Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/2tLIkUBb_6S4dyLdJMw4dew7ADQ.roa
File:                     2tLIkUBb_6S4dyLdJMw4dew7ADQ.roa (raw, json)
Hash identifier:          F9K8SxrJTXKfxe6RAN/1Fgu0JybMSJ5k6r97sMEifFU=
Subject key identifier:   DA:D2:C8:91:40:5B:FF:A4:B8:77:22:DD:24:CC:38:75:EC:3B:00:34
Certificate issuer:       /CN=33fbdbb20c2d97073c0de8b7caa75ec1eeb191b8
Certificate serial:       018CC801D2BECA689C42278D94B44009E01B
Authority key identifier: 33:FB:DB:B2:0C:2D:97:07:3C:0D:E8:B7:CA:A7:5E:C1:EE:B1:91:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/2tLIkUBb_6S4dyLdJMw4dew7ADQ.roa
Signing time:             Tue 02 Jan 2024 02:30:11 +0000
ROA not before:           Tue 02 Jan 2024 02:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        217.169.72.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:d2:be:ca:68:9c:42:27:8d:94:b4:40:09:e0:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33fbdbb20c2d97073c0de8b7caa75ec1eeb191b8
        Validity
            Not Before: Jan  2 02:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dad2c891405bffa4b87722dd24cc3875ec3b0034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6e:5c:e4:7d:6e:68:9f:7c:44:90:61:d5:5d:
                    35:90:32:ca:50:aa:dc:36:c2:82:58:ee:9b:73:37:
                    82:90:ae:40:1e:0f:41:6f:51:67:05:e9:b2:84:b2:
                    c7:c8:64:2e:30:9e:c4:fa:49:23:5e:46:14:15:c9:
                    cc:b2:3c:bb:74:eb:93:0d:ed:96:3f:1d:eb:36:ff:
                    24:72:17:d5:04:3f:2e:6e:a3:b0:14:e7:c8:44:2c:
                    63:d3:45:a4:07:a1:21:70:88:af:7c:c4:1e:d6:d4:
                    16:8c:88:f2:7d:52:42:61:c8:3c:66:13:9f:eb:6e:
                    1f:cf:8d:f1:a5:e7:93:19:13:28:7a:2d:53:93:4b:
                    7f:50:16:21:d5:b0:9a:3f:fb:ff:cc:b9:53:4b:89:
                    67:c6:00:1e:76:cc:f7:70:6d:c9:ed:2c:3e:0a:69:
                    0f:c7:c3:8d:2a:57:30:95:33:6f:a8:77:6a:a1:a3:
                    8f:15:de:9d:91:33:f2:1e:40:bf:fa:4e:07:4b:64:
                    8b:c2:84:26:cd:ea:e3:69:a0:b9:57:d3:09:17:0f:
                    fc:7e:04:2b:46:cc:88:82:31:ee:32:a5:cd:2d:df:
                    57:0b:e3:f8:12:12:de:b4:73:50:3f:92:9c:6c:cf:
                    e6:e0:bf:f6:f4:5d:1a:ab:b1:9c:62:c1:45:45:bc:
                    cd:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D2:C8:91:40:5B:FF:A4:B8:77:22:DD:24:CC:38:75:EC:3B:00:34
            X509v3 Authority Key Identifier:
                keyid:33:FB:DB:B2:0C:2D:97:07:3C:0D:E8:B7:CA:A7:5E:C1:EE:B1:91:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/2tLIkUBb_6S4dyLdJMw4dew7ADQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.169.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         30:37:12:bd:76:f6:e9:83:7b:38:f4:b2:81:ae:32:c5:94:ed:
