Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/swwra1nx7wn7hhzgGoT3z6Zd6kA.roa
File:                     swwra1nx7wn7hhzgGoT3z6Zd6kA.roa (raw, json)
Hash identifier:          GEPsPO+Cf7bhhxb485nD8biwlrt0OEtqjHIhm+n+z9w=
Subject key identifier:   B3:0C:2B:6B:59:F1:EF:09:FB:86:1C:E0:1A:84:F7:CF:A6:5D:EA:40
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       0197371F771DBC30FA3E579FBAE81D60E970
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/swwra1nx7wn7hhzgGoT3z6Zd6kA.roa
Signing time:             Tue 03 Jun 2025 18:48:18 +0000
ROA not before:           Tue 03 Jun 2025 18:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215819
IP address blocks:        2a14:6ac6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:37:1f:77:1d:bc:30:fa:3e:57:9f:ba:e8:1d:60:e9:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jun  3 18:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b30c2b6b59f1ef09fb861ce01a84f7cfa65dea40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:9f:b0:59:65:c1:13:a7:7c:7d:f8:8b:d0:8f:
                    39:01:6e:27:05:2e:41:75:cd:51:e2:cc:4d:86:2e:
                    48:31:b0:05:5d:3e:60:8a:5c:c7:70:b8:1a:66:0e:
                    b0:2c:05:04:8f:ef:1a:33:c6:87:3a:dd:5d:37:36:
                    0b:9e:5d:2d:ed:3d:41:cf:d4:6e:d7:be:d0:ee:2a:
                    10:93:77:42:81:07:1d:f2:80:62:66:50:21:99:af:
                    d9:6b:af:4c:9d:ca:21:de:04:43:6b:65:00:3e:05:
                    99:66:91:1a:94:31:03:d2:78:83:9a:b6:5e:a6:12:
                    3c:28:a1:3e:91:02:2a:b6:16:87:5f:a1:be:c6:9c:
                    68:a4:7d:12:25:40:a0:a0:e4:e7:2c:11:b6:b1:60:
                    aa:c5:c3:13:86:5e:02:e4:15:d6:c8:31:05:1a:ce:
                    37:03:95:2e:71:5f:91:5c:39:1f:2e:d2:4b:e8:45:
                    75:44:54:c9:90:0e:41:da:af:43:16:db:a4:2b:a7:
                    5e:c2:4c:7e:ef:30:c5:a3:68:bc:99:5a:fe:af:89:
                    10:36:ba:71:7d:8d:99:d9:0c:f5:fb:cd:24:18:79:
                    7a:5a:cb:3c:f4:f2:93:4d:be:b5:62:d2:3a:f6:bc:
                    9f:37:61:00:07:0b:89:2b:41:2b:eb:57:de:e8:44:
                    fd:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:0C:2B:6B:59:F1:EF:09:FB:86:1C:E0:1A:84:F7:CF:A6:5D:EA:40
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/swwra1nx7wn7hhzgGoT3z6Zd6kA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6ac6::/32

    Signature Algorithm: sha256WithRSAEncryption
         0f:55:fe:54:03:9b:89:c3:0b:ca:6a:4b:62:f0:90:cc:5d:1b:
         32:a3:00:d3:e4:15:26:4e:bb:a9:cb:ca:6d:b8:3a:e9:d3:b6:
         57:94:3a:3b:a2:7b:14:bf:04:49:83:9b:4d:f4:ae:58:71:ac:
         1c:07:f3:93:4a:20:17:ad:a2:00:07:be:80:c7:07:5c:9c:18:
         bb:b9:69:ce:a3:12:5b:77:ac:97:54:a4:8b:75:61:4e:fe:0f:
         a8:c3:18:65:23:4f:a8:f3:36:03:f3:9c:d3:ef:78:ef:5f:58:
         c5:f3:a2:24:d3:f1:2b:af:c2:65:ed:cc:7a:6b:3e:fc:ee:10:
         70:fe:34:b9:3a:dd:1e:da:26:88:c9:3b:b8:62:07:5e:39:02:
         12:ec:07:f7:f6:1c:d9:97:30:c3:29:bd:43:6f:ec:d8:11:82:
         e3:f1:65:d2:0c:33:92:a3:77:db:74:c0:33:ee:77:fe:d9:99:
         f6:1c:95:66:00:35:81:89:93:a7:84:d8:38:82:28:31:9f:c0:
         2d:dd:41:9d:53:d2:00:c0:46:3b:74:4c:ed:44:8a:af:70:1b:
         21:90:8c:91:d3:fb:ab:34:73:29:9f:80:ea:21:30:79:01:bf:
         1e:6b:e3:41:71:f4:10:93:f6:5d:6c:85:75:38:b5:52:dc:dd:
         34:de:40:43
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZc3H3cdvDD6PlefuugdYOlwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwNjAzMTg0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzBjMmI2YjU5ZjFlZjA5ZmI4NjFjZTAxYTg0ZjdjZmE2NWRlYTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJ+wWWXBE6d8ffiL0I85AW4nBS5B
dc1R4sxNhi5IMbAFXT5gilzHcLgaZg6wLAUEj+8aM8aHOt1dNzYLnl0t7T1Bz9Ru
177Q7ioQk3dCgQcd8oBiZlAhma/Za69Mncoh3gRDa2UAPgWZZpEalDED0niDmrZe
phI8KKE+kQIqthaHX6G+xpxopH0SJUCgoOTnLBG2sWCqxcMThl4C5BXWyDEFGs43
A5UucV+RXDkfLtJL6EV1RFTJkA5B2q9DFtukK6dewkx+7zDFo2i8mVr+r4kQNrpx
fY2Z2Qz1+80kGHl6Wss89PKTTb61YtI69ryfN2EABwuJK0Er61fe6ET98wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLMMK2tZ8e8J+4Yc4BqE98+mXepAMB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvc3d3cmExbng3d243aGh6Z0dvVDN6NlpkNmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRqxjAN
BgkqhkiG9w0BAQsFAAOCAQEAD1X+VAObicMLympLYvCQzF0bMqMA0+QVJk67qcvK
bbg66dO2V5Q6O6J7FL8ESYObTfSuWHGsHAfzk0ogF62iAAe+gMcHXJwYu7lpzqMS
W3esl1Ski3VhTv4PqMMYZSNPqPM2A/Oc0+94719YxfOiJNPxK6/CZe3Mems+/O4Q
cP40uTrdHtomiMk7uGIHXjkCEuwH9/Yc2Zcwwym9Q2/s2BGC4/Fl0gwzkqN323TA
M+53/tmZ9hyVZgA1gYmTp4TYOIIoMZ/ALd1BnVPSAMBGO3RM7USKr3AbIZCMkdP7
qzRzKZ+A6iEweQG/HmvjQXH0EJP2XWyFdTi1UtzdNN5AQw==
-----END CERTIFICATE-----