Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/SWDlQizrCKbN-7xB9jB3GLLzGIk.roa
File:                     SWDlQizrCKbN-7xB9jB3GLLzGIk.roa (raw, json)
Hash identifier:          gTRtJctIFjbtB1YMNoAOD5fkt0wVrsTzl10YNug70o0=
Subject key identifier:   49:60:E5:42:2C:EB:08:A6:CD:FB:BC:41:F6:30:77:18:B2:F3:18:89
Certificate issuer:       /CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
Certificate serial:       018E41236EFF56F186CB43B01EFE7A89F626
Authority key identifier: 2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/SWDlQizrCKbN-7xB9jB3GLLzGIk.roa
Signing time:             Fri 15 Mar 2024 08:03:44 +0000
ROA not before:           Fri 15 Mar 2024 08:03:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20956
IP address blocks:        128.140.186.0/23 maxlen: 23
                          128.140.186.0/24 maxlen: 24
                          128.140.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 20:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:41:23:6e:ff:56:f1:86:cb:43:b0:1e:fe:7a:89:f6:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e5664e02936cb5b5454d595c5382b7e7a0c7944
        Validity
            Not Before: Mar 15 08:03:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4960e5422ceb08a6cdfbbc41f6307718b2f31889
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:12:e4:1a:dc:32:b4:0e:d7:42:e1:10:58:5c:
                    81:63:7b:65:0a:4f:17:8d:84:b6:b3:ac:94:12:69:
                    0e:80:a2:22:84:26:07:06:0d:d7:6d:15:77:cf:14:
                    79:23:d1:d3:9a:58:aa:7f:ee:a2:5e:49:e2:58:34:
                    c8:94:7f:44:15:bf:51:fb:e9:1a:8b:75:ed:c0:4e:
                    6a:9d:2f:3c:db:da:42:a6:60:c3:1c:88:dd:33:95:
                    dc:65:e9:a8:bf:6d:52:12:62:2f:03:6d:21:e4:06:
                    af:fc:a5:e9:f3:42:2c:6d:d1:e9:39:dd:b5:c2:01:
                    23:f9:31:ba:d4:b2:65:ab:e4:12:8d:e5:0d:41:df:
                    de:67:65:af:95:16:eb:23:47:40:d0:77:4e:18:ff:
                    b7:44:b8:ed:57:5e:03:95:df:fa:29:58:89:f1:72:
                    6e:9f:33:c3:02:d6:6e:e1:86:c9:0c:60:fb:d0:a4:
                    8c:32:89:ce:2d:d5:53:5a:9e:18:27:23:86:c2:58:
                    3a:93:7c:17:a6:11:e4:2e:c1:15:21:22:51:a8:a4:
                    42:28:97:15:57:5d:20:41:78:64:40:e6:6c:93:e4:
                    8a:82:94:fb:51:db:3e:aa:9c:2b:1e:55:72:af:e2:
                    81:9e:bf:ac:97:91:01:47:c5:08:da:05:18:e2:39:
                    64:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:60:E5:42:2C:EB:08:A6:CD:FB:BC:41:F6:30:77:18:B2:F3:18:89
            X509v3 Authority Key Identifier:
                keyid:2E:56:64:E0:29:36:CB:5B:54:54:D5:95:C5:38:2B:7E:7A:0C:79:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/SWDlQizrCKbN-7xB9jB3GLLzGIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/27c919-ccce-46a9-84b3-ef81fca63029/1/LlZk4Ck2y1tUVNWVxTgrfnoMeUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.140.186.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:89:32:06:aa:4d:51:5d:45:1c:e8:21:aa:2c:2d:b4:7b:96:
         0a:23:33:39:4f:37:d9:b0:3a:df:22:31:5a:24:32:d6:4e:f8:
         d7:e9:39:23:69:2c:dd:be:cd:10:90:7a:f8:c0:2e:c4:39:ae:
         42:ac:75:d9:50:74:71:7a:f1:44:a6:65:fc:5d:22:ba:87:91:
         06:1c:67:6e:97:bd:5f:a4:e4:a4:9d:e7:3d:e6:af:b1:d1:a6:
         9a:29:a5:cb:18:06:39:bd:56:67:cd:1d:f3:0f:99:a3:0c:be:
         75:2d:6e:e7:20:29:59:57:c8:97:72:f3:1f:15:f4:b7:e2:ba:
         03:fc:66:0b:7e:6f:03:9b:06:bd:d7:53:1e:28:35:84:33:c6:
         6d:3c:0a:8a:fa:ad:24:14:46:0d:10:fa:aa:e9:38:52:2c:2b:
         1c:fb:49:95:49:c8:75:23:69:14:03:b5:34:11:77:11:f8:b6:
         6a:a4:39:cf:19:96:54:6a:12:7a:5e:2f:d3:ba:54:d2:0c:0e:
         c1:7c:a6:29:b4:76:0a:3c:9b:1c:2f:54:ba:17:41:4a:34:37:
         a2:21:53:1f:33:3e:e6:4a:3f:0f:d4:8f:1b:b4:ef:d5:db:30:
         ac:22:6b:a5:3d:20:58:a2:c3:d9:33:2c:5d:21:e1:85:e3:06:
         e1:4b:95:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5BI27/VvGGy0OwHv56ifYmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNTY2NGUwMjkzNmNiNWI1NDU0ZDU5NWM1MzgyYjdlN2Ew
Yzc5NDQwHhcNMjQwMzE1MDgwMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTYwZTU0MjJjZWIwOGE2Y2RmYmJjNDFmNjMwNzcxOGIyZjMxODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBLkGtwytA7XQuEQWFyBY3tlCk8X
jYS2s6yUEmkOgKIihCYHBg3XbRV3zxR5I9HTmliqf+6iXkniWDTIlH9EFb9R++ka
i3XtwE5qnS8829pCpmDDHIjdM5XcZemov21SEmIvA20h5Aav/KXp80IsbdHpOd21
wgEj+TG61LJlq+QSjeUNQd/eZ2WvlRbrI0dA0HdOGP+3RLjtV14Dld/6KViJ8XJu
nzPDAtZu4YbJDGD70KSMMonOLdVTWp4YJyOGwlg6k3wXphHkLsEVISJRqKRCKJcV
V10gQXhkQOZsk+SKgpT7Uds+qpwrHlVyr+KBnr+sl5EBR8UI2gUY4jlkiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFElg5UIs6wimzfu8QfYwdxiy8xiJMB8GA1UdIwQY
MBaAFC5WZOApNstbVFTVlcU4K356DHlEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMt
ZWY4MWZjYTYzMDI5LzEvU1dEbFFpenJDS2JOLTd4QjlqQjNHTEx6R0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8yN2M5MTktY2NjZS00NmE5LTg0YjMtZWY4MWZjYTYzMDI5
LzEvTGxaazRDazJ5MXRVVk5XVnhUZ3Jmbm9NZVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBgIy6MA0G
CSqGSIb3DQEBCwUAA4IBAQCDiTIGqk1RXUUc6CGqLC20e5YKIzM5TzfZsDrfIjFa
JDLWTvjX6TkjaSzdvs0QkHr4wC7EOa5CrHXZUHRxevFEpmX8XSK6h5EGHGdul71f
pOSknec95q+x0aaaKaXLGAY5vVZnzR3zD5mjDL51LW7nIClZV8iXcvMfFfS34roD
/GYLfm8Dmwa911MeKDWEM8ZtPAqK+q0kFEYNEPqq6ThSLCsc+0mVSch1I2kUA7U0
EXcR+LZqpDnPGZZUahJ6Xi/TulTSDA7BfKYptHYKPJscL1S6F0FKNDeiIVMfMz7m
Sj8P1I8btO/V2zCsImulPSBYosPZMyxdIeGF4wbhS5W6
-----END CERTIFICATE-----