRECx2vkg8YAxf2Y
cZgDT8QAMkdSj6Hv0X5kChaTjP9efE4EHfJdnJhxvp3FF/9eBkGe1wlAy56GCAOz
JgMi0xW+KhesuOCzygPVsOunlH1n/lzVLktqo+AVA09RkUMHCHvDL6sz42qrcOL7
ReN7bdjTGSdD9/NhBSMv+doL6Vc7jgja7ZFxUHPmolmoMADCAKe55iFyeeyBDHCn
UZ5t7RG7hK6UU20XJq3/f9sICMDTDQ1hL/UytMlO2xVcHcjwCsADHojHk0lXy0ks
TOYVVVmCtEFt0vS9N8meVwmJbEOpa0jBKctQwBE0Hgn9eOWZadLMz3wIpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEo8J0iuOrwjYuzlGV6UCEdh8zoRMB8GA1UdIwQY
MBaAFIRFgspwRxfrDJS+TYlBP0vC2LjlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVXQ3luQkhGLXNNbEw1TmlVRV9TOExZdU9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83MzVlNDItYzYwOC00NmI2LThmNzAt
ZjIzZjY2ZjhkMjQyLzEvU2p3blNLNDZ2Q05pN09VWlhwUUlSMkh6T2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83MzVlNDItYzYwOC00NmI2LThmNzAtZjIzZjY2ZjhkMjQy
LzEvaEVXQ3luQkhGLXNNbEw1TmlVRV9TOExZdU9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk04HMA0G
CSqGSIb3DQEBCwUAA4IBAQCo3HbSQayIksmMOSZic7RGwRhV3SJZctqAfW1j1DNu
e4qyYKU3HhQ7kPFSZewj71TttRv3VgjqwROEaMbj0zwuJmhmItycYekWVkOYo7j/
3ejoUWSZA/Hr+ao/ksq7rBkG8X68L0H68czKgIcJUj766DtYOMDOjha5510qmJ2W
Ly1IkBzftLm5oA4YR44oN8GunKH3VdI96wysmIHanisb+FRFb+KP8sXRiHS+aQbi
p6gBKJ77pSyizGlGJgmyHr3MUpYRhRM2Q3PADcQvos6vzvynq6fLswNn53S5iSxN
qDtsNneCxlOzlwLODb1KHm3fVcWdtUJxLkYHfyM5bXfB
-----END CERTIFICATE-----