Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/SwaXTGGr0ahjQ1G33wMOq2yL9kc.roa
File:                     SwaXTGGr0ahjQ1G33wMOq2yL9kc.roa (raw, json)
Hash identifier:          s75fnBdKMDFGDlAd01pq/TKHtxWMXcAxczgmSdWq70s=
Subject key identifier:   4B:06:97:4C:61:AB:D1:A8:63:43:51:B7:DF:03:0E:AB:6C:8B:F6:47
Certificate issuer:       /CN=538dd18b1692d8a3e7712d3e6b928b09aa0ae66c
Certificate serial:       0196A18C53A4754203433C3C3744A61BC793
Authority key identifier: 53:8D:D1:8B:16:92:D8:A3:E7:71:2D:3E:6B:92:8B:09:AA:0A:E6:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/U43RixaS2KPncS0-a5KLCaoK5mw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/SwaXTGGr0ahjQ1G33wMOq2yL9kc.roa
Signing time:             Mon 05 May 2025 17:44:10 +0000
ROA not before:           Mon 05 May 2025 17:44:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62390
IP address blocks:        103.75.68.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/U43RixaS2KPncS0-a5KLCaoK5mw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/U43RixaS2KPncS0-a5KLCaoK5mw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/U43RixaS2KPncS0-a5KLCaoK5mw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a1:8c:53:a4:75:42:03:43:3c:3c:37:44:a6:1b:c7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=538dd18b1692d8a3e7712d3e6b928b09aa0ae66c
        Validity
            Not Before: May  5 17:44:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4b06974c61abd1a8634351b7df030eab6c8bf647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:f0:78:27:91:30:24:31:00:2d:99:7b:b1:d1:
                    43:19:9f:f7:5d:a3:cb:1c:f2:67:a9:06:34:db:4f:
                    bb:68:c1:44:96:ab:ff:cb:c9:67:7c:d0:0e:3f:1d:
                    f5:1c:05:85:65:a3:4d:99:a9:c2:b1:a4:4c:ea:e6:
                    40:20:5d:ba:8b:87:3e:14:fd:57:15:09:1a:44:b8:
                    cf:bb:eb:bb:03:98:86:80:c8:4e:37:f4:7f:f8:e4:
                    59:25:7b:5f:b2:30:7f:51:3e:9a:26:71:63:47:68:
                    67:91:4c:12:6f:e5:61:28:df:61:39:e7:d0:c1:e5:
                    4e:d4:65:35:63:af:25:a1:4c:52:ec:6b:0f:10:f2:
                    0d:e2:34:a1:78:8c:f5:78:1f:e1:16:71:94:d7:eb:
                    4d:e7:22:41:4e:5c:ac:25:fb:aa:6a:7c:02:6f:30:
                    fc:19:18:f6:44:01:7b:0f:0f:56:e9:1b:dd:b2:28:
                    9f:67:65:dc:d1:72:b8:9a:40:10:f0:2f:e2:1c:11:
                    cb:6e:cc:cf:d4:44:12:18:b1:89:87:c8:86:56:db:
                    8a:13:39:71:5f:de:2a:97:c2:c8:3a:13:ad:ac:be:
                    ab:91:3d:80:41:d4:e1:24:b3:c6:0f:29:ac:d1:0c:
                    f8:9f:f2:d7:55:60:1a:16:d7:85:58:bb:4f:b5:82:
                    a0:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:06:97:4C:61:AB:D1:A8:63:43:51:B7:DF:03:0E:AB:6C:8B:F6:47
            X509v3 Authority Key Identifier:
                keyid:53:8D:D1:8B:16:92:D8:A3:E7:71:2D:3E:6B:92:8B:09:AA:0A:E6:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U43RixaS2KPncS0-a5KLCaoK5mw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/SwaXTGGr0ahjQ1G33wMOq2yL9kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/9cb0e9-537d-4f6e-b98e-2eb70a3602e9/1/U43RixaS2KPncS0-a5KLCaoK5mw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.75.68.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:e9:46:8c:d9:09:d3:6c:01:66:b4:34:a2:49:80:b7:ba:28:
         36:3e:f6:4b:29:c5:62:b4:8a:ff:30:fd:72:0d:5e:88:1f:33:
         fd:df:84:05:46:33:a0:6c:f7:fe:3b:b7:be:74:1c:12:7d:e6:
         57:aa:7f:ed:f4:64:5f:8c:e4:66:91:c2:65:d6:96:13:52:82:
         b1:6a:0f:a3:7c:44:40:b4:32:c2:7c:e6:e3:75:6a:56:c0:0f:
         3f:1a:8d:2b:f8:64:f7:c8:18:d9:30:69:e9:aa:b9:61:e7:39:
         c3:30:72:90:f7:6e:89:24:0a:8c:f0:7a:f6:25:3b:f6:1c:1b:
         6d:93:92:c7:d4:88:1f:10:8d:9a:ff:81:3c:cc:84:63:a6:7a:
         5a:29:26:68:38:02:72:32:14:46:2d:01:f1:1e:cf:ec:43:7e:
         88:fe:ae:a9:49:29:b4:60:50:fb:d6:f9:1f:a2:ad:cf:13:e2:
         f5:33:7b:19:7f:b6:cb:60:9d:65:da:e6:bd:88:d8:62:20:11:
         93:73:e4:c4:99:e3:29:21:a9:5e:20:f6:93:e5:2a:f0:6f:06:
         6c:1c:c1:b8:bd:cc:f3:e8:45:38:2b:3e:2d:fe:27:02:42:ab:
         db:51:14:5d:60:dc:31:aa:bf:e0:f3:eb:54:fd:4e:c8:82:14:
         88:7d:97:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZahjFOkdUIDQzw8N0SmG8eTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzOGRkMThiMTY5MmQ4YTNlNzcxMmQzZTZiOTI4YjA5YWEw
YWU2NmMwHhcNMjUwNTA1MTc0NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjA2OTc0YzYxYWJkMWE4NjM0MzUxYjdkZjAzMGVhYjZjOGJmNjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/B4J5EwJDEALZl7sdFDGZ/3XaPL
HPJnqQY020+7aMFElqv/y8lnfNAOPx31HAWFZaNNmanCsaRM6uZAIF26i4c+FP1X
FQkaRLjPu+u7A5iGgMhON/R/+ORZJXtfsjB/UT6aJnFjR2hnkUwSb+VhKN9hOefQ
weVO1GU1Y68loUxS7GsPEPIN4jSheIz1eB/hFnGU1+tN5yJBTlysJfuqanwCbzD8
GRj2RAF7Dw9W6RvdsiifZ2Xc0XK4mkAQ8C/iHBHLbszP1EQSGLGJh8iGVtuKEzlx
X94ql8LIOhOtrL6rkT2AQdThJLPGDyms0Qz4n/LXVWAaFteFWLtPtYKgUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEsGl0xhq9GoY0NRt98DDqtsi/ZHMB8GA1UdIwQY
MBaAFFON0YsWktij53EtPmuSiwmqCuZsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTQzUml4YVMyS1BuY1MwLWE1S0xDYW9LNW13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85Y2IwZTktNTM3ZC00ZjZlLWI5OGUt
MmViNzBhMzYwMmU5LzEvU3dhWFRHR3IwYWhqUTFHMzN3TU9xMnlMOWtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85Y2IwZTktNTM3ZC00ZjZlLWI5OGUtMmViNzBhMzYwMmU5
LzEvVTQzUml4YVMyS1BuY1MwLWE1S0xDYW9LNW13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZ0tEMA0G
CSqGSIb3DQEBCwUAA4IBAQA/6UaM2QnTbAFmtDSiSYC3uig2PvZLKcVitIr/MP1y
DV6IHzP934QFRjOgbPf+O7e+dBwSfeZXqn/t9GRfjORmkcJl1pYTUoKxag+jfERA
tDLCfObjdWpWwA8/Go0r+GT3yBjZMGnpqrlh5znDMHKQ926JJAqM8Hr2JTv2HBtt
k5LH1IgfEI2a/4E8zIRjpnpaKSZoOAJyMhRGLQHxHs/sQ36I/q6pSSm0YFD71vkf
oq3PE+L1M3sZf7bLYJ1l2ua9iNhiIBGTc+TEmeMpIaleIPaT5SrwbwZsHMG4vczz
6EU4Kz4t/icCQqvbURRdYNwxqr/g8+tU/U7IghSIfZcZ
-----END CERTIFICATE-----