Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/W_kf1ISiCNVsK5ZTz_suRTiHZI4.roa
File:                     W_kf1ISiCNVsK5ZTz_suRTiHZI4.roa (raw, json)
Hash identifier:          R9gK3O1iHUJDOb79VekQFRepgZVb1egRuMNJ3bXVKic=
Subject key identifier:   5B:F9:1F:D4:84:A2:08:D5:6C:2B:96:53:CF:FB:2E:45:38:87:64:8E
Certificate issuer:       /CN=33fbdbb20c2d97073c0de8b7caa75ec1eeb191b8
Certificate serial:       019423D731BBB6C475980A2F3A61B37EB810
Authority key identifier: 33:FB:DB:B2:0C:2D:97:07:3C:0D:E8:B7:CA:A7:5E:C1:EE:B1:91:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/W_kf1ISiCNVsK5ZTz_suRTiHZI4.roa
Signing time:             Wed 01 Jan 2025 21:48:13 +0000
ROA not before:           Wed 01 Jan 2025 21:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        217.169.72.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:31:bb:b6:c4:75:98:0a:2f:3a:61:b3:7e:b8:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33fbdbb20c2d97073c0de8b7caa75ec1eeb191b8
        Validity
            Not Before: Jan  1 21:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5bf91fd484a208d56c2b9653cffb2e453887648e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b0:87:c3:17:b9:8c:b1:45:7e:59:c4:e7:15:
                    06:f6:15:ee:f4:15:98:76:05:b7:be:ed:dd:02:05:
                    fd:8a:7a:57:52:ff:d4:39:c8:57:98:45:16:ab:98:
                    0c:a5:b3:8e:68:af:2c:6d:2b:3f:a3:f1:18:71:de:
                    a2:4a:48:22:74:5d:1a:7a:a9:5f:ed:9d:21:e9:b6:
                    8b:f5:ca:c5:50:01:72:33:8c:0c:12:32:69:1a:57:
                    4f:8b:6e:75:5f:1e:dd:16:6b:84:72:c2:00:9f:92:
                    2c:85:e8:b0:60:b5:24:34:a4:7c:89:fc:84:4b:df:
                    62:b2:46:a3:b6:0f:a0:09:80:a4:5a:23:3c:b3:49:
                    71:90:e8:33:ac:01:ed:17:2e:37:a0:5a:3e:43:13:
                    fc:cb:d5:3b:51:a5:4e:c1:17:a2:7d:32:ea:3a:af:
                    f9:0a:c7:42:59:b3:3a:50:e0:2c:e6:cf:36:8d:2a:
                    fd:2d:fa:5b:00:b3:b7:b1:22:7f:3d:a1:a4:32:54:
                    a8:70:e0:70:f3:07:5b:c1:e7:a6:01:96:92:85:dc:
                    18:e2:02:48:7a:20:14:d2:3f:67:76:f4:a8:f2:ff:
                    90:12:46:70:78:3b:14:40:04:7c:ef:8d:85:48:91:
                    24:d6:fe:51:95:7d:85:88:b9:6f:65:63:b3:25:14:
                    87:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:F9:1F:D4:84:A2:08:D5:6C:2B:96:53:CF:FB:2E:45:38:87:64:8E
            X509v3 Authority Key Identifier:
                keyid:33:FB:DB:B2:0C:2D:97:07:3C:0D:E8:B7:CA:A7:5E:C1:EE:B1:91:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M_vbsgwtlwc8Dei3yqdewe6xkbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/W_kf1ISiCNVsK5ZTz_suRTiHZI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/3a362d-4198-4b08-bb0a-dbe41fc8399e/1/M_vbsgwtlwc8Dei3yqdewe6xkbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.169.72.0/21

