Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/2709c7-8297-43cf-8d89-7a4a8546f9f7/1/SW7S7ENjk2XhNxzMSYkKNasvO_Y.roa
File:                     SW7S7ENjk2XhNxzMSYkKNasvO_Y.roa (raw, json)
Hash identifier:          tk06mqNFbwv2K0yWHbdVofsS7zLFbIqcL7o3Zrs1m08=
Subject key identifier:   49:6E:D2:EC:43:63:93:65:E1:37:1C:CC:49:89:0A:35:AB:2F:3B:F6
Certificate issuer:       /CN=d090785798cec6769f17cdd75cbfaaf2fc865ce6
Certificate serial:       018CC8014D4D95367B3F0B8EB59D9450B9C9
Authority key identifier: D0:90:78:57:98:CE:C6:76:9F:17:CD:D7:5C:BF:AA:F2:FC:86:5C:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0JB4V5jOxnafF83XXL-q8vyGXOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/2709c7-8297-43cf-8d89-7a4a8546f9f7/1/SW7S7ENjk2XhNxzMSYkKNasvO_Y.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200811
IP address blocks:        185.98.32.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/2709c7-8297-43cf-8d89-7a4a8546f9f7/1/0JB4V5jOxnafF83XXL-q8vyGXOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/2709c7-8297-43cf-8d89-7a4a8546f9f7/1/0JB4V5jOxnafF83XXL-q8vyGXOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0JB4V5jOxnafF83XXL-q8vyGXOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 10:03:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4d:4d:95:36:7b:3f:0b:8e:b5:9d:94:50:b9:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d090785798cec6769f17cdd75cbfaaf2fc865ce6
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=496ed2ec43639365e1371ccc49890a35ab2f3bf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:f8:b2:90:39:fb:33:fb:77:9c:30:19:14:0a:
                    11:45:06:06:f7:d7:77:13:ef:b3:c6:b1:2d:f7:5c:
                    7a:0c:e4:0a:0e:4f:1e:46:7b:45:ae:4a:f4:9e:64:
                    27:41:ed:a0:37:ab:e5:e0:9e:7f:bd:65:96:eb:05:
                    bb:9e:10:26:ef:d1:36:6c:7c:ff:82:1e:84:27:f8:
                    2c:12:6d:b1:41:55:66:95:6c:b4:ce:f2:01:f9:5b:
                    79:22:cf:8f:7b:b1:f1:10:50:b1:1d:20:8e:83:94:
                    28:a0:e5:1e:df:dd:6e:61:ca:a5:77:6f:65:f2:79:
                    17:0e:a0:28:a9:fa:87:c7:af:37:5f:b5:82:eb:01:
                    3f:ba:e6:95:01:06:ca:9b:4c:f7:0a:af:56:dc:24:
                    1a:ba:cc:32:3c:17:2c:cb:11:72:64:6f:05:02:3e:
                    70:31:e3:f5:05:51:aa:8f:74:76:91:46:58:42:7a:
                    e4:72:83:8d:16:81:7e:c6:8d:d3:04:6a:a6:18:60:
                    c1:4c:30:3f:28:6c:00:18:be:28:4c:49:dd:6f:88:
                    9c:7c:f7:14:7a:1c:a6:ac:78:97:dc:f6:63:ce:c8:
                    07:51:e4:dc:43:02:37:9e:19:79:ef:71:c2:91:e6:
                    d2:ee:5d:17:55:0a:d7:14:ba:02:0e:cb:05:69:31:
                    b2:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6E:D2:EC:43:63:93:65:E1:37:1C:CC:49:89:0A:35:AB:2F:3B:F6
            X509v3 Authority Key Identifier:
                keyid:D0:90:78:57:98:CE:C6:76:9F:17:CD:D7:5C:BF:AA:F2:FC:86:5C:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0JB4V5jOxnafF83XXL-q8vyGXOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/2709c7-8297-43cf-8d89-7a4a8546f9f7/1/SW7S7ENjk2XhNxzMSYkKNasvO_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/2709c7-8297-43cf-8d89-7a4a8546f9f7/1/0JB4V5jOxnafF83XXL-q8vyGXOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8d:33:b9:36:03:75:35:3a:cf:3c:dd:54:98:5f:9f:a7:c9:8d:
         18:78:f4:92:80:06:f7:07:2f:75:30:db:3e:e8:92:35:b6:8e:
         e5:72:2c:93:b1:6e:3a:2d:05:b3:8b:87:0c:0c:c3:a1:5c:3e:
         fd:a3:a6:27:4c:a9:e1:21:cd:a8:17:8a:0d:52:cb:93:c6:32:
         8a:47:b5:a5:c5:a0:c0:74:6c:00:e3:73:d2:5d:dc:e6:cf:b3:
         94:34:20:8c:4f:10:1c:3e:c2:55:4f:85:0c:61:80:06:25:22:
         cf:4a:34:d9:3e:fe:08:88:b1:a0:cb:9b:35:99:3b:78:1e:b4:
         65:57:73:05:de:36:51:bd:a9:4d:ee:bd:d2:63:c7:67:c7:15:
         97:52:33:30:12:1b:c1:47:76:18:c4:ee:54:95:cd:ea:db:10:
         b3:b2:93:f8:11:db:0a:b7:12:7e:8e:18:79:5d:6c:94:d9:11:
         28:23:68:16:11:7b:08:0e:8d:78:76:33:77:0b:0c:df:fc:54:
         7c:12:e8:a8:88:e9:90:4f:cd:99:90:48:f6:e6:2e:05:02:4a:
         cf:93:57:69:82:58:7c:96:aa:ce:8d:68:cf:a5:fc:1e:d5:f1:
         6d:19:1c:98:55:85:38:f8:91:9a:e1:09:6b:b2:7a:97:22:ca:
         1e:a9:c3:f8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAU1NlTZ7PwuOtZ2UULnJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwOTA3ODU3OThjZWM2NzY5ZjE3Y2RkNzVjYmZhYWYyZmM4
NjVjZTYwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTZlZDJlYzQzNjM5MzY1ZTEzNzFjY2M0OTg5MGEzNWFiMmYzYmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv/iykDn7M/t3nDAZFAoRRQYG99d3
E++zxrEt91x6DOQKDk8eRntFrkr0nmQnQe2gN6vl4J5/vWWW6wW7nhAm79E2bHz/
gh6EJ/gsEm2xQVVmlWy0zvIB+Vt5Is+Pe7HxEFCxHSCOg5QooOUe391uYcqld29l
8nkXDqAoqfqHx683X7WC6wE/uuaVAQbKm0z3Cq9W3CQauswyPBcsyxFyZG8FAj5w
MeP1BVGqj3R2kUZYQnrkcoONFoF+xo3TBGqmGGDBTDA/KGwAGL4oTEndb4icfPcU
ehymrHiX3PZjzsgHUeTcQwI3nhl573HCkebS7l0XVQrXFLoCDssFaTGyKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElu0uxDY5Nl4TcczEmJCjWrLzv2MB8GA1UdIwQY
MBaAFNCQeFeYzsZ2nxfN11y/qvL8hlzmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEpCNFY1ak94bmFmRjgzWFhMLXE4dnlHWE9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8yNzA5YzctODI5Ny00M2NmLThkODkt
N2E0YTg1NDZmOWY3LzEvU1c3UzdFTmprMlhoTnh6TVNZa0tOYXN2T19ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8yNzA5YzctODI5Ny00M2NmLThkODktN2E0YTg1NDZmOWY3
LzEvMEpCNFY1ak94bmFmRjgzWFhMLXE4dnlHWE9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWIgMA0G
CSqGSIb3DQEBCwUAA4IBAQCNM7k2A3U1Os883VSYX5+nyY0YePSSgAb3By91MNs+
6JI1to7lciyTsW46LQWzi4cMDMOhXD79o6YnTKnhIc2oF4oNUsuTxjKKR7WlxaDA
dGwA43PSXdzmz7OUNCCMTxAcPsJVT4UMYYAGJSLPSjTZPv4IiLGgy5s1mTt4HrRl
V3MF3jZRvalN7r3SY8dnxxWXUjMwEhvBR3YYxO5Ulc3q2xCzspP4EdsKtxJ+jhh5
XWyU2REoI2gWEXsIDo14djN3Cwzf/FR8EuioiOmQT82ZkEj25i4FAkrPk1dpglh8
lqrOjWjPpfwe1fFtGRyYVYU4+JGa4QlrsnqXIsoeqcP4
-----END CERTIFICATE-----