Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/53/1349ca-8c3c-4131-9f55-d59030661949/1/wF03zlYV8_r_ZZnCmj1tslqE2ZI.roa
File:                     wF03zlYV8_r_ZZnCmj1tslqE2ZI.roa (raw, json)
Hash identifier:          EKYSZKyX0wz37/7aJtOTH5iytiN7NBI4neSvEUBFYGY=
Subject key identifier:   C0:5D:37:CE:56:15:F3:FA:FF:65:99:C2:9A:3D:6D:B2:5A:84:D9:92
Certificate issuer:       /CN=816684a2958e0190f270a80a98789319e1cee4d8
Certificate serial:       01941F8C169C9C8EF8DD94F829655F7F67A7
Authority key identifier: 81:66:84:A2:95:8E:01:90:F2:70:A8:0A:98:78:93:19:E1:CE:E4:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gWaEopWOAZDycKgKmHiTGeHO5Ng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/53/1349ca-8c3c-4131-9f55-d59030661949/1/wF03zlYV8_r_ZZnCmj1tslqE2ZI.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        46.17.72.0/21 maxlen: 24
                          46.17.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/53/1349ca-8c3c-4131-9f55-d59030661949/1/gWaEopWOAZDycKgKmHiTGeHO5Ng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/53/1349ca-8c3c-4131-9f55-d59030661949/1/gWaEopWOAZDycKgKmHiTGeHO5Ng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gWaEopWOAZDycKgKmHiTGeHO5Ng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:16:9c:9c:8e:f8:dd:94:f8:29:65:5f:7f:67:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=816684a2958e0190f270a80a98789319e1cee4d8
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c05d37ce5615f3faff6599c29a3d6db25a84d992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:0e:29:cb:fc:43:1b:b0:b6:69:af:e4:0e:3d:
                    6f:eb:12:3f:67:8b:8b:3b:7d:81:23:38:f4:50:6a:
                    88:d8:b3:91:ed:2f:fd:28:07:be:5e:93:fc:f4:39:
                    dc:cb:8e:9d:18:d2:09:14:8c:1f:3d:19:c1:2c:f7:
                    ef:38:37:0c:38:01:ee:f5:d7:76:ee:2e:27:26:57:
                    1d:36:b2:ef:b5:2f:78:46:c6:e3:0b:63:55:89:6a:
                    82:7c:dd:bd:d3:ca:38:2e:27:66:76:ed:15:44:58:
                    b5:f4:59:6f:92:94:b9:a5:91:d1:44:7b:a5:ed:3c:
                    d2:51:9f:fb:5e:ab:b8:ff:6d:e0:c4:6f:c4:0b:5a:
                    6b:fe:6e:e3:62:4a:68:b8:83:e6:cd:07:17:cd:ad:
                    c8:58:d9:f2:90:18:d4:d7:68:f3:8e:3d:50:9f:b0:
                    3b:9a:04:4c:54:4a:a9:be:13:64:f7:3a:f2:8b:67:
                    e5:27:81:c4:33:39:17:0b:8b:ac:b7:76:3d:48:0f:
                    2f:ef:23:9c:02:75:07:51:23:f0:a9:3d:5f:3d:ad:
                    09:31:21:0a:46:1b:3b:fb:a2:75:be:b6:19:48:09:
                    19:5a:bf:7c:25:d5:a6:98:8f:29:1e:4d:4a:8e:f0:
                    bd:ad:29:d6:3c:be:eb:0a:ec:0a:eb:51:e9:57:a4:
                    15:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:5D:37:CE:56:15:F3:FA:FF:65:99:C2:9A:3D:6D:B2:5A:84:D9:92
            X509v3 Authority Key Identifier:
                keyid:81:66:84:A2:95:8E:01:90:F2:70:A8:0A:98:78:93:19:E1:CE:E4:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gWaEopWOAZDycKgKmHiTGeHO5Ng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1349ca-8c3c-4131-9f55-d59030661949/1/wF03zlYV8_r_ZZnCmj1tslqE2ZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/53/1349ca-8c3c-4131-9f55-d59030661949/1/gWaEopWOAZDycKgKmHiTGeHO5Ng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         52:11:4d:dd:f9:53:89:80:f9:8f:00:f0:c3:e5:27:41:37:a0:
         48:36:54:6a:4e:7d:82:f4:8a:f5:b7:84:d5:9d:0a:90:cd:ee:
         f0:a3:32:6e:f1:02:e4:4f:c4:f6:c1:7f:ce:c3:a3:c7:0b:fd:
         07:6d:9a:ea:06:12:47:6c:20:df:f6:90:ca:f2:1a:ad:b3:8e:
         14:48:7e:0c:b8:34:37:76:1a:24:bb:4c:48:66:bb:79:d9:bf:
         80:cd:6a:3b:a1:3f:a3:22:9e:8b:f6:5b:4a:91:c4:b6:a5:90:
         18:c7:4a:c2:a6:b1:10:32:0f:72:28:dc:8f:7c:e1:59:5f:0c:
         80:f4:94:d7:d8:4c:49:cb:5d:d4:e0:b7:d9:02:8c:d0:82:6a:
         6f:cb:50:a1:e0:ce:76:b6:72:89:85:d9:74:20:78:a5:0b:4c:
         e1:ec:75:34:7e:5b:30:d8:8b:b7:1e:f7:19:43:74:fa:59:91:
         3a:87:4e:8c:8b:d7:cd:13:d6:13:46:fb:50:f7:f5:11:8d:72:
         a6:8c:31:d3:63:9e:30:18:fc:94:f7:47:ba:32:74:c9:b8:53:
         2d:b0:7f:f8:64:72:44:e7:87:f4:ff:b8:03:55:05:bc:04:6b:
         3a:8f:c1:55:bb:f7:6b:6b:17:a6:34:7b:6d:cf:2c:d4:eb:3a:
         dc:9f:8d:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBacnI743ZT4KWVff2enMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxNjY4NGEyOTU4ZTAxOTBmMjcwYTgwYTk4Nzg5MzE5ZTFj
ZWU0ZDgwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDVkMzdjZTU2MTVmM2ZhZmY2NTk5YzI5YTNkNmRiMjVhODRkOTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2g4py/xDG7C2aa/kDj1v6xI/Z4uL
O32BIzj0UGqI2LOR7S/9KAe+XpP89Dncy46dGNIJFIwfPRnBLPfvODcMOAHu9dd2
7i4nJlcdNrLvtS94RsbjC2NViWqCfN2908o4Lidmdu0VRFi19FlvkpS5pZHRRHul
7TzSUZ/7Xqu4/23gxG/EC1pr/m7jYkpouIPmzQcXza3IWNnykBjU12jzjj1Qn7A7
mgRMVEqpvhNk9zryi2flJ4HEMzkXC4ust3Y9SA8v7yOcAnUHUSPwqT1fPa0JMSEK
Rhs7+6J1vrYZSAkZWr98JdWmmI8pHk1KjvC9rSnWPL7rCuwK61HpV6QVswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMBdN85WFfP6/2WZwpo9bbJahNmSMB8GA1UdIwQY
MBaAFIFmhKKVjgGQ8nCoCph4kxnhzuTYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ1dhRW9wV09BWkR5Y0tnS21IaVRHZUhPNU5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81My8xMzQ5Y2EtOGMzYy00MTMxLTlmNTUt
ZDU5MDMwNjYxOTQ5LzEvd0YwM3psWVY4X3JfWlpuQ21qMXRzbHFFMlpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81My8xMzQ5Y2EtOGMzYy00MTMxLTlmNTUtZDU5MDMwNjYxOTQ5
LzEvZ1dhRW9wV09BWkR5Y0tnS21IaVRHZUhPNU5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhFIMA0G
CSqGSIb3DQEBCwUAA4IBAQBSEU3d+VOJgPmPAPDD5SdBN6BINlRqTn2C9Ir1t4TV
nQqQze7wozJu8QLkT8T2wX/Ow6PHC/0HbZrqBhJHbCDf9pDK8hqts44USH4MuDQ3
dhoku0xIZrt52b+AzWo7oT+jIp6L9ltKkcS2pZAYx0rCprEQMg9yKNyPfOFZXwyA
9JTX2ExJy13U4LfZAozQgmpvy1Ch4M52tnKJhdl0IHilC0zh7HU0flsw2Iu3HvcZ
Q3T6WZE6h06Mi9fNE9YTRvtQ9/URjXKmjDHTY54wGPyU90e6MnTJuFMtsH/4ZHJE
54f0/7gDVQW8BGs6j8FVu/draxemNHttzyzU6zrcn43E
-----END CERTIFICATE-----