Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/SWC57OqRIOpV2yhCCx9NLVFaXJ8.roa
File:                     SWC57OqRIOpV2yhCCx9NLVFaXJ8.roa (raw, json)
Hash identifier:          9Eu+9eUM9a9QcpNTP3oLmuVLtNJ9Ny8d0KInYIk7tiI=
Subject key identifier:   49:60:B9:EC:EA:91:20:EA:55:DB:28:42:0B:1F:4D:2D:51:5A:5C:9F
Certificate issuer:       /CN=84d1dc613d74e6c32dcb9814ce126bd61b52aaa7
Certificate serial:       018CC42463A4315F626DC6B47904D0BB2DB9
Authority key identifier: 84:D1:DC:61:3D:74:E6:C3:2D:CB:98:14:CE:12:6B:D6:1B:52:AA:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hNHcYT105sMty5gUzhJr1htSqqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/SWC57OqRIOpV2yhCCx9NLVFaXJ8.roa
Signing time:             Mon 01 Jan 2024 08:29:28 +0000
ROA not before:           Mon 01 Jan 2024 08:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     559
IP address blocks:        193.247.248.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/hNHcYT105sMty5gUzhJr1htSqqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/hNHcYT105sMty5gUzhJr1htSqqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hNHcYT105sMty5gUzhJr1htSqqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:63:a4:31:5f:62:6d:c6:b4:79:04:d0:bb:2d:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84d1dc613d74e6c32dcb9814ce126bd61b52aaa7
        Validity
            Not Before: Jan  1 08:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4960b9ecea9120ea55db28420b1f4d2d515a5c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:df:bb:3c:3b:7c:24:b6:4f:97:ca:36:2d:27:
                    bf:65:7c:8b:f7:7d:81:41:32:a2:e7:2a:d7:ad:08:
                    50:04:19:bf:da:aa:71:1e:0f:f2:7f:ec:e9:82:9e:
                    45:f1:dd:2e:df:33:37:d8:42:05:13:f1:99:d3:af:
                    38:fa:50:ef:ba:03:2d:d9:3b:86:74:e8:f4:02:b6:
                    8b:83:e3:92:a1:7d:4b:48:2c:a8:e5:2d:24:07:a7:
                    95:f5:e8:a7:f2:de:50:3e:0a:54:7e:dc:51:b3:06:
                    d9:82:3f:aa:4d:ca:0b:da:83:e8:68:48:dc:cc:60:
                    ab:9e:4d:3b:92:f7:33:bb:eb:69:d6:67:46:fa:11:
                    64:fa:1b:72:db:a6:41:d4:3d:0d:01:6d:7f:bb:4a:
                    13:ec:b5:f5:f8:90:e5:40:05:f3:1a:21:ea:ad:d9:
                    01:ac:e3:1a:4f:19:2c:03:6d:f2:08:ee:42:1a:b8:
                    59:21:2b:9f:37:d1:bd:5c:5c:7c:6b:e5:2a:09:91:
                    62:25:e2:1c:c4:fb:f9:ac:02:0b:bd:f9:a1:e0:c9:
                    a5:87:07:52:1b:a3:ee:6b:f7:86:04:78:27:8a:1a:
                    89:0e:e3:5d:16:46:a3:74:64:7d:6d:2d:c1:6a:8f:
                    83:2f:95:ea:ea:e9:7a:02:f6:a6:5b:e8:d6:57:aa:
                    ce:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:60:B9:EC:EA:91:20:EA:55:DB:28:42:0B:1F:4D:2D:51:5A:5C:9F
            X509v3 Authority Key Identifier:
                keyid:84:D1:DC:61:3D:74:E6:C3:2D:CB:98:14:CE:12:6B:D6:1B:52:AA:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hNHcYT105sMty5gUzhJr1htSqqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/SWC57OqRIOpV2yhCCx9NLVFaXJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/4e0201-4a04-415f-a5f2-f21b66de9b56/1/hNHcYT105sMty5gUzhJr1htSqqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.247.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         91:80:50:e2:62:c1:a1:88:2e:2d:95:0b:db:c7:e1:bf:4d:4e:
         13:82:a1:00:d0:da:30:8d:51:b6:8b:69:9c:a0:3b:b0:05:b9:
         35:f6:72:82:a2:d2:30:8c:d1:a3:ac:9d:25:33:ba:ce:f1:d0:
         43:cd:90:e7:91:aa:44:67:54:93:ab:80:20:1b:93:47:75:99:
         5f:d0:31:2f:3a:d8:7f:2f:75:18:1a:9d:0a:cd:f7:d5:9d:ff:
         34:de:0f:74:b4:ea:7e:4b:7d:61:58:e3:af:11:16:72:6c:7e:
         08:7f:7b:9c:d8:28:d0:07:73:81:fe:63:5f:a5:6d:d3:6f:a7:
         2a:ce:c3:9a:db:11:fc:e7:10:f5:f2:3d:39:20:06:96:91:c9:
         14:6b:0c:38:96:44:79:7c:94:ac:b7:cc:4f:d0:91:58:0e:ba:
         7d:0e:f5:07:b4:04:9a:7d:45:26:b9:fb:c1:1f:60:80:19:68:
         38:74:d4:25:87:80:b2:80:eb:c3:04:f5:46:ef:15:a0:c5:cd:
         b0:35:03:6f:1c:99:22:c1:9c:f0:52:18:5d:dc:49:fb:d5:06:
         ba:f7:49:0b:a5:8d:69:7f:ad:7c:c7:a1:90:78:0f:c8:5c:e5:
         64:c6:f3:13:64:33:c9:a9:8f:3a:3b:9d:79:aa:75:0c:ff:55:
         73:36:c0:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJGOkMV9ibca0eQTQuy25MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZDFkYzYxM2Q3NGU2YzMyZGNiOTgxNGNlMTI2YmQ2MWI1
MmFhYTcwHhcNMjQwMTAxMDgyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTYwYjllY2VhOTEyMGVhNTVkYjI4NDIwYjFmNGQyZDUxNWE1YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9+7PDt8JLZPl8o2LSe/ZXyL932B
QTKi5yrXrQhQBBm/2qpxHg/yf+zpgp5F8d0u3zM32EIFE/GZ0684+lDvugMt2TuG
dOj0AraLg+OSoX1LSCyo5S0kB6eV9ein8t5QPgpUftxRswbZgj+qTcoL2oPoaEjc
zGCrnk07kvczu+tp1mdG+hFk+hty26ZB1D0NAW1/u0oT7LX1+JDlQAXzGiHqrdkB
rOMaTxksA23yCO5CGrhZISufN9G9XFx8a+UqCZFiJeIcxPv5rAILvfmh4MmlhwdS
G6Pua/eGBHgnihqJDuNdFkajdGR9bS3Bao+DL5Xq6ul6AvamW+jWV6rO/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElguezqkSDqVdsoQgsfTS1RWlyfMB8GA1UdIwQY
MBaAFITR3GE9dObDLcuYFM4Sa9YbUqqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaE5IY1lUMTA1c010eTVnVXpoSnIxaHRTcXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy80ZTAyMDEtNGEwNC00MTVmLWE1ZjIt
ZjIxYjY2ZGU5YjU2LzEvU1dDNTdPcVJJT3BWMnloQ0N4OU5MVkZhWEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy80ZTAyMDEtNGEwNC00MTVmLWE1ZjItZjIxYjY2ZGU5YjU2
LzEvaE5IY1lUMTA1c010eTVnVXpoSnIxaHRTcXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwff4MA0G
CSqGSIb3DQEBCwUAA4IBAQCRgFDiYsGhiC4tlQvbx+G/TU4TgqEA0NowjVG2i2mc
oDuwBbk19nKCotIwjNGjrJ0lM7rO8dBDzZDnkapEZ1STq4AgG5NHdZlf0DEvOth/
L3UYGp0KzffVnf803g90tOp+S31hWOOvERZybH4If3uc2CjQB3OB/mNfpW3Tb6cq
zsOa2xH85xD18j05IAaWkckUaww4lkR5fJSst8xP0JFYDrp9DvUHtASafUUmufvB
H2CAGWg4dNQlh4CygOvDBPVG7xWgxc2wNQNvHJkiwZzwUhhd3En71Qa690kLpY1p
f618x6GQeA/IXOVkxvMTZDPJqY86O515qnUM/1VzNsBI
-----END CERTIFICATE-----