Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/swTej-xZojpFKwqIKSgIQIUv6yo.roa
File:                     swTej-xZojpFKwqIKSgIQIUv6yo.roa (raw, json)
Hash identifier:          /qiQ+fxtgd/HGnEHzZxdGCUBr2dHqR5Gv7Xu7jFfzJk=
Subject key identifier:   B3:04:DE:8F:EC:59:A2:3A:45:2B:0A:88:29:28:08:40:85:2F:EB:2A
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941F879D4E1CE7AEA0577CCB006113
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/swTej-xZojpFKwqIKSgIQIUv6yo.roa
Signing time:             Tue 02 Jan 2024 00:30:22 +0000
ROA not before:           Tue 02 Jan 2024 00:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197577
IP address blocks:        109.248.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1f:87:9d:4e:1c:e7:ae:a0:57:7c:cb:00:61:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b304de8fec59a23a452b0a8829280840852feb2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:aa:08:d6:3b:4e:24:a4:33:ba:a5:6e:08:c1:
                    6d:c1:f5:39:9b:22:df:18:fc:06:45:c2:0f:c0:a1:
                    54:f8:96:c4:b7:65:4f:c6:28:23:33:b1:6c:69:57:
                    b3:bb:be:5c:a8:9f:e9:09:34:60:fb:7a:0f:fd:74:
                    90:3e:c2:b0:fa:80:1b:32:a2:3e:85:1e:df:d7:3a:
                    3a:cb:da:99:2a:01:b9:45:15:5f:5b:03:3b:49:de:
                    d4:62:9a:d9:0b:89:e9:06:57:ff:3e:08:59:47:de:
                    8b:4f:8a:bb:93:47:dc:05:e1:e7:74:11:9b:70:8d:
                    51:db:0d:99:8f:63:0c:51:0b:58:b1:56:08:bd:81:
                    7d:4a:02:4c:00:1a:c8:86:30:7a:3e:80:cf:71:45:
                    f2:c5:1e:db:fd:db:31:b7:dd:2c:6d:73:a4:ea:ac:
                    98:a7:0e:68:6a:ac:83:9a:8b:6a:24:35:31:14:9e:
                    30:52:d0:ff:72:25:b8:f2:57:77:4d:de:e4:2e:3d:
                    f1:88:05:7b:b7:d6:40:ce:b0:3c:93:98:e9:d3:17:
                    62:29:2c:b7:d7:84:93:89:13:b2:15:95:d0:e4:49:
                    bc:81:4e:e7:0a:c3:4c:9d:d8:cb:9e:92:95:03:d9:
                    4a:9f:0a:ea:a7:0d:56:c6:e1:ef:96:f0:00:06:2b:
                    ff:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:04:DE:8F:EC:59:A2:3A:45:2B:0A:88:29:28:08:40:85:2F:EB:2A
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/swTej-xZojpFKwqIKSgIQIUv6yo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.248.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d0:b0:7e:5f:c0:af:ea:23:fe:7f:7d:04:70:d4:b0:8d:32:
         69:6b:c7:22:6d:a3:ed:01:05:5c:d3:b4:fa:2e:d8:5d:a5:0a:
         b5:6c:87:7c:69:41:cc:af:75:cc:fa:13:0f:92:45:79:23:0e:
         56:61:cb:57:78:ee:ed:a7:1b:93:3d:85:8a:70:be:cf:49:6c:
         77:65:2f:a0:80:db:19:c3:87:0b:49:d6:ba:0f:b0:af:53:d6:
         92:23:09:e9:1c:56:66:72:21:eb:5f:b3:17:39:25:f8:9a:fe:
         c5:62:44:60:65:97:3a:86:b9:cc:44:60:6f:2e:c4:68:41:bc:
         67:0f:03:e0:56:95:0a:92:07:e4:6e:8b:79:fd:ef:1c:a9:58:
         c7:04:1f:a2:c7:c7:28:e9:f5:18:13:43:ec:6e:e3:7c:91:bf:
         d6:33:ca:1c:70:f1:b0:45:2e:fd:51:f1:47:35:10:b4:7f:bc:
         c8:d0:08:4f:27:d7:35:2f:52:40:0d:c3:19:b3:dc:61:56:67:
         f7:2d:17:c8:61:6c:f9:3f:07:96:02:47:11:d3:0f:d7:32:09:
         cb:ad:61:9d:f2:d7:56:c8:d3:27:fa:11:86:26:9c:5a:35:0f:
         59:ed:e1:1c:3a:06:72:61:a6:f5:5b:e7:1f:0b:20:f6:69:4b:
         b3:fb:34:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlB+HnU4c566gV3zLAGETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzA0ZGU4ZmVjNTlhMjNhNDUyYjBhODgyOTI4MDg0MDg1MmZlYjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaoI1jtOJKQzuqVuCMFtwfU5myLf
GPwGRcIPwKFU+JbEt2VPxigjM7FsaVezu75cqJ/pCTRg+3oP/XSQPsKw+oAbMqI+
hR7f1zo6y9qZKgG5RRVfWwM7Sd7UYprZC4npBlf/PghZR96LT4q7k0fcBeHndBGb
cI1R2w2Zj2MMUQtYsVYIvYF9SgJMABrIhjB6PoDPcUXyxR7b/dsxt90sbXOk6qyY
pw5oaqyDmotqJDUxFJ4wUtD/ciW48ld3Td7kLj3xiAV7t9ZAzrA8k5jp0xdiKSy3
14STiROyFZXQ5Em8gU7nCsNMndjLnpKVA9lKnwrqpw1WxuHvlvAABiv/jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLME3o/sWaI6RSsKiCkoCECFL+sqMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvc3dUZWoteFpvanBGS3dxSUtTZ0lRSVV2NnlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbfgpMA0G
CSqGSIb3DQEBCwUAA4IBAQCY0LB+X8Cv6iP+f30EcNSwjTJpa8cibaPtAQVc07T6
LthdpQq1bId8aUHMr3XM+hMPkkV5Iw5WYctXeO7tpxuTPYWKcL7PSWx3ZS+ggNsZ
w4cLSda6D7CvU9aSIwnpHFZmciHrX7MXOSX4mv7FYkRgZZc6hrnMRGBvLsRoQbxn
DwPgVpUKkgfkbot5/e8cqVjHBB+ix8co6fUYE0PsbuN8kb/WM8occPGwRS79UfFH
NRC0f7zI0AhPJ9c1L1JADcMZs9xhVmf3LRfIYWz5PweWAkcR0w/XMgnLrWGd8tdW
yNMn+hGGJpxaNQ9Z7eEcOgZyYab1W+cfCyD2aUuz+zS9
-----END CERTIFICATE-----