Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/skwwLakYgia163942_1PcvI2KGM.roa
File:                     skwwLakYgia163942_1PcvI2KGM.roa (raw, json)
Hash identifier:          RjC50vXYyJh6b6nwgCbvXjKOTFm1vHWVMG4k+WUjU5Q=
Subject key identifier:   B2:4C:30:2D:A9:18:82:26:B5:EB:7F:78:DB:FD:4F:72:F2:36:28:63
Certificate issuer:       /CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
Certificate serial:       019420D646DC1D951DC4B946CAE2A0D7EDDF
Authority key identifier: AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/skwwLakYgia163942_1PcvI2KGM.roa
Signing time:             Wed 01 Jan 2025 07:48:21 +0000
ROA not before:           Wed 01 Jan 2025 07:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49243
IP address blocks:        86.57.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:46:dc:1d:95:1d:c4:b9:46:ca:e2:a0:d7:ed:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab882cd6d196ae1f96872acae78321be7a92b8eb
        Validity
            Not Before: Jan  1 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b24c302da9188226b5eb7f78dbfd4f72f2362863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:f8:96:f1:f4:a6:a6:3f:23:65:81:da:ba:9c:
                    01:3d:fc:df:39:08:01:93:b9:5b:c2:ef:49:74:66:
                    12:9d:86:57:4f:f6:29:cf:eb:82:83:c6:6e:a4:6c:
                    2c:6b:e7:b3:db:12:14:5a:4a:99:30:8c:0e:ca:73:
                    00:cf:c8:ef:0d:db:95:c1:c4:0d:9c:8d:bd:8d:ad:
                    6c:57:ff:c9:2d:37:15:4a:ae:20:3b:99:93:a7:ea:
                    17:52:b3:11:9f:8a:1f:10:ae:58:af:5c:52:35:f6:
                    e7:8e:06:1b:df:d1:2b:9f:d8:e0:eb:f9:f6:0a:fb:
                    aa:90:e5:9e:cc:45:60:ae:fb:de:aa:5a:6c:73:55:
                    8c:74:52:6d:7e:11:c6:93:f2:3f:36:83:dd:5f:29:
                    ff:05:d0:75:08:44:dc:1d:ba:fb:4c:c7:4c:d8:8b:
                    69:a5:e1:b1:3a:c0:b0:38:9f:d7:58:53:2f:d2:b7:
                    6e:74:52:1d:37:47:80:2d:e3:05:02:a9:b1:e3:fc:
                    cc:13:5f:1c:00:d0:b5:ca:2f:88:1c:62:d9:19:d0:
                    66:c2:5e:4b:7a:c6:41:ce:0a:b6:0a:a0:2f:11:2c:
                    de:02:a9:aa:dc:60:3b:db:0d:fd:b8:45:e7:8a:ce:
                    82:8d:dc:32:09:f3:a5:38:8a:34:22:a5:c3:08:54:
                    2c:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4C:30:2D:A9:18:82:26:B5:EB:7F:78:DB:FD:4F:72:F2:36:28:63
            X509v3 Authority Key Identifier:
