Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/sw7N6Cc4KE34r0NlHRhM__pW04Q.roa
File:                     sw7N6Cc4KE34r0NlHRhM__pW04Q.roa (raw, json)
Hash identifier:          a3o9j+EGRi8OiDBySmf5KPr+kdM9QxhWgxoKqcdAAlY=
Subject key identifier:   B3:0E:CD:E8:27:38:28:4D:F8:AF:43:65:1D:18:4C:FF:FA:56:D3:84
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       019320F075C841B59563E2C6DFE9C6785193
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/sw7N6Cc4KE34r0NlHRhM__pW04Q.roa
Signing time:             Tue 12 Nov 2024 15:14:09 +0000
ROA not before:           Tue 12 Nov 2024 15:14:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        46.8.200.0/24 maxlen: 24
                          46.8.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:20:f0:75:c8:41:b5:95:63:e2:c6:df:e9:c6:78:51:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Nov 12 15:14:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b30ecde82738284df8af43651d184cfffa56d384
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:40:72:ca:6f:78:2e:ec:b8:cb:d7:1a:c5:60:
                    be:5a:fe:d1:12:b0:ee:6b:9a:7d:7c:09:e4:f4:31:
                    a6:09:b1:4f:2c:41:37:f4:a1:41:99:b8:dc:86:29:
                    40:4b:9b:ee:dc:5b:5f:59:72:d1:20:91:7e:c9:aa:
                    f4:85:f6:69:5e:4c:10:2a:f2:0e:ad:78:a3:12:0f:
                    91:c5:56:35:14:18:f7:9a:b8:61:ae:87:59:91:0f:
                    8f:a1:9c:44:65:b7:a2:d4:79:48:76:a8:ed:9c:ec:
                    8d:52:de:9e:b7:61:ca:d8:2a:39:07:08:c9:0b:b7:
                    6c:38:48:85:d7:53:29:e0:cc:77:b6:c4:95:a1:0e:
                    37:7e:3e:7f:56:5d:10:64:fd:7b:18:e5:ea:d7:4f:
                    66:10:e2:8d:f3:c0:1a:36:7d:93:51:b1:8e:b9:a0:
                    04:78:e9:63:11:08:68:a0:69:d5:17:a7:05:a9:3b:
                    e7:b2:19:1f:51:5c:b3:fc:10:ac:04:15:d4:4d:64:
                    63:ba:8e:ee:cd:56:19:25:56:44:ab:c3:95:0f:6b:
                    98:73:af:78:28:43:67:f3:77:55:00:7c:55:7d:95:
                    56:55:d3:23:64:27:eb:9b:5d:00:35:95:86:dc:f1:
                    20:3c:9b:72:47:78:0e:b4:26:8f:62:ea:1f:b0:28:
                    f8:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:0E:CD:E8:27:38:28:4D:F8:AF:43:65:1D:18:4C:FF:FA:56:D3:84
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/sw7N6Cc4KE34r0NlHRhM__pW04Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:e1:35:98:a7:5e:07:a2:27:0d:32:de:c4:fa:41:81:7d:12:
         22:81:30:ef:b9:fb:b7:a1:d7:ac:2e:8f:d9:38:7d:5e:60:06:
         16:3a:34:d8:61:60:69:2f:f5:72:7d:1c:45:5d:21:70:98:c7:
         fd:da:89:36:fc:35:09:2f:5c:b1:c2:73:58:be:13:e5:9e:da:
         6f:7b:06:5f:53:44:79:52:35:13:bc:95:15:ce:4e:6c:6f:dc:
         c2:f3:ba:14:41:ab:2d:61:e4:a0:59:85:d7:16:dd:b4:08:ce:
         c0:2f:97:70:3c:f2:99:53:cb:b6:3d:fe:97:69:ca:26:ab:9c:
         15:7e:60:1a:85:24:a5:f5:05:75:5f:3a:0b:2b:9b:7b:a9:ba:
         16:e6:23:ce:d8:1d:2b:e1:54:31:e4:16:ff:e0:81:ba:7a:15:
         ba:60:41:9c:5c:58:32:57:08:e9:44:ce:cb:fc:4f:fe:9c:16:
         29:d4:e2:d8:90:bf:9b:b8:b9:22:27:8a:9c:1f:64:0a:75:1c:
         c4:e2:c5:8b:20:c8:02:c7:2b:f6:16:12:ce:ed:84:5f:8d:d2:
         8c:af:43:95:c6:50:85:5d:c2:4a:4c:07:de:3d:36:48:68:31:
         98:f1:8e:d7:8e:e2:eb:3b:93:78:5b:fa:84:67:32:3a:f3:b5:
         99:24:44:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMg8HXIQbWVY+LG3+nGeFGTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjQxMTEyMTUxNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzBlY2RlODI3MzgyODRkZjhhZjQzNjUxZDE4NGNmZmZhNTZkMzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5kByym94Luy4y9caxWC+Wv7RErDu
a5p9fAnk9DGmCbFPLEE39KFBmbjchilAS5vu3FtfWXLRIJF+yar0hfZpXkwQKvIO
rXijEg+RxVY1FBj3mrhhrodZkQ+PoZxEZbei1HlIdqjtnOyNUt6et2HK2Co5BwjJ
C7dsOEiF11Mp4Mx3tsSVoQ43fj5/Vl0QZP17GOXq109mEOKN88AaNn2TUbGOuaAE
eOljEQhooGnVF6cFqTvnshkfUVyz/BCsBBXUTWRjuo7uzVYZJVZEq8OVD2uYc694
KENn83dVAHxVfZVWVdMjZCfrm10ANZWG3PEgPJtyR3gOtCaPYuofsCj4xwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLMOzegnOChN+K9DZR0YTP/6VtOEMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvc3c3TjZDYzRLRTM0cjBObEhSaE1fX3BXMDRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgjIMA0G
CSqGSIb3DQEBCwUAA4IBAQBU4TWYp14HoicNMt7E+kGBfRIigTDvufu3odesLo/Z
OH1eYAYWOjTYYWBpL/VyfRxFXSFwmMf92ok2/DUJL1yxwnNYvhPlntpvewZfU0R5
UjUTvJUVzk5sb9zC87oUQastYeSgWYXXFt20CM7AL5dwPPKZU8u2Pf6Xacomq5wV
fmAahSSl9QV1XzoLK5t7qboW5iPO2B0r4VQx5Bb/4IG6ehW6YEGcXFgyVwjpRM7L
/E/+nBYp1OLYkL+buLkiJ4qcH2QKdRzE4sWLIMgCxyv2FhLO7YRfjdKMr0OVxlCF
XcJKTAfePTZIaDGY8Y7XjuLrO5N4W/qEZzI687WZJERe
-----END CERTIFICATE-----