Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/_3swtCefveYwZMovOeZXllr31i4.roa
File:                     _3swtCefveYwZMovOeZXllr31i4.roa (raw, json)
Hash identifier:          nFadkNQONx0EZ0a70RD073DgpyU0gMaLe+ajpjA05V0=
Subject key identifier:   FF:7B:30:B4:27:9F:BD:E6:30:64:CA:2F:39:E6:57:96:5A:F7:D6:2E
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       019423D71F3543C65FFC9A5ED733478C1AAC
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/_3swtCefveYwZMovOeZXllr31i4.roa
Signing time:             Wed 01 Jan 2025 21:48:08 +0000
ROA not before:           Wed 01 Jan 2025 21:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204316
IP address blocks:        45.149.60.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:1f:35:43:c6:5f:fc:9a:5e:d7:33:47:8c:1a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jan  1 21:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff7b30b4279fbde63064ca2f39e657965af7d62e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:73:cb:e6:c4:33:95:ec:2f:d8:87:68:01:a0:
                    7e:47:05:8a:3a:b0:9c:75:58:fb:71:b8:0a:cb:58:
                    83:da:d5:31:4f:5e:2c:90:d2:74:78:2d:46:07:9e:
                    76:80:21:cb:09:38:79:b5:22:85:7d:7a:74:a2:2c:
                    7c:af:9a:15:02:77:be:6e:dc:6d:e6:ee:15:aa:13:
                    16:0a:00:09:d1:4a:2e:92:9e:2b:9e:08:b1:41:3f:
                    ac:2c:ff:d7:f9:7d:47:ec:1e:62:0f:47:c2:6b:77:
                    a5:16:d7:2a:d8:41:7d:21:1e:76:e4:52:dd:80:c7:
                    ec:82:c8:f3:48:d0:f5:78:d8:4e:bd:34:c1:46:a0:
                    95:87:78:9b:78:1c:60:4c:64:63:05:c3:b3:00:97:
                    a1:af:ab:88:59:81:60:f0:a6:20:2a:72:a6:17:f3:
                    c4:4b:26:1e:46:93:f7:a6:d7:10:9b:fd:88:eb:4f:
                    24:a8:60:6a:00:98:a9:cf:85:4b:cd:0d:1a:05:62:
                    52:c3:d2:a6:16:1a:3d:12:b5:07:0f:a2:fc:a8:49:
                    8a:b1:eb:0a:e7:f7:ac:7b:87:9b:3f:28:f0:e2:67:
                    8d:32:73:ab:e6:e5:6d:d5:e8:6a:58:4c:d4:6a:54:
                    30:5e:20:d5:fc:15:2e:2a:82:36:20:04:3b:ec:51:
                    08:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:7B:30:B4:27:9F:BD:E6:30:64:CA:2F:39:E6:57:96:5A:F7:D6:2E
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/_3swtCefveYwZMovOeZXllr31i4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:bf:47:3b:48:ff:62:a0:d6:07:e7:f2:e1:9b:92:e8:d5:96:
         2a:c8:1e:ac:47:c4:eb:67:c8:22:4e:04:40:05:85:20:f6:09:
         e9:43:69:7b:c6:da:7a:dc:ad:95:f4:b1:41:e8:fa:0a:ce:ec:
         fb:b5:4a:90:cb:00:4c:db:32:ae:71:ae:80:c4:7f:be:05:27:
         6d:11:ee:d4:64:27:ac:75:4d:a4:30:1f:78:38:2b:d5:3f:b8:
         3f:97:ae:85:c0:65:6b:a5:ba:a1:95:57:0d:b3:18:f5:54:78:
         6f:de:7d:f7:b9:45:20:5d:c1:15:b6:eb:c6:f3:9a:ce:f6:42:
         ef:7a:66:ef:da:91:b6:59:f5:fe:63:a9:c2:ed:a7:60:1a:10:
         0f:5c:4e:5a:43:14:e5:8d:b9:38:0d:65:7d:b4:8a:53:d5:ae:
         c4:31:15:e5:7a:31:dc:a0:b5:cd:04:27:d9:7a:95:9e:07:8b:
         7f:3d:e2:33:a7:9b:08:e8:70:cd:8f:cb:d1:38:fd:f9:23:03:
         82:91:9b:97:f8:cf:76:04:e2:3a:18:81:b8:46:bd:41:37:de:
         9f:f8:96:90:7d:0a:15:85:ff:3e:44:14:71:ad:4f:43:29:21:
         d1:95:71:85:d1:4e:a5:7d:21:0b:d1:ad:98:16:03:ae:bf:d4:
         e5:ce:a9:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1x81Q8Zf/Jpe1zNHjBqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjUwMTAxMjE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjdiMzBiNDI3OWZiZGU2MzA2NGNhMmYzOWU2NTc5NjVhZjdkNjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHPL5sQzlewv2IdoAaB+RwWKOrCc
dVj7cbgKy1iD2tUxT14skNJ0eC1GB552gCHLCTh5tSKFfXp0oix8r5oVAne+btxt
5u4VqhMWCgAJ0Uoukp4rngixQT+sLP/X+X1H7B5iD0fCa3elFtcq2EF9IR525FLd
gMfsgsjzSND1eNhOvTTBRqCVh3ibeBxgTGRjBcOzAJehr6uIWYFg8KYgKnKmF/PE
SyYeRpP3ptcQm/2I608kqGBqAJipz4VLzQ0aBWJSw9KmFho9ErUHD6L8qEmKsesK
5/ese4ebPyjw4meNMnOr5uVt1ehqWEzUalQwXiDV/BUuKoI2IAQ77FEIdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP97MLQnn73mMGTKLznmV5Za99YuMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvXzNzd3RDZWZ2ZVl3Wk1vdk9lWlhsbHIzMWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZU8MA0G
CSqGSIb3DQEBCwUAA4IBAQBrv0c7SP9ioNYH5/Lhm5Lo1ZYqyB6sR8TrZ8giTgRA
BYUg9gnpQ2l7xtp63K2V9LFB6PoKzuz7tUqQywBM2zKuca6AxH++BSdtEe7UZCes
dU2kMB94OCvVP7g/l66FwGVrpbqhlVcNsxj1VHhv3n33uUUgXcEVtuvG85rO9kLv
embv2pG2WfX+Y6nC7adgGhAPXE5aQxTljbk4DWV9tIpT1a7EMRXlejHcoLXNBCfZ
epWeB4t/PeIzp5sI6HDNj8vROP35IwOCkZuX+M92BOI6GIG4Rr1BN96f+JaQfQoV
hf8+RBRxrU9DKSHRlXGF0U6lfSEL0a2YFgOuv9Tlzqkx
-----END CERTIFICATE-----