Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/SW07hbnebVdCqrbU8syhynqAX7c.roa
File:                     SW07hbnebVdCqrbU8syhynqAX7c.roa (raw, json)
Hash identifier:          fHq3wBn0v/bUheMJ6DOC8R/E4a6CfE2fSibEdOoR5GY=
Subject key identifier:   49:6D:3B:85:B9:DE:6D:57:42:AA:B6:D4:F2:CC:A1:CA:7A:80:5F:B7
Certificate issuer:       /CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
Certificate serial:       0198567B2A4A6DCA536360001F6CB7216D51
Authority key identifier: BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/SW07hbnebVdCqrbU8syhynqAX7c.roa
Signing time:             Tue 29 Jul 2025 13:59:28 +0000
ROA not before:           Tue 29 Jul 2025 13:59:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57027
IP address blocks:        212.108.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 08:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:56:7b:2a:4a:6d:ca:53:63:60:00:1f:6c:b7:21:6d:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba23b07a3c0ac9e333f52e8b5d41a768a3d39025
        Validity
            Not Before: Jul 29 13:59:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=496d3b85b9de6d5742aab6d4f2cca1ca7a805fb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c2:43:60:22:75:dc:e4:54:13:c7:64:50:10:
                    cf:59:0d:c4:07:bf:a5:98:65:05:98:35:7d:36:5b:
                    70:79:99:fa:94:7e:a6:7d:7b:d8:83:76:9d:ea:ae:
                    a3:89:16:e3:0f:5c:7d:0e:7f:4f:44:c9:91:8e:0d:
                    e8:f2:e1:e6:09:eb:7a:f4:2b:51:16:69:eb:aa:77:
                    42:56:17:22:dc:3e:56:d1:a1:90:9d:46:ce:1e:a0:
                    ed:6d:17:47:5e:18:6e:7f:11:94:4b:35:fc:02:1b:
                    b8:44:09:0b:bf:8b:08:80:24:be:b6:70:b8:d8:1d:
                    59:be:27:90:ab:aa:c9:55:0c:c9:90:c0:73:3c:1e:
                    cc:e7:c2:6c:3d:f8:a2:d2:d1:74:1e:00:65:56:90:
                    25:b2:5d:57:4b:80:64:e9:fb:fe:ea:25:b1:74:f2:
                    ca:52:cc:f9:41:9f:1f:93:5d:6d:6c:34:2f:69:c0:
                    14:cd:02:54:09:80:73:09:f6:80:fc:62:6d:12:e9:
                    d7:db:3e:a4:6a:fd:08:ca:1f:0b:42:6b:2e:e6:6d:
                    98:99:33:d9:50:c7:86:70:76:42:76:8d:0c:e3:3a:
                    ae:70:d7:ea:90:8b:2c:43:2d:d8:de:a2:15:88:4c:
                    8a:4f:46:56:40:96:c6:6d:c2:fb:49:03:24:d5:6b:
                    8b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6D:3B:85:B9:DE:6D:57:42:AA:B6:D4:F2:CC:A1:CA:7A:80:5F:B7
            X509v3 Authority Key Identifier:
                keyid:BA:23:B0:7A:3C:0A:C9:E3:33:F5:2E:8B:5D:41:A7:68:A3:D3:90:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uiOwejwKyeMz9S6LXUGnaKPTkCU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/SW07hbnebVdCqrbU8syhynqAX7c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/10d5b2-85e3-49ed-bdc1-8069c46771cc/1/uiOwejwKyeMz9S6LXUGnaKPTkCU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:0c:95:65:da:c0:88:87:0d:f3:22:92:7b:76:c4:68:96:df:
         b5:41:36:5d:50:5c:03:a5:75:2b:4c:a2:43:56:17:a1:b6:56:
         a1:19:fe:39:2f:9a:15:e4:1d:64:56:24:bd:39:14:83:c4:77:
         8a:4b:ce:d2:c4:71:2d:ca:e9:70:8c:76:a4:a5:d6:ac:a7:1d:
         b3:3a:68:80:d6:4f:44:a4:74:79:01:ce:80:44:37:3c:d2:df:
         cf:fe:08:73:3f:09:49:7b:01:49:eb:2a:07:30:9a:08:88:21:
         dc:69:9d:34:67:ca:78:67:bc:c0:06:75:48:bd:79:b0:69:a2:
         a1:49:4f:b1:53:6c:4d:86:11:c4:2f:34:3d:a1:5e:56:cf:2b:
         6b:60:7e:3d:b7:56:4c:2d:10:ae:8a:b3:1c:e0:2a:33:45:13:
         3e:cb:d5:73:22:b7:78:25:d8:18:3d:a3:b3:6c:05:dc:74:92:
         2e:2c:c8:bb:95:60:68:0a:a3:99:37:f5:d2:1c:b7:fa:3c:1c:
         04:49:9b:2a:57:38:5d:71:66:51:f0:24:50:60:26:70:d6:ff:
         1c:0d:03:25:e0:52:49:d4:34:2d:cb:35:97:55:07:2e:4d:2b:
         42:80:b4:4f:e8:3e:95:3b:d4:78:23:b5:6f:7f:ba:8b:c0:30:
         9f:de:98:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhWeypKbcpTY2AAH2y3IW1RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMjNiMDdhM2MwYWM5ZTMzM2Y1MmU4YjVkNDFhNzY4YTNk
MzkwMjUwHhcNMjUwNzI5MTM1OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTZkM2I4NWI5ZGU2ZDU3NDJhYWI2ZDRmMmNjYTFjYTdhODA1ZmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcJDYCJ13ORUE8dkUBDPWQ3EB7+l
mGUFmDV9NltweZn6lH6mfXvYg3ad6q6jiRbjD1x9Dn9PRMmRjg3o8uHmCet69CtR
FmnrqndCVhci3D5W0aGQnUbOHqDtbRdHXhhufxGUSzX8Ahu4RAkLv4sIgCS+tnC4
2B1ZvieQq6rJVQzJkMBzPB7M58JsPfii0tF0HgBlVpAlsl1XS4Bk6fv+6iWxdPLK
Usz5QZ8fk11tbDQvacAUzQJUCYBzCfaA/GJtEunX2z6kav0Iyh8LQmsu5m2YmTPZ
UMeGcHZCdo0M4zqucNfqkIssQy3Y3qIViEyKT0ZWQJbGbcL7SQMk1WuLNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEltO4W53m1XQqq21PLMocp6gF+3MB8GA1UdIwQY
MBaAFLojsHo8CsnjM/Uui11Bp2ij05AlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEt
ODA2OWM0Njc3MWNjLzEvU1cwN2hibmViVmRDcXJiVThzeWh5bnFBWDdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC8xMGQ1YjItODVlMy00OWVkLWJkYzEtODA2OWM0Njc3MWNj
LzEvdWlPd2Vqd0t5ZU16OVM2TFhVR25hS1BUa0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Gx8MA0G
CSqGSIb3DQEBCwUAA4IBAQCNDJVl2sCIhw3zIpJ7dsRolt+1QTZdUFwDpXUrTKJD
VhehtlahGf45L5oV5B1kViS9ORSDxHeKS87SxHEtyulwjHakpdaspx2zOmiA1k9E
pHR5Ac6ARDc80t/P/ghzPwlJewFJ6yoHMJoIiCHcaZ00Z8p4Z7zABnVIvXmwaaKh
SU+xU2xNhhHELzQ9oV5WzytrYH49t1ZMLRCuirMc4CozRRM+y9VzIrd4JdgYPaOz
bAXcdJIuLMi7lWBoCqOZN/XSHLf6PBwESZsqVzhdcWZR8CRQYCZw1v8cDQMl4FJJ
1DQtyzWXVQcuTStCgLRP6D6VO9R4I7Vvf7qLwDCf3pjk
-----END CERTIFICATE-----