Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/dbe32f-86dc-40c8-a893-1d84e9092e52/1/Swh0fbfVLweLEvzO4mOn9L3L1-A.roa
File:                     Swh0fbfVLweLEvzO4mOn9L3L1-A.roa (raw, json)
Hash identifier:          YE1oWZABtaO3WHBrxlhlb66M8efw8CF6PEuPSQGY+IQ=
Subject key identifier:   4B:08:74:7D:B7:D5:2F:07:8B:12:FC:CE:E2:63:A7:F4:BD:CB:D7:E0
Certificate issuer:       /CN=8044244bf5c2e84685dbd212f3216a82ffae0f09
Certificate serial:       018CC801E623C9007407672FF40D9DAAD8BB
Authority key identifier: 80:44:24:4B:F5:C2:E8:46:85:DB:D2:12:F3:21:6A:82:FF:AE:0F:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gEQkS_XC6EaF29IS8yFqgv-uDwk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/dbe32f-86dc-40c8-a893-1d84e9092e52/1/Swh0fbfVLweLEvzO4mOn9L3L1-A.roa
Signing time:             Tue 02 Jan 2024 02:30:16 +0000
ROA not before:           Tue 02 Jan 2024 02:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49173
IP address blocks:        194.146.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/dbe32f-86dc-40c8-a893-1d84e9092e52/1/gEQkS_XC6EaF29IS8yFqgv-uDwk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/dbe32f-86dc-40c8-a893-1d84e9092e52/1/gEQkS_XC6EaF29IS8yFqgv-uDwk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gEQkS_XC6EaF29IS8yFqgv-uDwk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:e6:23:c9:00:74:07:67:2f:f4:0d:9d:aa:d8:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8044244bf5c2e84685dbd212f3216a82ffae0f09
        Validity
            Not Before: Jan  2 02:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4b08747db7d52f078b12fccee263a7f4bdcbd7e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:21:a5:c9:a9:74:42:19:a4:3b:98:63:0e:94:
                    e4:8c:a7:83:2c:18:63:d8:02:2c:fc:e0:a3:98:a5:
                    91:1d:d2:c4:59:13:89:7c:82:a5:41:6d:7e:99:9f:
                    9c:c5:9f:f2:20:a4:79:07:bc:f9:77:7b:82:ff:32:
                    65:e7:d5:82:fe:85:3c:29:39:d7:e6:8b:c4:e4:ae:
                    11:2f:b5:d0:1d:a7:f6:18:3b:aa:7f:80:ba:53:92:
                    6e:da:a7:e4:64:44:e2:81:20:22:f5:28:b2:87:17:
                    f5:e3:bf:1a:7c:c6:2e:d4:1f:39:f1:40:c3:2a:15:
                    42:65:93:74:10:f7:b6:74:42:ed:07:3d:e9:e2:8c:
                    f1:3f:fa:7d:40:a7:cf:af:24:c9:14:04:82:86:f2:
                    8f:e5:95:94:43:d0:03:60:8a:e7:ae:58:0c:20:c2:
                    40:c4:a9:f2:db:ef:db:07:5d:de:a7:ae:3f:c9:26:
                    ba:b3:cb:76:62:f0:62:06:1b:bb:25:18:9f:d1:26:
                    9d:9f:8d:fa:19:3a:de:a8:81:48:be:11:51:27:26:
                    5f:97:0d:48:96:3e:52:fc:59:b2:ab:d3:28:58:4b:
                    e0:d4:d7:70:29:a7:23:ea:89:da:1a:6f:56:2c:23:
                    10:74:8a:fe:17:5f:31:1c:5e:f2:d4:42:78:ee:a8:
                    9d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:08:74:7D:B7:D5:2F:07:8B:12:FC:CE:E2:63:A7:F4:BD:CB:D7:E0
            X509v3 Authority Key Identifier:
                keyid:80:44:24:4B:F5:C2:E8:46:85:DB:D2:12:F3:21:6A:82:FF:AE:0F:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gEQkS_XC6EaF29IS8yFqgv-uDwk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/dbe32f-86dc-40c8-a893-1d84e9092e52/1/Swh0fbfVLweLEvzO4mOn9L3L1-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/dbe32f-86dc-40c8-a893-1d84e9092e52/1/gEQkS_XC6EaF29IS8yFqgv-uDwk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:f8:04:44:5a:db:14:31:1c:f2:79:c0:4b:ca:4b:5c:97:cf:
         cd:a6:01:7b:0c:52:89:21:17:bc:9a:95:e3:f9:e8:7a:7b:46:
         ff:42:45:0a:9e:2a:81:5f:ef:b5:fe:ab:34:1b:85:5b:d2:58:
         a9:e1:93:f8:08:f6:14:1b:61:07:d2:78:34:b5:b9:27:0a:18:
         eb:9e:b3:46:38:14:f7:a1:89:06:64:97:12:da:e8:8d:f5:a8:
         b3:50:12:8d:9d:b7:d0:53:8f:2c:f6:0f:b8:6f:b6:d5:f6:11:
         0f:15:ad:0c:2e:87:40:2e:4a:aa:2f:e2:01:48:10:05:a6:4e:
         38:60:6a:69:31:51:14:6e:84:a7:e2:ac:6e:80:38:0b:5a:7a:
         fc:c8:4f:00:04:48:b4:e7:95:85:76:18:69:48:1a:01:24:b3:
         e6:47:8b:bf:75:6d:78:1a:a0:86:e0:d7:cf:14:89:66:32:d4:
         c5:8b:a9:18:f8:42:63:3e:94:0b:bf:17:04:3c:0a:8a:22:0c:
         86:c9:5c:a5:f5:77:b0:cc:05:cf:71:53:eb:14:b6:a3:84:13:
         9e:0f:96:83:58:c6:d9:e8:a6:dd:01:1f:25:de:ed:21:39:14:
         53:9c:f7:24:5f:9c:c3:cd:43:03:31:83:59:b4:47:e8:bd:e6:
         b0:fa:9b:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAeYjyQB0B2cv9A2dqti7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwNDQyNDRiZjVjMmU4NDY4NWRiZDIxMmYzMjE2YTgyZmZh
ZTBmMDkwHhcNMjQwMTAyMDIzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjA4NzQ3ZGI3ZDUyZjA3OGIxMmZjY2VlMjYzYTdmNGJkY2JkN2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjiGlyal0QhmkO5hjDpTkjKeDLBhj
2AIs/OCjmKWRHdLEWROJfIKlQW1+mZ+cxZ/yIKR5B7z5d3uC/zJl59WC/oU8KTnX
5ovE5K4RL7XQHaf2GDuqf4C6U5Ju2qfkZETigSAi9Siyhxf1478afMYu1B858UDD
KhVCZZN0EPe2dELtBz3p4ozxP/p9QKfPryTJFASChvKP5ZWUQ9ADYIrnrlgMIMJA
xKny2+/bB13ep64/ySa6s8t2YvBiBhu7JRif0Sadn436GTreqIFIvhFRJyZflw1I
lj5S/Fmyq9MoWEvg1NdwKacj6onaGm9WLCMQdIr+F18xHF7y1EJ47qidOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsIdH231S8HixL8zuJjp/S9y9fgMB8GA1UdIwQY
MBaAFIBEJEv1wuhGhdvSEvMhaoL/rg8JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0VRa1NfWEM2RWFGMjlJUzh5RnFndi11RHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9kYmUzMmYtODZkYy00MGM4LWE4OTMt
MWQ4NGU5MDkyZTUyLzEvU3doMGZiZlZMd2VMRXZ6TzRtT245TDNMMS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9kYmUzMmYtODZkYy00MGM4LWE4OTMtMWQ4NGU5MDkyZTUy
LzEvZ0VRa1NfWEM2RWFGMjlJUzh5RnFndi11RHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpIcMA0G
CSqGSIb3DQEBCwUAA4IBAQAc+AREWtsUMRzyecBLyktcl8/NpgF7DFKJIRe8mpXj
+eh6e0b/QkUKniqBX++1/qs0G4Vb0lip4ZP4CPYUG2EH0ng0tbknChjrnrNGOBT3
oYkGZJcS2uiN9aizUBKNnbfQU48s9g+4b7bV9hEPFa0MLodALkqqL+IBSBAFpk44
YGppMVEUboSn4qxugDgLWnr8yE8ABEi055WFdhhpSBoBJLPmR4u/dW14GqCG4NfP
FIlmMtTFi6kY+EJjPpQLvxcEPAqKIgyGyVyl9XewzAXPcVPrFLajhBOeD5aDWMbZ
6KbdAR8l3u0hORRTnPckX5zDzUMDMYNZtEfoveaw+ptu
-----END CERTIFICATE-----