Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/SWvPsbF_qnaaT1iFon7j7Hd0jkM.roa
File:                     SWvPsbF_qnaaT1iFon7j7Hd0jkM.roa (raw, json)
Hash identifier:          o9qeQDFa1KnXPrXD5/DHYMApo73X6nuJGnc7f1/gwqg=
Subject key identifier:   49:6B:CF:B1:B1:7F:AA:76:9A:4F:58:85:A2:7E:E3:EC:77:74:8E:43
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       018CC3B6DD900ED3AD802D7AAF4D3C0B91F5
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/SWvPsbF_qnaaT1iFon7j7Hd0jkM.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142111
IP address blocks:        194.50.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dd:90:0e:d3:ad:80:2d:7a:af:4d:3c:0b:91:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=496bcfb1b17faa769a4f5885a27ee3ec77748e43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:95:03:94:1c:09:62:93:78:2b:7c:e0:e7:95:
                    3b:c5:80:41:07:0d:09:05:32:e0:73:f4:86:a2:09:
                    15:c6:db:9b:80:01:fc:1e:ec:d7:37:89:43:13:05:
                    04:96:12:ac:eb:f8:3f:44:3e:2d:82:94:e7:7f:56:
                    57:83:5d:33:ad:50:46:45:3a:2a:23:c2:c0:98:8f:
                    cf:e0:67:3a:46:34:6d:03:fc:17:f0:63:b9:ae:b8:
                    dc:bf:85:b8:36:07:c6:17:07:7e:17:b1:21:0e:9f:
                    ca:7b:24:8a:03:b2:59:96:1a:63:d5:82:9b:34:c0:
                    e2:ba:af:1c:da:2e:27:f7:db:24:fb:c8:ee:f4:32:
                    50:35:15:15:3d:93:5f:15:0c:88:11:ac:84:51:65:
                    83:be:82:57:9d:c5:9b:fb:ee:33:da:08:47:c5:d2:
                    37:44:df:0c:21:dc:05:fc:03:ae:f7:b4:9f:f7:13:
                    e8:ae:46:23:b9:b2:f3:6b:8d:e7:17:9d:80:83:76:
                    c2:5c:bb:fd:db:6c:24:28:ec:f6:de:32:af:74:79:
                    d6:c4:ab:29:89:e5:e2:e7:6f:b6:b9:50:93:77:2a:
                    72:cc:51:ee:f2:4a:12:42:2f:62:04:eb:c5:62:f0:
                    dc:c8:16:e8:f5:96:9b:06:9e:28:9c:fd:a4:5e:1a:
                    57:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6B:CF:B1:B1:7F:AA:76:9A:4F:58:85:A2:7E:E3:EC:77:74:8E:43
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/SWvPsbF_qnaaT1iFon7j7Hd0jkM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.50.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:05:72:6d:6e:6b:1b:b4:ce:dd:8e:97:77:f1:92:14:2f:85:
         8a:22:8d:54:71:57:1a:85:53:9f:9c:c8:1a:fa:73:1c:4b:1d:
         71:25:d4:6f:f8:60:b6:2c:b2:30:88:56:6d:ba:db:c0:fc:4d:
         a5:56:10:14:02:33:96:b2:5c:87:a6:48:be:c3:16:d8:19:d6:
         c4:b8:ea:e7:00:6f:47:33:13:64:05:e5:76:ca:f1:34:93:7e:
         e0:30:cb:d2:aa:72:91:d7:e7:3a:b1:69:98:96:5b:98:1a:9d:
         cd:d7:5d:09:4e:1c:aa:83:8e:7f:2d:c9:9e:86:56:60:7a:47:
         fe:ab:5a:33:0e:98:6f:a3:44:4d:0e:fc:a2:f0:63:e2:0d:f3:
         f3:d3:6f:88:ac:ca:53:26:26:92:82:32:91:c3:09:c6:c7:f9:
         d8:26:78:ab:6d:63:96:84:eb:7d:9b:85:0b:0f:00:d6:b5:7d:
         4d:dc:74:39:81:d8:05:c1:b2:60:97:fd:c7:ed:23:14:84:de:
         9e:c6:7d:dc:93:0a:c7:cf:70:ec:c0:e6:c6:b3:9b:46:bf:aa:
         d3:38:3d:de:92:a4:f9:2d:f5:ec:c1:74:75:ce:54:be:6a:c6:
         37:0c:0a:a3:5e:ff:4e:ec:57:43:32:8b:1a:ad:64:2a:71:b9:
         0d:88:0d:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt2QDtOtgC16r008C5H1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTZiY2ZiMWIxN2ZhYTc2OWE0ZjU4ODVhMjdlZTNlYzc3NzQ4ZTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZUDlBwJYpN4K3zg55U7xYBBBw0J
BTLgc/SGogkVxtubgAH8HuzXN4lDEwUElhKs6/g/RD4tgpTnf1ZXg10zrVBGRToq
I8LAmI/P4Gc6RjRtA/wX8GO5rrjcv4W4NgfGFwd+F7EhDp/KeySKA7JZlhpj1YKb
NMDiuq8c2i4n99sk+8ju9DJQNRUVPZNfFQyIEayEUWWDvoJXncWb++4z2ghHxdI3
RN8MIdwF/AOu97Sf9xPorkYjubLza43nF52Ag3bCXLv922wkKOz23jKvdHnWxKsp
ieXi52+2uVCTdypyzFHu8koSQi9iBOvFYvDcyBbo9ZabBp4onP2kXhpXEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElrz7Gxf6p2mk9YhaJ+4+x3dI5DMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvU1d2UHNiRl9xbmFhVDFpRm9uN2o3SGQwamtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjIBMA0G
CSqGSIb3DQEBCwUAA4IBAQCZBXJtbmsbtM7djpd38ZIUL4WKIo1UcVcahVOfnMga
+nMcSx1xJdRv+GC2LLIwiFZtutvA/E2lVhAUAjOWslyHpki+wxbYGdbEuOrnAG9H
MxNkBeV2yvE0k37gMMvSqnKR1+c6sWmYlluYGp3N110JThyqg45/LcmehlZgekf+
q1ozDphvo0RNDvyi8GPiDfPz02+IrMpTJiaSgjKRwwnGx/nYJnirbWOWhOt9m4UL
DwDWtX1N3HQ5gdgFwbJgl/3H7SMUhN6exn3ckwrHz3DswObGs5tGv6rTOD3ekqT5
LfXswXR1zlS+asY3DAqjXv9O7FdDMosarWQqcbkNiA1G
-----END CERTIFICATE-----