         cf:12:0e:9d:c1:6e:5a:89:d2:e4:19:1c:81:0d:04:ca:66:4f:
         3e:51:ac:3f:76:a8:a6:c6:48:b4:d3:d7:2d:01:aa:b1:a5:86:
         ad:93:a8:b5:72:0d:d3:71:0f:ef:29:9d:72:54:bf:b6:fa:66:
         0b:96:d4:14:94:00:ef:29:f6:09:02:02:01:2b:06:1f:3d:ea:
         1a:99:6f:fb:a4:22:eb:a7:65:5d:3b:d0:b5:58:21:31:c1:66:
         b5:7e:c4:b3:4a:43:b0:42:85:c7:5c:e7:22:2f:d6:ea:ec:0e:
         4f:9d:77:84:df:33:05:4e:83:96:a5:c3:99:ee:30:41:53:e9:
         79:14:b6:74:3f:2f:c1:49:31:97:1e:07:fd:e5:f2:f6:1c:b1:
         00:34:82:35:5f:78:3a:65:c2:f7:21:61:18:50:73:79:c2:5b:
         a1:c7:70:56:ed:93:e4:06:e1:23:c9:f6:e3:67:54:70:51:ae:
         7a:02:9d:32:b1:89:48:ed:7c:94:b2:2c:53:77:74:12:60:a3:
         86:1a:38:a7:b6:78:97:83:aa:ba:3d:ec:7a:23:9c:6d:27:a0:
         73:85:0e:92:94:96:20:c1:b6:9e:3b:e6:60:d3:a3:e8:15:14:
         1c:ef:56:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAdK+ymicQieNlLRACeAbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZmJkYmIyMGMyZDk3MDczYzBkZThiN2NhYTc1ZWMxZWVi
MTkxYjgwHhcNMjQwMTAyMDIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQyYzg5MTQwNWJmZmE0Yjg3NzIyZGQyNGNjMzg3NWVjM2IwMDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnW5c5H1uaJ98RJBh1V01kDLKUKrc
NsKCWO6bczeCkK5AHg9Bb1FnBemyhLLHyGQuMJ7E+kkjXkYUFcnMsjy7dOuTDe2W
Px3rNv8kchfVBD8ubqOwFOfIRCxj00WkB6EhcIivfMQe1tQWjIjyfVJCYcg8ZhOf
624fz43xpeeTGRMoei1Tk0t/UBYh1bCaP/v/zLlTS4lnxgAedsz3cG3J7Sw+CmkP
x8ONKlcwlTNvqHdqoaOPFd6dkTPyHkC/+k4HS2SLwoQmzerjaaC5V9MJFw/8fgQr
RsyIgjHuMqXNLd9XC+P4EhLetHNQP5KcbM/m4L/29F0aq7GcYsFFRbzNDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNrSyJFAW/+kuHci3STMOHXsOwA0MB8GA1UdIwQY
MBaAFDP727IMLZcHPA3ot8qnXsHusZG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTV92YnNnd3Rsd2M4RGVpM3lxZGV3ZTZ4a2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8zYTM2MmQtNDE5OC00YjA4LWJiMGEt
ZGJlNDFmYzgzOTllLzEvMnRMSWtVQmJfNlM0ZHlMZEpNdzRkZXc3QURRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8zYTM2MmQtNDE5OC00YjA4LWJiMGEtZGJlNDFmYzgzOTll
LzEvTV92YnNnd3Rsd2M4RGVpM3lxZGV3ZTZ4a2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2alIMA0G
CSqGSIb3DQEBCwUAA4IBAQAwNxK9dvbpg3s49LKBrjLFlO3PEg6dwW5aidLkGRyB
DQTKZk8+Uaw/dqimxki009ctAaqxpYatk6i1cg3TcQ/vKZ1yVL+2+mYLltQUlADv
KfYJAgIBKwYfPeoamW/7pCLrp2VdO9C1WCExwWa1fsSzSkOwQoXHXOciL9bq7A5P
nXeE3zMFToOWpcOZ7jBBU+l5FLZ0Py/BSTGXHgf95fL2HLEANII1X3g6ZcL3IWEY
UHN5wluhx3BW7ZPkBuEjyfbjZ1RwUa56Ap0ysYlI7XyUsixTd3QSYKOGGjintniX
g6q6Pex6I5xtJ6BzhQ6SlJYgwbaeO+Zg06PoFRQc71Yp
-----END CERTIFICATE-----