Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/sswcaI5RavqLtcZuuNsG0o7UMlg.roa
File:                     sswcaI5RavqLtcZuuNsG0o7UMlg.roa (raw, json)
Hash identifier:          i/UgM5gfiSRQt6C50GZVcftkAjRrNkiRrGJ6rNK37tE=
Subject key identifier:   B2:CC:1C:68:8E:51:6A:FA:8B:B5:C6:6E:B8:DB:06:D2:8E:D4:32:58
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       019426D984ADF1F1E61C984517C5F0230C78
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/sswcaI5RavqLtcZuuNsG0o7UMlg.roa
Signing time:             Thu 02 Jan 2025 11:49:36 +0000
ROA not before:           Thu 02 Jan 2025 11:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199586
IP address blocks:        2a03:5840::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:84:ad:f1:f1:e6:1c:98:45:17:c5:f0:23:0c:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jan  2 11:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2cc1c688e516afa8bb5c66eb8db06d28ed43258
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:65:93:77:85:aa:ab:be:9c:2d:a8:55:57:68:
                    19:60:e1:d9:75:ec:b4:69:f4:29:f4:05:39:0e:ee:
                    0d:a3:14:62:99:9b:63:b8:4b:75:54:62:2a:51:3a:
                    b6:89:ea:58:57:6b:b2:18:6b:09:dd:7f:f2:ee:1b:
                    19:d5:c4:fc:37:a1:3d:1a:92:31:58:be:64:99:d9:
                    43:7c:2c:08:9e:c8:7c:9a:2c:9d:7b:31:10:e9:c3:
                    5e:dd:88:9f:bd:61:88:e5:fa:91:75:d9:7e:5a:26:
                    e2:47:70:d5:79:30:ba:c7:04:d8:f6:62:b1:8e:ca:
                    b3:3a:82:4e:be:2c:67:a7:05:4f:f1:10:99:9e:9d:
                    15:66:22:74:7d:78:a4:ba:3a:ca:3a:0c:66:0d:98:
                    38:51:7b:06:1a:ae:63:a6:1e:02:ab:71:9c:ef:90:
                    75:f7:92:36:9b:af:77:58:91:8d:99:82:8b:89:dd:
                    28:92:92:9e:16:b0:4e:df:ba:e1:21:a8:51:71:96:
                    45:77:98:91:bd:22:2b:3f:d5:b5:f7:a5:48:0d:06:
                    e3:04:f7:55:70:6f:50:22:63:8f:51:a2:0c:14:ae:
                    3f:9e:84:f6:bd:af:dd:c3:db:d3:af:0b:6b:26:56:
                    6d:8b:4e:0b:c3:c3:65:7a:97:90:76:da:18:19:1f:
                    66:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CC:1C:68:8E:51:6A:FA:8B:B5:C6:6E:B8:DB:06:D2:8E:D4:32:58
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/sswcaI5RavqLtcZuuNsG0o7UMlg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840::/48

    Signature Algorithm: sha256WithRSAEncryption
         03:23:cb:62:a1:62:6e:80:44:38:da:72:e4:ab:10:1d:e9:57:
         71:ea:74:f9:cc:db:4f:23:d1:34:7d:f2:78:d5:ce:75:46:53:
         64:0e:d9:7e:ed:03:f3:76:bb:92:86:2c:93:f4:32:06:8e:38:
         ae:90:ab:f8:9f:bd:ee:3e:97:00:8f:06:39:51:96:d9:2a:f4:
         a0:e9:3a:3d:77:ce:d1:d8:2b:e8:35:8b:7d:d0:6b:01:c5:25:
         bf:af:00:da:3e:19:1e:61:28:55:81:20:0f:da:76:1f:d4:58:
         52:ff:14:54:f8:4e:1e:02:9b:99:53:d9:45:81:07:44:25:56:
         e3:9e:34:91:36:bd:74:7a:9b:37:41:3b:b5:d1:ac:e3:fc:46:
         77:6a:46:44:97:14:39:bc:22:3a:b0:d9:b2:5f:55:76:83:83:
         fb:89:42:8d:d5:04:49:63:07:5f:ec:e4:df:63:fa:b4:34:db:
         71:70:b6:96:f2:85:4d:c6:17:fc:93:af:92:94:e8:a6:ae:62:
         c3:69:3e:00:1f:56:2f:cb:82:48:fa:32:c6:fb:62:bc:dd:21:
         f3:da:05:1f:31:da:66:1d:41:d4:c9:54:27:8a:3a:9d:97:ad:
         b8:d7:98:9d:ae:db:23:17:a0:2c:f5:ea:62:58:17:5c:31:c4:
         3c:5a:75:80
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQm2YSt8fHmHJhFF8XwIwx4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwMTAyMTE0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNjMWM2ODhlNTE2YWZhOGJiNWM2NmViOGRiMDZkMjhlZDQzMjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvGWTd4Wqq76cLahVV2gZYOHZdey0
afQp9AU5Du4NoxRimZtjuEt1VGIqUTq2iepYV2uyGGsJ3X/y7hsZ1cT8N6E9GpIx
WL5kmdlDfCwInsh8miydezEQ6cNe3YifvWGI5fqRddl+WibiR3DVeTC6xwTY9mKx
jsqzOoJOvixnpwVP8RCZnp0VZiJ0fXikujrKOgxmDZg4UXsGGq5jph4Cq3Gc75B1
95I2m693WJGNmYKLid0okpKeFrBO37rhIahRcZZFd5iRvSIrP9W196VIDQbjBPdV
cG9QImOPUaIMFK4/noT2va/dw9vTrwtrJlZti04Lw8NlepeQdtoYGR9mowIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLLMHGiOUWr6i7XGbrjbBtKO1DJYMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvc3N3Y2FJNVJhdnFMdGNadXVOc0cwbzdVTWxnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQADI8tioWJugEQ42nLkqxAd6Vdx6nT5zNtPI9E0
ffJ41c51RlNkDtl+7QPzdruShiyT9DIGjjiukKv4n73uPpcAjwY5UZbZKvSg6To9
d87R2CvoNYt90GsBxSW/rwDaPhkeYShVgSAP2nYf1FhS/xRU+E4eApuZU9lFgQdE
JVbjnjSRNr10eps3QTu10azj/EZ3akZElxQ5vCI6sNmyX1V2g4P7iUKN1QRJYwdf
7OTfY/q0NNtxcLaW8oVNxhf8k6+SlOimrmLDaT4AH1Yvy4JI+jLG+2K83SHz2gUf
MdpmHUHUyVQnijqdl62415idrtsjF6As9epiWBdcMcQ8WnWA
-----END CERTIFICATE-----