Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/SWb9dWC7dX_rwlK0omJMc3wlDks.roa
File:                     SWb9dWC7dX_rwlK0omJMc3wlDks.roa (raw, json)
Hash identifier:          LsnTgIHVTvCHjZWRXF28FLY3Qh1KmfRKmu1wsQo8XRo=
Subject key identifier:   49:66:FD:75:60:BB:75:7F:EB:C2:52:B4:A2:62:4C:73:7C:25:0E:4B
Certificate issuer:       /CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
Certificate serial:       01967C6E1201DBB8C493C9E8997FF0A8DBAC
Authority key identifier: 9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/SWb9dWC7dX_rwlK0omJMc3wlDks.roa
Signing time:             Mon 28 Apr 2025 12:45:10 +0000
ROA not before:           Mon 28 Apr 2025 12:45:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39361
IP address blocks:        46.231.227.0/24 maxlen: 24
                          46.231.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:6e:12:01:db:b8:c4:93:c9:e8:99:7f:f0:a8:db:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
        Validity
            Not Before: Apr 28 12:45:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4966fd7560bb757febc252b4a2624c737c250e4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f6:c9:e2:f1:e6:d7:c7:b5:59:b8:db:5d:b3:
                    9a:cc:7e:e8:b3:2e:71:c4:32:bb:ed:88:6e:12:34:
                    86:e0:b3:32:01:b5:ad:ec:89:d5:07:8e:a6:5a:be:
                    f0:98:c9:d5:a5:6b:f9:78:41:16:99:9f:e1:5b:5c:
                    84:57:e5:6d:71:79:50:6a:d9:dd:8c:30:04:17:f5:
                    7d:94:5f:dd:1d:55:c9:a7:52:4f:b2:98:ef:4e:cf:
                    79:8a:aa:b6:f2:61:c0:81:94:68:5d:22:77:36:38:
                    71:67:00:13:45:d9:8e:9f:03:c3:74:86:4b:ff:e8:
                    b4:c1:84:23:0d:04:76:b0:a7:a6:0c:26:61:b9:1d:
                    f5:f2:2d:c1:54:0d:69:a4:4b:43:2b:ed:21:0a:32:
                    29:60:f0:ba:65:af:50:ef:77:45:6a:5d:8f:5d:55:
                    28:22:4c:35:ea:31:09:40:b4:37:4e:7d:97:03:5a:
                    80:96:f8:b6:b0:03:b9:de:85:9e:f0:a8:20:54:04:
                    13:76:f4:35:c1:1e:c9:02:6c:e4:3c:3a:98:c5:10:
                    14:e1:f6:d1:94:ba:6d:d2:f1:6e:44:92:fc:2c:2b:
                    45:3b:95:4b:bb:a0:f1:27:34:e3:93:5f:c4:f1:b6:
                    16:c4:53:b7:7a:36:37:0f:47:f0:77:a9:d0:f9:4b:
                    b9:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:66:FD:75:60:BB:75:7F:EB:C2:52:B4:A2:62:4C:73:7C:25:0E:4B
            X509v3 Authority Key Identifier:
                keyid:9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/SWb9dWC7dX_rwlK0omJMc3wlDks.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.227.0/24
                  46.231.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:3c:5f:cb:2f:73:4d:f9:b4:5c:ae:f6:20:4b:f6:5c:be:5f:
         5f:84:22:85:ee:7a:44:85:74:49:d4:24:be:5d:04:0e:3f:bd:
         57:cc:53:1f:a6:f3:71:a7:14:d5:64:d4:a1:69:b2:46:7e:8e:
         63:92:1b:0c:e2:8f:32:ba:25:90:52:ed:fb:7c:68:b3:03:2d:
         7f:b6:b3:f2:9f:18:37:c3:5e:2d:dd:ad:87:06:6d:3d:a9:78:
         75:c3:11:d5:01:df:ec:8b:51:79:36:f7:a9:33:4a:21:4f:aa:
         98:81:17:a0:e6:6b:25:eb:a9:83:22:2a:dd:c9:12:69:ae:90:
         e2:ec:3f:05:76:9a:ac:10:9f:53:2b:bf:5d:8f:7b:4a:10:b3:
         e7:10:13:53:c6:02:e7:be:0a:9b:27:de:31:be:f0:66:d7:15:
         80:68:57:fe:ca:86:a6:88:c4:ee:4b:c1:41:47:4a:eb:c5:eb:
         74:89:52:00:95:2f:60:ff:cd:90:16:f5:1d:8e:48:b4:cb:ef:
         32:3c:c7:13:4b:2b:56:83:e9:f7:48:4b:26:13:27:74:cc:28:
         d0:91:c3:39:af:1e:ff:38:47:91:f5:67:51:d9:fd:8b:c4:d2:
         40:8d:02:39:e1:af:76:ce:46:13:7b:2d:84:24:fe:8c:ed:7c:
         bb:c6:b4:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ8bhIB27jEk8nomX/wqNusMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOTg5YjM5OThlMTlmYzAwZjg2NzBjZjZjOWQ3NDAxNzE1
Y2YzNGYwHhcNMjUwNDI4MTI0NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OTY2ZmQ3NTYwYmI3NTdmZWJjMjUyYjRhMjYyNGM3MzdjMjUwZTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/bJ4vHm18e1WbjbXbOazH7osy5x
xDK77YhuEjSG4LMyAbWt7InVB46mWr7wmMnVpWv5eEEWmZ/hW1yEV+VtcXlQatnd
jDAEF/V9lF/dHVXJp1JPspjvTs95iqq28mHAgZRoXSJ3NjhxZwATRdmOnwPDdIZL
/+i0wYQjDQR2sKemDCZhuR318i3BVA1ppEtDK+0hCjIpYPC6Za9Q73dFal2PXVUo
Ikw16jEJQLQ3Tn2XA1qAlvi2sAO53oWe8KggVAQTdvQ1wR7JAmzkPDqYxRAU4fbR
lLpt0vFuRJL8LCtFO5VLu6DxJzTjk1/E8bYWxFO3ejY3D0fwd6nQ+Uu5XwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFElm/XVgu3V/68JStKJiTHN8JQ5LMB8GA1UdIwQY
MBaAFJ2YmzmY4Z/AD4Zwz2yddAFxXPNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2It
YzdjY2Q3OTQzMTA2LzEvU1diOWRXQzdkWF9yd2xLMG9tSk1jM3dsRGtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2ItYzdjY2Q3OTQzMTA2
LzEvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALufjAwQA
LuflMA0GCSqGSIb3DQEBCwUAA4IBAQAuPF/LL3NN+bRcrvYgS/Zcvl9fhCKF7npE
hXRJ1CS+XQQOP71XzFMfpvNxpxTVZNShabJGfo5jkhsM4o8yuiWQUu37fGizAy1/
trPynxg3w14t3a2HBm09qXh1wxHVAd/si1F5NvepM0ohT6qYgReg5msl66mDIird
yRJprpDi7D8FdpqsEJ9TK79dj3tKELPnEBNTxgLnvgqbJ94xvvBm1xWAaFf+yoam
iMTuS8FBR0rrxet0iVIAlS9g/82QFvUdjki0y+8yPMcTSytWg+n3SEsmEyd0zCjQ
kcM5rx7/OEeR9WdR2f2LxNJAjQI54a92zkYTey2EJP6M7Xy7xrT9
-----END CERTIFICATE-----