Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/WTNBF_DUhiABbLvBm0Q2E8ST0t4.roa
File:                     WTNBF_DUhiABbLvBm0Q2E8ST0t4.roa (raw, json)
Hash identifier:          vnL+M30OJkCVhlLMKx87A1VJIfeesUcrQ6F9e1Y6wIo=
Subject key identifier:   59:33:41:17:F0:D4:86:20:01:6C:BB:C1:9B:44:36:13:C4:93:D2:DE
Certificate issuer:       /CN=22373571c90249bf2aa948e78bed13e08528b87e
Certificate serial:       01942143C33A312DAFE9A72E000B9C077FC4
Authority key identifier: 22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/WTNBF_DUhiABbLvBm0Q2E8ST0t4.roa
Signing time:             Wed 01 Jan 2025 09:47:56 +0000
ROA not before:           Wed 01 Jan 2025 09:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35043
IP address blocks:        5.160.248.0/22 maxlen: 22
                          5.160.252.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c3:3a:31:2d:af:e9:a7:2e:00:0b:9c:07:7f:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22373571c90249bf2aa948e78bed13e08528b87e
        Validity
            Not Before: Jan  1 09:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=59334117f0d48620016cbbc19b443613c493d2de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c2:3d:5d:67:3c:6b:c9:a3:8d:6b:1f:ed:1b:
                    a0:1e:d2:6c:4e:57:6d:56:6a:93:c7:4c:ee:4c:67:
                    b1:42:18:18:af:96:97:6f:86:45:f6:bf:fc:3f:a7:
                    49:04:34:cf:c3:24:3a:00:64:63:a5:e9:45:27:89:
                    98:a4:b9:7b:33:fa:53:e8:f0:8b:7a:00:ed:4b:1e:
                    f5:82:39:76:a8:0b:18:e8:9f:28:bc:67:e4:fe:2a:
                    41:57:56:8a:31:e1:a3:4b:5b:6b:db:71:f9:30:36:
                    4f:b8:5f:be:cf:c4:b2:0a:d6:f0:c0:21:16:fe:1f:
                    21:a7:5d:a7:fa:e9:ae:d6:81:00:45:32:fe:3e:f4:
                    dc:c2:7f:39:7d:0e:cd:f3:11:98:be:4a:ad:8e:2f:
                    18:92:6c:8d:02:b8:8f:2f:03:c4:d9:9d:79:29:c2:
                    44:eb:98:bf:be:2d:be:d6:ed:23:8a:68:59:d2:c0:
                    cc:76:93:1c:87:51:22:91:04:76:1e:cd:33:28:9b:
                    5e:eb:00:68:6c:70:c7:2a:c8:e1:b8:50:7b:00:52:
                    0f:4f:ed:8f:08:30:0d:72:59:b2:1c:26:07:c7:17:
                    06:7f:f5:dd:60:a3:71:d0:11:98:3a:ec:fc:b3:ba:
                    69:28:64:c2:86:5c:9a:e1:af:1d:3a:66:97:85:54:
                    e0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:33:41:17:F0:D4:86:20:01:6C:BB:C1:9B:44:36:13:C4:93:D2:DE
            X509v3 Authority Key Identifier:
                keyid:22:37:35:71:C9:02:49:BF:2A:A9:48:E7:8B:ED:13:E0:85:28:B8:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ijc1cckCSb8qqUjni-0T4IUouH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/WTNBF_DUhiABbLvBm0Q2E8ST0t4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/866e5e-831e-4cb1-bd51-b4540c74c94b/1/Ijc1cckCSb8qqUjni-0T4IUouH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.160.248.0/21

