Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/swkp8BJeTIPDuCpHGrK2bZ6uRos.roa
File:                     swkp8BJeTIPDuCpHGrK2bZ6uRos.roa (raw, json)
Hash identifier:          NcP+qC+1MZGl732vW9/gBGJ0zMkfsHzvh0rjWcHB3iA=
Subject key identifier:   B3:09:29:F0:12:5E:4C:83:C3:B8:2A:47:1A:B2:B6:6D:9E:AE:46:8B
Certificate issuer:       /CN=05bfdbb6a4b1663369da407db97b021f73284a28
Certificate serial:       018F4D7FDE5E71F5963369404F29CC185199
Authority key identifier: 05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/swkp8BJeTIPDuCpHGrK2bZ6uRos.roa
Signing time:             Mon 06 May 2024 10:42:56 +0000
ROA not before:           Mon 06 May 2024 10:42:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215000
IP address blocks:        78.110.171.0/24 maxlen: 24
                          78.157.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4d:7f:de:5e:71:f5:96:33:69:40:4f:29:cc:18:51:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05bfdbb6a4b1663369da407db97b021f73284a28
        Validity
            Not Before: May  6 10:42:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b30929f0125e4c83c3b82a471ab2b66d9eae468b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:64:87:32:40:d0:6e:16:59:17:cc:e5:58:c4:
                    37:a4:3c:65:65:30:58:3e:b9:d7:50:b2:4a:73:92:
                    c3:4b:a8:85:47:5e:33:e8:28:47:dd:1b:33:cf:ed:
                    0e:0f:f9:d5:ab:7a:b3:a6:93:65:a1:6b:35:0d:7e:
                    45:97:ab:78:7c:7e:30:aa:3f:48:2e:a5:f5:71:b7:
                    43:d3:55:f5:df:66:d0:82:3a:19:ac:61:79:0c:73:
                    00:da:45:e4:82:3b:4b:9c:d6:7a:84:3f:41:06:94:
                    64:cd:94:00:26:36:10:25:96:ac:69:1c:f6:22:cd:
                    d5:ff:79:09:a4:93:fa:a7:58:92:f5:b5:64:00:8d:
                    7a:88:d0:45:da:8d:52:7a:27:a6:36:03:29:d6:44:
                    45:06:45:1e:0f:53:58:e4:be:1b:28:d5:4c:24:fd:
                    f0:8e:b8:b2:77:30:a5:55:06:0b:4f:ec:a5:e0:43:
                    c1:0f:fd:91:de:62:78:c8:77:94:33:8b:a9:b6:2e:
                    83:ab:31:74:67:ee:49:f6:cf:01:0e:22:d8:20:52:
                    bb:1d:b0:85:84:bd:44:60:b9:a9:bd:98:bb:a0:e9:
                    64:a4:ac:b2:04:9a:84:ce:3c:99:20:ba:4e:95:57:
                    d2:bf:5e:7b:65:52:cd:35:00:2f:ed:0f:9e:82:f5:
                    77:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:09:29:F0:12:5E:4C:83:C3:B8:2A:47:1A:B2:B6:6D:9E:AE:46:8B
            X509v3 Authority Key Identifier:
                keyid:05:BF:DB:B6:A4:B1:66:33:69:DA:40:7D:B9:7B:02:1F:73:28:4A:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Bb_btqSxZjNp2kB9uXsCH3MoSig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/swkp8BJeTIPDuCpHGrK2bZ6uRos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/460c00-3e95-4274-bc9c-060dacfebe0f/1/Bb_btqSxZjNp2kB9uXsCH3MoSig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.110.171.0/24
