Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/75c017-162f-4d0b-97c9-013b2feb5d28/1/SW-4hL0mVSkVe3oiFDw6-IYGB80.roa
File:                     SW-4hL0mVSkVe3oiFDw6-IYGB80.roa (raw, json)
Hash identifier:          aedwmf02se0U+ifzhQZmrqdfm8+Faq7npwCgMp24KCg=
Subject key identifier:   49:6F:B8:84:BD:26:55:29:15:7B:7A:22:14:3C:3A:F8:86:06:07:CD
Certificate issuer:       /CN=896d50ab12dac757a8517f989e7317255a147c50
Certificate serial:       01941FFA12D86E26874179F3BEA262CFF0F7
Authority key identifier: 89:6D:50:AB:12:DA:C7:57:A8:51:7F:98:9E:73:17:25:5A:14:7C:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iW1QqxLax1eoUX-YnnMXJVoUfFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/75c017-162f-4d0b-97c9-013b2feb5d28/1/SW-4hL0mVSkVe3oiFDw6-IYGB80.roa
Signing time:             Wed 01 Jan 2025 03:47:50 +0000
ROA not before:           Wed 01 Jan 2025 03:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59504
IP address blocks:        194.53.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/75c017-162f-4d0b-97c9-013b2feb5d28/1/iW1QqxLax1eoUX-YnnMXJVoUfFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/75c017-162f-4d0b-97c9-013b2feb5d28/1/iW1QqxLax1eoUX-YnnMXJVoUfFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iW1QqxLax1eoUX-YnnMXJVoUfFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 21:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:12:d8:6e:26:87:41:79:f3:be:a2:62:cf:f0:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896d50ab12dac757a8517f989e7317255a147c50
        Validity
            Not Before: Jan  1 03:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=496fb884bd265529157b7a22143c3af8860607cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:d9:9e:4d:da:6e:d3:b8:61:1c:02:5a:ec:16:
                    0f:4f:68:8d:84:41:0e:32:2f:16:e5:bd:43:26:3d:
                    98:d2:eb:28:4b:d4:69:a1:db:98:56:ae:ab:1e:a9:
                    0c:5b:36:01:ac:90:c9:e2:03:9e:d8:2a:68:89:f3:
                    74:0d:e1:fa:d4:49:a0:ea:8e:a7:40:06:3b:78:45:
                    98:a2:0c:da:b8:db:98:64:96:f9:f0:37:70:56:2b:
                    94:0a:74:04:d0:4c:cc:99:0d:f5:43:14:29:75:82:
                    71:2b:32:87:e0:cc:1a:9a:05:e3:f2:7a:5e:a9:5a:
                    dd:ab:00:9e:2d:49:8b:52:cb:17:ea:b7:a4:b1:d2:
                    d5:45:76:5c:54:69:18:ae:5a:dd:d3:61:e7:62:d0:
                    12:c9:bd:97:4f:14:c5:61:4b:e2:be:b6:1c:4d:40:
                    71:6a:3b:df:68:92:ef:8f:e7:36:c6:39:5f:fb:c2:
                    38:a9:39:9c:a4:f5:f9:b0:e2:06:d3:a1:89:68:b8:
                    20:b9:1e:7a:a1:a5:26:ed:02:02:51:b3:56:e8:61:
                    8a:b5:90:e0:a8:8a:82:da:53:6b:0f:4b:a1:ce:f0:
                    54:0a:8d:80:b1:8e:3d:a5:e9:e2:4d:ff:08:68:e8:
                    fe:a6:00:62:6c:51:51:b3:8e:1b:ea:7d:84:1d:66:
                    82:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6F:B8:84:BD:26:55:29:15:7B:7A:22:14:3C:3A:F8:86:06:07:CD
            X509v3 Authority Key Identifier:
