Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/SW8rMdfxxSXci5HQl7Z_5MnQb3M.roa
File:                     SW8rMdfxxSXci5HQl7Z_5MnQb3M.roa (raw, json)
Hash identifier:          xvxmT3+uyVwK4vpOpGeeXMUWLDu+I3o6/dhaOTjjR+w=
Subject key identifier:   49:6F:2B:31:D7:F1:C5:25:DC:8B:91:D0:97:B6:7F:E4:C9:D0:6F:73
Certificate issuer:       /CN=57182aab5ad9efa380a6c6f06c016e158be977bc
Certificate serial:       019667F08B766BFF72DB8B7B738360CEB3F5
Authority key identifier: 57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/SW8rMdfxxSXci5HQl7Z_5MnQb3M.roa
Signing time:             Thu 24 Apr 2025 13:15:39 +0000
ROA not before:           Thu 24 Apr 2025 13:15:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41289
IP address blocks:        2a02:11f8:80::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 30 Apr 2025 10:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:67:f0:8b:76:6b:ff:72:db:8b:7b:73:83:60:ce:b3:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57182aab5ad9efa380a6c6f06c016e158be977bc
        Validity
            Not Before: Apr 24 13:15:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=496f2b31d7f1c525dc8b91d097b67fe4c9d06f73
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:55:51:91:66:b6:c6:4e:c4:f7:e0:10:32:33:
                    c8:ef:3a:66:62:02:31:6d:ac:e8:89:25:1d:f6:e0:
                    1d:a5:3b:ad:bd:5e:a5:67:aa:e8:99:49:47:56:6a:
                    ae:d4:bd:99:b6:d2:df:41:c5:df:50:80:a7:e3:11:
                    b0:50:ae:2b:fa:6b:13:d4:69:03:6e:4f:55:75:49:
                    a1:85:f0:b5:9c:60:3d:e3:89:71:f3:1c:98:e1:17:
                    6e:71:f5:2e:58:8a:f9:b9:f2:b4:c2:fc:cb:e2:65:
                    2b:05:e4:13:03:37:02:2d:b3:72:b1:ca:38:2b:f1:
                    22:c6:0e:de:d9:00:41:42:64:15:60:db:66:2f:cf:
                    0b:a0:5a:b9:b8:91:10:1c:06:60:7b:a6:52:c9:f7:
                    15:2b:1f:32:df:25:44:12:65:a5:e5:62:1d:74:4f:
                    5d:7b:40:30:03:73:79:b4:81:d8:bd:50:a0:94:d0:
                    8a:f3:d8:42:38:82:ed:74:7e:ed:fc:7c:40:38:99:
                    af:69:7a:43:75:36:c0:1b:6b:32:75:24:ba:38:d4:
                    7b:60:e6:54:eb:9e:6e:0d:b5:f7:52:e4:fd:58:26:
                    7a:e5:5c:12:21:6c:e7:6a:75:09:4b:59:08:67:f3:
                    fb:70:d1:0e:b0:58:2b:67:be:e5:84:db:1a:41:2a:
                    56:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:6F:2B:31:D7:F1:C5:25:DC:8B:91:D0:97:B6:7F:E4:C9:D0:6F:73
            X509v3 Authority Key Identifier:
                keyid:57:18:2A:AB:5A:D9:EF:A3:80:A6:C6:F0:6C:01:6E:15:8B:E9:77:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vxgqq1rZ76OApsbwbAFuFYvpd7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/SW8rMdfxxSXci5HQl7Z_5MnQb3M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/8c51cb-a3bd-476d-880f-a96c6266abdb/1/Vxgqq1rZ76OApsbwbAFuFYvpd7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:11f8:80::/48

    Signature Algorithm: sha256WithRSAEncryption
         0e:70:b0:ed:fd:f0:15:11:a4:05:ca:b5:6f:fd:ad:d2:ce:04:
         2d:12:fd:29:21:87:bf:58:39:f1:85:4a:2d:b0:e7:f5:ae:26:
         3e:7d:0c:a3:c4:f5:59:c8:5f:d8:ec:8b:ad:64:20:3f:ab:77:
         ed:3b:cd:6d:77:20:8c:c6:37:1a:f6:ba:53:1f:97:e4:5c:17:
         8b:61:c1:e6:29:9b:c7:e3:8d:36:17:5f:ab:52:44:8f:de:d3:
         1c:76:cf:39:1b:4d:2b:47:b2:04:09:b3:a1:ea:8a:d2:2c:a3:
         31:9b:6c:0e:3a:d2:b8:c1:b2:d2:fe:7d:57:ba:06:a6:d8:29:
         ba:83:41:8c:cd:09:e0:de:77:19:46:9f:ed:0c:dc:9b:c1:e2:
         ef:6a:15:d5:e3:43:22:a5:85:89:e8:33:c7:dd:5d:08:49:9a:
         ec:3f:6e:1f:b9:ab:eb:fa:11:37:8a:4d:69:6f:6c:62:3d:3c:
         04:e6:48:2a:4c:8e:f3:48:48:0d:6b:e3:e6:eb:b8:d5:e1:29:
         f5:44:da:34:40:b3:76:5c:e3:87:58:7a:4f:ca:cb:73:7e:cc:
         0b:c6:52:78:e8:60:b3:72:36:1d:eb:89:4a:f5:d6:8f:d0:54:
         19:5f:e8:c1:18:a6:2e:ea:06:29:ee:23:95:62:3c:43:bc:56:
         0a:33:57:5a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZn8It2a/9y24t7c4NgzrP1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTgyYWFiNWFkOWVmYTM4MGE2YzZmMDZjMDE2ZTE1OGJl
OTc3YmMwHhcNMjUwNDI0MTMxNTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTZmMmIzMWQ3ZjFjNTI1ZGM4YjkxZDA5N2I2N2ZlNGM5ZDA2ZjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5FVRkWa2xk7E9+AQMjPI7zpmYgIx
bazoiSUd9uAdpTutvV6lZ6romUlHVmqu1L2ZttLfQcXfUICn4xGwUK4r+msT1GkD
bk9VdUmhhfC1nGA944lx8xyY4RducfUuWIr5ufK0wvzL4mUrBeQTAzcCLbNysco4
K/Eixg7e2QBBQmQVYNtmL88LoFq5uJEQHAZge6ZSyfcVKx8y3yVEEmWl5WIddE9d
e0AwA3N5tIHYvVCglNCK89hCOILtdH7t/HxAOJmvaXpDdTbAG2sydSS6ONR7YOZU
655uDbX3UuT9WCZ65VwSIWznanUJS1kIZ/P7cNEOsFgrZ77lhNsaQSpW2wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFElvKzHX8cUl3IuR0Je2f+TJ0G9zMB8GA1UdIwQY
MBaAFFcYKqta2e+jgKbG8GwBbhWL6Xe8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYt
YTk2YzYyNjZhYmRiLzEvU1c4ck1kZnh4U1hjaTVIUWw3Wl81TW5RYjNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84YzUxY2ItYTNiZC00NzZkLTg4MGYtYTk2YzYyNjZhYmRi
LzEvVnhncXExclo3Nk9BcHNid2JBRnVGWXZwZDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgIR+ACA
MA0GCSqGSIb3DQEBCwUAA4IBAQAOcLDt/fAVEaQFyrVv/a3SzgQtEv0pIYe/WDnx
hUotsOf1riY+fQyjxPVZyF/Y7IutZCA/q3ftO81tdyCMxjca9rpTH5fkXBeLYcHm
KZvH4402F1+rUkSP3tMcds85G00rR7IECbOh6orSLKMxm2wOOtK4wbLS/n1Xugam
2Cm6g0GMzQng3ncZRp/tDNybweLvahXV40MipYWJ6DPH3V0ISZrsP24fuavr+hE3
ik1pb2xiPTwE5kgqTI7zSEgNa+Pm67jV4Sn1RNo0QLN2XOOHWHpPystzfswLxlJ4
6GCzcjYd64lK9daP0FQZX+jBGKYu6gYp7iOVYjxDvFYKM1da
-----END CERTIFICATE-----