Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/SwhgnoZF_hBARmFUiuLLJ2EVqdA.roa
File:                     SwhgnoZF_hBARmFUiuLLJ2EVqdA.roa (raw, json)
Hash identifier:          48VRNmDGNhRP2L8JLtMNzB4JM3bc2vPZU8jDlCGlZ6A=
Subject key identifier:   4B:08:60:9E:86:45:FE:10:40:46:61:54:8A:E2:CB:27:61:15:A9:D0
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       0194244550E04352F507EE57E2FB59AE37F5
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/SwhgnoZF_hBARmFUiuLLJ2EVqdA.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199614
IP address blocks:        185.199.214.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:50:e0:43:52:f5:07:ee:57:e2:fb:59:ae:37:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b08609e8645fe10404661548ae2cb276115a9d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:36:95:ef:5c:dc:26:a6:9d:e1:40:25:f0:9f:
                    4f:0c:4a:a1:2e:4a:e4:ab:28:a7:63:64:3a:52:fa:
                    29:89:f8:b2:66:65:a3:fb:39:64:53:1d:5b:8d:ef:
                    65:e7:e4:59:97:58:94:be:8e:c6:a7:0a:94:ed:20:
                    97:e6:35:f7:0e:90:b6:fc:96:de:45:4d:56:b6:3b:
                    c7:ba:f2:e1:77:74:e5:a4:2e:72:b9:38:4e:44:1f:
                    5c:92:d6:60:46:ab:96:2e:09:20:52:6b:00:84:58:
                    cf:64:1d:d0:b1:27:6f:9f:d6:46:88:cb:98:97:ee:
                    fe:d1:96:a2:00:ab:19:9f:03:b7:57:24:bf:70:f3:
                    d1:35:a0:a8:01:02:5a:06:49:59:29:a4:4b:b6:b6:
                    df:ff:35:be:6c:9a:34:0b:d5:b7:70:0e:d8:94:79:
                    a6:6e:c3:39:4a:95:45:75:11:d9:42:de:f5:b0:31:
                    b8:5b:4d:92:48:fe:f0:49:d8:ab:9b:c3:6f:3e:ff:
                    3e:dc:ed:4e:5b:de:98:48:f8:e2:41:83:0a:ab:2d:
                    50:2b:d3:a2:1b:08:32:d2:1f:c6:91:e8:5c:f2:34:
                    31:66:e3:73:ac:bc:c2:3d:dd:6f:ed:9b:41:24:fb:
                    a1:25:85:49:84:d5:14:0d:76:16:c9:31:b2:33:d6:
                    5a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:08:60:9E:86:45:FE:10:40:46:61:54:8A:E2:CB:27:61:15:A9:D0
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/SwhgnoZF_hBARmFUiuLLJ2EVqdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.214.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:21:f1:2a:34:ea:14:a6:3e:b2:5b:2a:5c:10:a2:10:a1:58:
         23:b0:c5:74:35:49:65:f2:f3:03:37:13:8d:7d:4e:d6:a4:04:
         bb:a2:d9:c3:3e:a2:51:7a:d9:e0:20:3d:b5:6e:61:a8:8f:a3:
         b3:3d:8c:c3:de:ee:3d:92:d9:db:78:6d:06:fc:ad:60:ae:54:
         6b:08:c7:43:7d:a9:42:18:9a:f8:1d:63:5e:dd:05:4b:68:71:
         62:d9:6f:c7:29:96:69:40:f1:4c:ca:14:97:fe:29:d4:11:fd:
         25:e9:40:20:31:14:4b:d4:c0:58:87:d4:4b:d4:4c:33:72:93:
         ea:81:5b:33:b0:17:73:95:e6:de:52:9c:19:b4:ac:7b:c6:e6:
         82:79:74:83:ce:a2:cc:14:b1:0b:ee:bb:59:58:e1:77:f9:44:
         a8:46:11:f7:20:28:fd:ce:e7:6b:6c:32:86:b8:6f:42:e0:82:
         fc:8f:4d:c3:b8:44:1b:ab:85:97:3e:fd:52:b0:57:27:a9:f4:
         7f:93:68:3b:46:e3:aa:34:e9:e7:aa:5a:ef:f6:5a:f1:a2:6f:
         0f:50:76:f7:ae:a4:30:cb:4c:b7:97:4d:c8:fa:a4:a7:80:36:
         1b:74:26:88:83:2a:d2:75:a5:ee:ee:f4:4f:7f:a9:01:ac:d8:
         be:ce:1a:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVDgQ1L1B+5X4vtZrjf1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjA4NjA5ZTg2NDVmZTEwNDA0NjYxNTQ4YWUyY2IyNzYxMTVhOWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuDaV71zcJqad4UAl8J9PDEqhLkrk
qyinY2Q6UvopifiyZmWj+zlkUx1bje9l5+RZl1iUvo7GpwqU7SCX5jX3DpC2/Jbe
RU1WtjvHuvLhd3TlpC5yuThORB9cktZgRquWLgkgUmsAhFjPZB3QsSdvn9ZGiMuY
l+7+0ZaiAKsZnwO3VyS/cPPRNaCoAQJaBklZKaRLtrbf/zW+bJo0C9W3cA7YlHmm
bsM5SpVFdRHZQt71sDG4W02SSP7wSdirm8NvPv8+3O1OW96YSPjiQYMKqy1QK9Oi
Gwgy0h/Gkehc8jQxZuNzrLzCPd1v7ZtBJPuhJYVJhNUUDXYWyTGyM9ZalQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsIYJ6GRf4QQEZhVIriyydhFanQMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvU3doZ25vWkZfaEJBUm1GVWl1TExKMkVWcWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucfWMA0G
CSqGSIb3DQEBCwUAA4IBAQAJIfEqNOoUpj6yWypcEKIQoVgjsMV0NUll8vMDNxON
fU7WpAS7otnDPqJRetngID21bmGoj6OzPYzD3u49ktnbeG0G/K1grlRrCMdDfalC
GJr4HWNe3QVLaHFi2W/HKZZpQPFMyhSX/inUEf0l6UAgMRRL1MBYh9RL1EwzcpPq
gVszsBdzlebeUpwZtKx7xuaCeXSDzqLMFLEL7rtZWOF3+USoRhH3ICj9zudrbDKG
uG9C4IL8j03DuEQbq4WXPv1SsFcnqfR/k2g7RuOqNOnnqlrv9lrxom8PUHb3rqQw
y0y3l03I+qSngDYbdCaIgyrSdaXu7vRPf6kBrNi+zhrx
-----END CERTIFICATE-----