                keyid:89:6D:50:AB:12:DA:C7:57:A8:51:7F:98:9E:73:17:25:5A:14:7C:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iW1QqxLax1eoUX-YnnMXJVoUfFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/75c017-162f-4d0b-97c9-013b2feb5d28/1/SW-4hL0mVSkVe3oiFDw6-IYGB80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/75c017-162f-4d0b-97c9-013b2feb5d28/1/iW1QqxLax1eoUX-YnnMXJVoUfFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.53.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:bf:d4:ca:5b:da:70:43:02:1c:30:60:4a:31:49:5b:fd:a8:
         3a:01:2e:5d:e9:d5:4c:60:c4:21:16:17:ba:65:1c:cd:dc:be:
         f3:b1:6c:b7:e9:43:b2:85:38:fb:d7:7d:d7:12:3e:5c:74:69:
         67:17:ce:69:9f:85:d3:33:82:65:c3:8b:d7:cb:db:06:a6:0b:
         1d:c9:42:b5:5e:45:d6:88:23:d0:87:46:3a:59:d3:da:2e:7d:
         1f:42:af:92:fa:1f:92:07:91:c9:65:d9:fc:c0:5b:64:b1:f7:
         7d:34:fb:bf:c6:d5:f8:9b:49:68:7f:2a:c2:e3:95:52:a5:b1:
         c3:7e:80:b7:99:c4:45:42:f2:56:bd:74:a5:1e:11:6d:cf:01:
         54:5e:b6:94:cd:4f:f5:c6:ce:2e:87:73:f6:4e:6b:14:8d:df:
         4a:e4:f2:e6:a6:80:66:6a:77:66:10:81:89:e0:a7:82:31:b5:
         e9:2d:f0:90:8f:fd:9b:22:a6:94:d0:a7:05:79:a7:3b:1d:e3:
         35:27:b6:39:7a:1e:ff:9c:64:2f:53:90:da:17:3f:82:84:c6:
         68:8a:33:d5:d8:ba:85:be:0a:fc:4d:a2:a1:d8:99:b6:3e:70:
         c6:ec:46:93:92:cd:de:bb:99:78:1b:0c:fc:9b:74:69:8f:76:
         b5:bd:07:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hLYbiaHQXnzvqJiz/D3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmQ1MGFiMTJkYWM3NTdhODUxN2Y5ODllNzMxNzI1NWEx
NDdjNTAwHhcNMjUwMTAxMDM0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTZmYjg4NGJkMjY1NTI5MTU3YjdhMjIxNDNjM2FmODg2MDYwN2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5dmeTdpu07hhHAJa7BYPT2iNhEEO
Mi8W5b1DJj2Y0usoS9RpoduYVq6rHqkMWzYBrJDJ4gOe2CpoifN0DeH61Emg6o6n
QAY7eEWYogzauNuYZJb58DdwViuUCnQE0EzMmQ31QxQpdYJxKzKH4MwamgXj8npe
qVrdqwCeLUmLUssX6reksdLVRXZcVGkYrlrd02HnYtASyb2XTxTFYUvivrYcTUBx
ajvfaJLvj+c2xjlf+8I4qTmcpPX5sOIG06GJaLgguR56oaUm7QICUbNW6GGKtZDg
qIqC2lNrD0uhzvBUCo2AsY49peniTf8IaOj+pgBibFFRs44b6n2EHWaCIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElvuIS9JlUpFXt6IhQ8OviGBgfNMB8GA1UdIwQY
MBaAFIltUKsS2sdXqFF/mJ5zFyVaFHxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVcxUXF4TGF4MWVvVVgtWW5uTVhKVm9VZkZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS83NWMwMTctMTYyZi00ZDBiLTk3Yzkt
MDEzYjJmZWI1ZDI4LzEvU1ctNGhMMG1WU2tWZTNvaUZEdzYtSVlHQjgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS83NWMwMTctMTYyZi00ZDBiLTk3YzktMDEzYjJmZWI1ZDI4
LzEvaVcxUXF4TGF4MWVvVVgtWW5uTVhKVm9VZkZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjWvMA0G
CSqGSIb3DQEBCwUAA4IBAQBHv9TKW9pwQwIcMGBKMUlb/ag6AS5d6dVMYMQhFhe6
ZRzN3L7zsWy36UOyhTj7133XEj5cdGlnF85pn4XTM4Jlw4vXy9sGpgsdyUK1XkXW
iCPQh0Y6WdPaLn0fQq+S+h+SB5HJZdn8wFtksfd9NPu/xtX4m0lofyrC45VSpbHD
foC3mcRFQvJWvXSlHhFtzwFUXraUzU/1xs4uh3P2TmsUjd9K5PLmpoBmandmEIGJ
4KeCMbXpLfCQj/2bIqaU0KcFeac7HeM1J7Y5eh7/nGQvU5DaFz+ChMZoijPV2LqF
vgr8TaKh2Jm2PnDG7EaTks3eu5l4Gwz8m3Rpj3a1vQeE
-----END CERTIFICATE-----