Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/W2203PXvInl3O8FkiEA5f2Snh1g.roa
File:                     W2203PXvInl3O8FkiEA5f2Snh1g.roa (raw, json)
Hash identifier:          sWpkM41z27SrV3/cC5bAkdupd/fT50g4ZAEtjClPvLY=
Subject key identifier:   5B:6D:B4:DC:F5:EF:22:79:77:3B:C1:64:88:40:39:7F:64:A7:87:58
Certificate issuer:       /CN=0f107eacdd0dd2e6169d0fd31303f6c8b0304b66
Certificate serial:       018CCB5423C30A5C2DFBE53A0F61C6C81C18
Authority key identifier: 0F:10:7E:AC:DD:0D:D2:E6:16:9D:0F:D3:13:03:F6:C8:B0:30:4B:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/W2203PXvInl3O8FkiEA5f2Snh1g.roa
Signing time:             Tue 02 Jan 2024 17:58:58 +0000
ROA not before:           Tue 02 Jan 2024 17:58:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197882
IP address blocks:        185.212.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Jun 2024 17:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:cb:54:23:c3:0a:5c:2d:fb:e5:3a:0f:61:c6:c8:1c:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f107eacdd0dd2e6169d0fd31303f6c8b0304b66
        Validity
            Not Before: Jan  2 17:58:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b6db4dcf5ef2279773bc1648840397f64a78758
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:87:9e:a3:28:a5:b9:be:c5:1d:e0:8d:3b:00:
                    06:2f:69:53:a7:12:de:a8:8a:ae:97:f4:df:90:a7:
                    db:30:2b:b1:89:a1:17:8d:4a:72:c5:15:77:a1:77:
                    4a:15:43:8f:b7:98:7a:54:12:ab:ce:0d:a3:ab:9e:
                    87:c8:97:7a:6c:33:58:ce:cd:2b:1e:f8:ce:29:8a:
                    f9:ec:1a:e9:9a:37:44:2c:35:ac:cb:ae:7f:cd:90:
                    9a:a1:7f:c0:34:8c:d3:79:c0:fc:51:f0:76:ae:77:
                    55:bb:ef:bd:fe:4a:73:33:f3:e9:89:bd:61:3e:df:
                    fa:71:65:1c:1e:d2:ad:c3:bf:08:58:08:be:04:08:
                    0f:d5:12:61:d2:1c:ed:fb:88:5c:7c:f4:8a:96:01:
                    bb:99:89:d7:c4:49:e3:62:9c:a9:00:2d:d3:86:b8:
                    82:23:b7:7a:8a:b3:78:13:b2:9d:03:1c:d6:74:bf:
                    34:a3:78:81:93:4c:cb:42:10:5f:b0:ce:a7:60:13:
                    50:79:fe:f9:e3:d9:7b:e3:b5:04:e5:49:78:49:cf:
                    13:27:8e:d6:ca:73:21:0c:fc:5f:fc:3f:00:dc:54:
                    b5:56:6a:78:9e:2a:51:a3:bf:3a:26:02:65:ff:7f:
                    ce:90:c6:a4:1d:7a:9d:67:25:ea:93:22:8e:2e:69:
                    2b:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:6D:B4:DC:F5:EF:22:79:77:3B:C1:64:88:40:39:7F:64:A7:87:58
            X509v3 Authority Key Identifier:
                keyid:0F:10:7E:AC:DD:0D:D2:E6:16:9D:0F:D3:13:03:F6:C8:B0:30:4B:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/W2203PXvInl3O8FkiEA5f2Snh1g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/97e463-3519-40df-bebc-4ebc0cffaa1d/1/DxB-rN0N0uYWnQ_TEwP2yLAwS2Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:20:95:35:ee:55:1c:fc:5e:4b:4f:01:d2:cd:fe:24:68:a4:
         e0:a2:ff:27:e1:af:b4:61:83:1c:ba:23:82:e4:f0:8e:5c:05:
         cf:66:1e:c8:22:10:24:16:d9:aa:30:cd:2a:d0:9a:d0:19:90:
         83:e0:4c:88:55:ae:d4:35:65:bd:0a:a6:33:a8:a0:d5:9c:6c:
         33:75:1e:03:a4:05:2f:ed:5d:fd:03:30:1a:4c:53:1c:f3:eb:
         09:bf:60:b9:d0:32:e6:e9:8a:9c:95:f9:90:7b:55:10:d1:c8:
         8b:66:af:4f:07:8b:62:91:33:0d:aa:bc:a2:52:0b:99:8b:fe:
         80:33:88:63:9c:6b:8e:d2:a4:1a:60:dc:00:ed:47:01:ce:f1:
         0d:85:43:0d:be:2c:cb:62:d7:ec:03:78:d8:c0:e9:6f:ba:9e:
         a4:f3:51:63:53:bf:66:ba:f6:e2:67:18:42:ff:fe:94:6c:96:
         c8:0e:92:c0:70:ac:3c:e3:30:c6:e4:79:cd:49:64:62:c4:42:
         74:78:41:78:18:c4:c9:7b:d4:c7:c1:55:fe:55:4a:68:f6:de:
         55:e8:f3:02:0b:d8:99:df:d7:d1:5c:c8:b8:d6:fa:25:55:1d:
         7a:73:e3:3b:29:b1:da:d9:7b:29:c2:7f:e4:d1:85:1a:aa:fc:
         ff:ee:10:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzLVCPDClwt++U6D2HGyBwYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMTA3ZWFjZGQwZGQyZTYxNjlkMGZkMzEzMDNmNmM4YjAz
MDRiNjYwHhcNMjQwMTAyMTc1ODU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjZkYjRkY2Y1ZWYyMjc5NzczYmMxNjQ4ODQwMzk3ZjY0YTc4NzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4eeoyilub7FHeCNOwAGL2lTpxLe
qIqul/TfkKfbMCuxiaEXjUpyxRV3oXdKFUOPt5h6VBKrzg2jq56HyJd6bDNYzs0r
HvjOKYr57BrpmjdELDWsy65/zZCaoX/ANIzTecD8UfB2rndVu++9/kpzM/Ppib1h
Pt/6cWUcHtKtw78IWAi+BAgP1RJh0hzt+4hcfPSKlgG7mYnXxEnjYpypAC3ThriC
I7d6irN4E7KdAxzWdL80o3iBk0zLQhBfsM6nYBNQef7549l747UE5Ul4Sc8TJ47W
ynMhDPxf/D8A3FS1Vmp4nipRo786JgJl/3/OkMakHXqdZyXqkyKOLmkr1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFtttNz17yJ5dzvBZIhAOX9kp4dYMB8GA1UdIwQY
MBaAFA8QfqzdDdLmFp0P0xMD9siwMEtmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHhCLXJOME4wdVlXblFfVEV3UDJ5TEF3UzJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi85N2U0NjMtMzUxOS00MGRmLWJlYmMt
NGViYzBjZmZhYTFkLzEvVzIyMDNQWHZJbmwzTzhGa2lFQTVmMlNuaDFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi85N2U0NjMtMzUxOS00MGRmLWJlYmMtNGViYzBjZmZhYTFk
LzEvRHhCLXJOME4wdVlXblFfVEV3UDJ5TEF3UzJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudQhMA0G
CSqGSIb3DQEBCwUAA4IBAQB0IJU17lUc/F5LTwHSzf4kaKTgov8n4a+0YYMcuiOC
5PCOXAXPZh7IIhAkFtmqMM0q0JrQGZCD4EyIVa7UNWW9CqYzqKDVnGwzdR4DpAUv
7V39AzAaTFMc8+sJv2C50DLm6YqclfmQe1UQ0ciLZq9PB4tikTMNqryiUguZi/6A
M4hjnGuO0qQaYNwA7UcBzvENhUMNvizLYtfsA3jYwOlvup6k81FjU79muvbiZxhC
//6UbJbIDpLAcKw84zDG5HnNSWRixEJ0eEF4GMTJe9THwVX+VUpo9t5V6PMCC9iZ
39fRXMi41volVR16c+M7KbHa2Xspwn/k0YUaqvz/7hCL
-----END CERTIFICATE-----