    Signature Algorithm: sha256WithRSAEncryption
         72:f8:2f:f1:08:66:ce:4f:79:bd:82:ee:24:ca:5c:ba:8c:0f:
         65:52:2c:e2:73:06:0b:d0:07:55:92:be:09:b1:89:0d:32:e8:
         b0:ab:7a:b3:9f:b8:02:f4:21:d7:98:63:0f:1e:0b:3a:d4:8e:
         e7:6e:c2:89:13:5c:14:ce:92:93:bf:8e:5e:70:e5:7e:26:06:
         00:f2:07:bb:65:47:e3:50:f1:ad:b1:62:93:c0:29:6d:34:49:
         3f:ad:8f:fd:1d:1e:f0:86:b9:a3:4d:1b:fb:f4:48:66:3c:4c:
         7d:1b:5c:ab:44:56:22:ea:a6:35:6a:f8:34:f0:6c:f7:b5:2e:
         f6:bd:66:3d:fb:b2:9f:79:2f:3a:d5:7e:9b:47:46:63:e5:00:
         0c:4b:b8:10:d1:43:4f:2e:5d:82:03:29:f2:49:93:61:cb:cb:
         24:ed:e1:80:4f:83:53:08:bb:32:fc:b8:d6:8e:52:41:2f:d5:
         64:7e:a8:f8:74:a0:32:37:3b:17:91:1b:ff:d9:03:a8:f8:2c:
         22:da:49:01:c7:05:7a:89:70:c0:82:cc:3f:24:42:78:be:23:
         de:c1:42:2c:5d:af:35:0e:2d:ee:9e:ac:e5:c8:e9:a1:28:ca:
         40:59:0f:97:d0:a4:8e:57:e3:16:b2:a6:7e:0c:54:8e:bb:94:
         ab:81:27:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8M6MS2v6acuAAucB3/EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMzczNTcxYzkwMjQ5YmYyYWE5NDhlNzhiZWQxM2UwODUy
OGI4N2UwHhcNMjUwMTAxMDk0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTMzNDExN2YwZDQ4NjIwMDE2Y2JiYzE5YjQ0MzYxM2M0OTNkMmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAosI9XWc8a8mjjWsf7RugHtJsTldt
VmqTx0zuTGexQhgYr5aXb4ZF9r/8P6dJBDTPwyQ6AGRjpelFJ4mYpLl7M/pT6PCL
egDtSx71gjl2qAsY6J8ovGfk/ipBV1aKMeGjS1tr23H5MDZPuF++z8SyCtbwwCEW
/h8hp12n+umu1oEARTL+PvTcwn85fQ7N8xGYvkqtji8YkmyNAriPLwPE2Z15KcJE
65i/vi2+1u0jimhZ0sDMdpMch1EikQR2Hs0zKJte6wBobHDHKsjhuFB7AFIPT+2P
CDANclmyHCYHxxcGf/XdYKNx0BGYOuz8s7ppKGTChlya4a8dOmaXhVTgqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFkzQRfw1IYgAWy7wZtENhPEk9LeMB8GA1UdIwQY
MBaAFCI3NXHJAkm/KqlI54vtE+CFKLh+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEt
YjQ1NDBjNzRjOTRiLzEvV1ROQkZfRFVoaUFCYkx2Qm0wUTJFOFNUMHQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84NjZlNWUtODMxZS00Y2IxLWJkNTEtYjQ1NDBjNzRjOTRi
LzEvSWpjMWNja0NTYjhxcVVqbmktMFQ0SVVvdUg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDBaD4MA0G
CSqGSIb3DQEBCwUAA4IBAQBy+C/xCGbOT3m9gu4kyly6jA9lUizicwYL0AdVkr4J
sYkNMuiwq3qzn7gC9CHXmGMPHgs61I7nbsKJE1wUzpKTv45ecOV+JgYA8ge7ZUfj
UPGtsWKTwCltNEk/rY/9HR7whrmjTRv79EhmPEx9G1yrRFYi6qY1avg08Gz3tS72
vWY9+7KfeS861X6bR0Zj5QAMS7gQ0UNPLl2CAynySZNhy8sk7eGAT4NTCLsy/LjW
jlJBL9Vkfqj4dKAyNzsXkRv/2QOo+Cwi2kkBxwV6iXDAgsw/JEJ4viPewUIsXa81
Di3unqzlyOmhKMpAWQ+X0KSOV+MWsqZ+DFSOu5SrgSfm
-----END CERTIFICATE-----