                  78.157.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:ee:99:35:2c:5c:82:b0:1b:8d:43:62:0f:0d:f9:2e:af:90:
         46:af:49:df:23:a6:c6:66:ae:e2:c5:eb:96:d4:b4:3b:ca:d1:
         79:35:05:f4:46:6a:48:84:c5:73:66:f0:30:92:7a:77:06:68:
         c9:c2:0a:2c:a6:d9:3d:92:75:c7:df:b5:4c:a5:86:05:78:06:
         1f:80:fa:e9:97:3f:5b:b3:6e:67:7e:55:c3:27:35:dd:12:bd:
         ca:a8:ed:2e:29:c7:ae:c7:ed:61:9e:2e:51:b3:e9:d1:c5:9d:
         40:62:4c:dc:fb:f8:74:94:c9:06:5e:87:2f:1e:eb:3d:3f:44:
         6f:22:06:f6:0a:df:52:df:8b:93:d8:f9:fa:53:86:69:d6:75:
         c6:32:3e:00:ef:77:25:75:b6:91:c1:b6:93:74:c6:18:90:16:
         aa:8e:da:c7:ec:51:2b:58:bf:da:6d:39:ce:a1:63:53:91:ac:
         ee:3d:64:67:e6:fb:48:06:30:7d:01:58:33:b7:80:44:48:ae:
         96:0d:6b:67:3a:02:f8:c0:33:33:71:61:e0:c6:c0:be:fb:63:
         fc:62:f9:94:30:40:0c:e4:8d:35:bb:29:88:c8:d9:fa:cc:8e:
         99:8a:2f:f5:4c:1d:e7:ac:27:49:aa:e1:46:96:6f:db:33:15:
         a7:16:fe:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9Nf95ecfWWM2lATynMGFGZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YmZkYmI2YTRiMTY2MzM2OWRhNDA3ZGI5N2IwMjFmNzMy
ODRhMjgwHhcNMjQwNTA2MTA0MjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzA5MjlmMDEyNWU0YzgzYzNiODJhNDcxYWIyYjY2ZDllYWU0NjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGSHMkDQbhZZF8zlWMQ3pDxlZTBY
PrnXULJKc5LDS6iFR14z6ChH3Rszz+0OD/nVq3qzppNloWs1DX5Fl6t4fH4wqj9I
LqX1cbdD01X132bQgjoZrGF5DHMA2kXkgjtLnNZ6hD9BBpRkzZQAJjYQJZasaRz2
Is3V/3kJpJP6p1iS9bVkAI16iNBF2o1SeiemNgMp1kRFBkUeD1NY5L4bKNVMJP3w
jriydzClVQYLT+yl4EPBD/2R3mJ4yHeUM4upti6DqzF0Z+5J9s8BDiLYIFK7HbCF
hL1EYLmpvZi7oOlkpKyyBJqEzjyZILpOlVfSv157ZVLNNQAv7Q+egvV3JwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLMJKfASXkyDw7gqRxqytm2erkaLMB8GA1UdIwQY
MBaAFAW/27aksWYzadpAfbl7Ah9zKEooMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMt
MDYwZGFjZmViZTBmLzEvc3drcDhCSmVUSVBEdUNwSEdySzJiWjZ1Um9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi80NjBjMDAtM2U5NS00Mjc0LWJjOWMtMDYwZGFjZmViZTBm
LzEvQmJfYnRxU3haak5wMmtCOXVYc0NIM01vU2lnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATm6rAwQA
Tp3NMA0GCSqGSIb3DQEBCwUAA4IBAQA57pk1LFyCsBuNQ2IPDfkur5BGr0nfI6bG
Zq7ixeuW1LQ7ytF5NQX0RmpIhMVzZvAwknp3BmjJwgosptk9knXH37VMpYYFeAYf
gPrplz9bs25nflXDJzXdEr3KqO0uKceux+1hni5Rs+nRxZ1AYkzc+/h0lMkGXocv
Hus9P0RvIgb2Ct9S34uT2Pn6U4Zp1nXGMj4A73cldbaRwbaTdMYYkBaqjtrH7FEr
WL/abTnOoWNTkazuPWRn5vtIBjB9AVgzt4BESK6WDWtnOgL4wDMzcWHgxsC++2P8
YvmUMEAM5I01uymIyNn6zI6Zii/1TB3nrCdJquFGlm/bMxWnFv5H
-----END CERTIFICATE-----