                keyid:AB:88:2C:D6:D1:96:AE:1F:96:87:2A:CA:E7:83:21:BE:7A:92:B8:EB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q4gs1tGWrh-WhyrK54MhvnqSuOs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/skwwLakYgia163942_1PcvI2KGM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4b6cc9-09d3-4678-b0a7-950c180596d0/1/q4gs1tGWrh-WhyrK54MhvnqSuOs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.57.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         24:25:b3:e2:46:33:fa:71:a1:cf:51:d0:51:52:29:58:73:d6:
         09:0f:d8:97:19:f6:e5:dd:4e:f6:5d:10:02:c2:42:c0:24:91:
         f1:9a:f1:81:1c:c1:68:5b:90:10:c8:86:3c:d4:14:50:ba:6e:
         99:5a:37:c4:0c:aa:5c:88:d9:78:aa:a9:39:67:0c:68:ec:9f:
         ef:dd:2e:5c:57:33:86:38:43:1d:41:87:92:ba:9b:3f:e7:cb:
         45:29:23:3d:55:af:e2:8b:0b:8e:c1:e9:a2:2f:16:6d:74:35:
         bf:bc:97:9b:a2:54:dc:62:f6:de:4a:e7:41:29:2c:3f:8b:e0:
         2c:47:17:6c:2c:74:53:70:f0:ac:15:c9:a4:00:5e:23:81:24:
         01:d2:2b:09:04:22:26:07:90:bb:30:fe:95:6e:bb:cc:57:48:
         79:5b:36:73:8f:05:6a:50:1b:77:a3:e9:77:f9:e1:d0:38:0e:
         a4:b9:56:24:17:b2:01:72:da:f9:71:38:29:ad:e5:1a:c9:f0:
         e6:e6:f6:77:12:ff:46:05:10:80:28:b2:fc:b1:cd:72:67:b2:
         2b:ac:73:6c:f2:5a:c9:9c:2d:39:0d:1f:d9:f9:fa:15:92:e9:
         49:26:e9:06:41:c6:28:66:63:e0:81:d8:c4:da:61:12:5e:2d:
         bb:ec:63:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1kbcHZUdxLlGyuKg1+3fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiODgyY2Q2ZDE5NmFlMWY5Njg3MmFjYWU3ODMyMWJlN2E5
MmI4ZWIwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjRjMzAyZGE5MTg4MjI2YjVlYjdmNzhkYmZkNGY3MmYyMzYyODYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsviW8fSmpj8jZYHaupwBPfzfOQgB
k7lbwu9JdGYSnYZXT/Ypz+uCg8ZupGwsa+ez2xIUWkqZMIwOynMAz8jvDduVwcQN
nI29ja1sV//JLTcVSq4gO5mTp+oXUrMRn4ofEK5Yr1xSNfbnjgYb39Ern9jg6/n2
CvuqkOWezEVgrvveqlpsc1WMdFJtfhHGk/I/NoPdXyn/BdB1CETcHbr7TMdM2Itp
peGxOsCwOJ/XWFMv0rdudFIdN0eALeMFAqmx4/zME18cANC1yi+IHGLZGdBmwl5L
esZBzgq2CqAvESzeAqmq3GA72w39uEXnis6CjdwyCfOlOIo0IqXDCFQsvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJMMC2pGIImtet/eNv9T3LyNihjMB8GA1UdIwQY
MBaAFKuILNbRlq4flocqyueDIb56krjrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTct
OTUwYzE4MDU5NmQwLzEvc2t3d0xha1lnaWExNjM5NDJfMVBjdkkyS0dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80YjZjYzktMDlkMy00Njc4LWIwYTctOTUwYzE4MDU5NmQw
LzEvcTRnczF0R1dyaC1XaHlySzU0TWh2bnFTdU9zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQHVjmAMA0G
CSqGSIb3DQEBCwUAA4IBAQAkJbPiRjP6caHPUdBRUilYc9YJD9iXGfbl3U72XRAC
wkLAJJHxmvGBHMFoW5AQyIY81BRQum6ZWjfEDKpciNl4qqk5Zwxo7J/v3S5cVzOG
OEMdQYeSups/58tFKSM9Va/iiwuOwemiLxZtdDW/vJebolTcYvbeSudBKSw/i+As
RxdsLHRTcPCsFcmkAF4jgSQB0isJBCImB5C7MP6VbrvMV0h5WzZzjwVqUBt3o+l3
+eHQOA6kuVYkF7IBctr5cTgpreUayfDm5vZ3Ev9GBRCAKLL8sc1yZ7IrrHNs8lrJ
nC05DR/Z+foVkulJJukGQcYoZmPggdjE2mESXi277GO4
-----END CERTIFICATE-----