    Signature Algorithm: sha256WithRSAEncryption
         18:af:2d:b1:85:4e:51:0a:f0:1c:69:cf:d2:4b:5e:25:81:c6:
         6f:bc:f5:98:90:d5:39:75:24:bb:51:33:69:b1:f8:2b:73:54:
         2e:32:c8:cd:38:82:13:70:1b:ae:92:91:19:5d:53:ca:cf:22:
         42:d0:59:1d:2c:4c:43:2e:01:98:f3:14:91:51:1e:c2:f5:dc:
         3f:5a:0d:8e:7a:24:10:6c:03:39:0d:4f:7e:25:3e:91:4c:3c:
         e9:a3:5d:e3:26:f9:c7:1a:16:79:fa:70:e7:d6:14:e1:00:75:
         7b:fc:64:47:ec:ad:d5:6d:be:96:b0:69:31:75:f1:23:ba:5d:
         f6:81:64:32:71:29:d3:ea:74:78:15:7a:38:06:b5:0b:ff:f7:
         9a:1b:8f:4e:00:15:a4:60:11:ac:3f:a2:fa:09:9e:f0:52:3a:
         1c:29:61:5c:68:18:4e:2c:6f:37:29:11:47:e3:51:fd:5e:bb:
         e2:ee:56:32:0d:78:d8:16:a8:f8:a2:28:d4:6d:f6:ac:26:d1:
         48:4c:46:b5:b7:6a:39:79:7a:18:d4:cb:8c:45:69:c6:39:6f:
         85:95:5a:b8:56:d5:bf:f1:80:c6:88:8b:a0:76:6c:e8:9c:40:
         9e:ca:3c:b7:44:61:21:7a:fb:6b:77:af:0d:87:79:17:cf:8d:
         ac:bb:46:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zG7tsR1mAovOmGzfrgQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzZmJkYmIyMGMyZDk3MDczYzBkZThiN2NhYTc1ZWMxZWVi
MTkxYjgwHhcNMjUwMTAxMjE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YmY5MWZkNDg0YTIwOGQ1NmMyYjk2NTNjZmZiMmU0NTM4ODc2NDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbCHwxe5jLFFflnE5xUG9hXu9BWY
dgW3vu3dAgX9inpXUv/UOchXmEUWq5gMpbOOaK8sbSs/o/EYcd6iSkgidF0aeqlf
7Z0h6baL9crFUAFyM4wMEjJpGldPi251Xx7dFmuEcsIAn5IsheiwYLUkNKR8ifyE
S99iskajtg+gCYCkWiM8s0lxkOgzrAHtFy43oFo+QxP8y9U7UaVOwReifTLqOq/5
CsdCWbM6UOAs5s82jSr9LfpbALO3sSJ/PaGkMlSocOBw8wdbweemAZaShdwY4gJI
eiAU0j9ndvSo8v+QEkZweDsUQAR8742FSJEk1v5RlX2FiLlvZWOzJRSHjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFv5H9SEogjVbCuWU8/7LkU4h2SOMB8GA1UdIwQY
MBaAFDP727IMLZcHPA3ot8qnXsHusZG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTV92YnNnd3Rsd2M4RGVpM3lxZGV3ZTZ4a2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8zYTM2MmQtNDE5OC00YjA4LWJiMGEt
ZGJlNDFmYzgzOTllLzEvV19rZjFJU2lDTlZzSzVaVHpfc3VSVGlIWkk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8zYTM2MmQtNDE5OC00YjA4LWJiMGEtZGJlNDFmYzgzOTll
LzEvTV92YnNnd3Rsd2M4RGVpM3lxZGV3ZTZ4a2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2alIMA0G
CSqGSIb3DQEBCwUAA4IBAQAYry2xhU5RCvAcac/SS14lgcZvvPWYkNU5dSS7UTNp
sfgrc1QuMsjNOIITcBuukpEZXVPKzyJC0FkdLExDLgGY8xSRUR7C9dw/Wg2OeiQQ
bAM5DU9+JT6RTDzpo13jJvnHGhZ5+nDn1hThAHV7/GRH7K3Vbb6WsGkxdfEjul32
gWQycSnT6nR4FXo4BrUL//eaG49OABWkYBGsP6L6CZ7wUjocKWFcaBhOLG83KRFH
41H9Xrvi7lYyDXjYFqj4oijUbfasJtFITEa1t2o5eXoY1MuMRWnGOW+FlVq4VtW/
8YDGiIugdmzonECeyjy3RGEhevtrd68Nh3kXz42su0ab
-----END CERTIFICATE-----