Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/133a83-8892-4a75-a5a4-5559eb7cc218/1/X8KnFrMZvhtZ4Wnd7sCuYYb-z5U.roa
File:                     X8KnFrMZvhtZ4Wnd7sCuYYb-z5U.roa (raw, json)
Hash identifier:          GNsSYGNSDwNlfyU/HljGk6wnUDcc+id8yWHC280iL+E=
Subject key identifier:   5F:C2:A7:16:B3:19:BE:1B:59:E1:69:DD:EE:C0:AE:61:86:FE:CF:95
Certificate issuer:       /CN=33bf9d6e2ac42a3ad754371137d5d24b2473d265
Certificate serial:       0196B4388EB169FB31D281A08B0B0FD7E367
Authority key identifier: 33:BF:9D:6E:2A:C4:2A:3A:D7:54:37:11:37:D5:D2:4B:24:73:D2:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M7-dbirEKjrXVDcRN9XSSyRz0mU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/133a83-8892-4a75-a5a4-5559eb7cc218/1/X8KnFrMZvhtZ4Wnd7sCuYYb-z5U.roa
Signing time:             Fri 09 May 2025 08:45:27 +0000
ROA not before:           Fri 09 May 2025 08:45:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8423
IP address blocks:        91.213.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/133a83-8892-4a75-a5a4-5559eb7cc218/1/M7-dbirEKjrXVDcRN9XSSyRz0mU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/133a83-8892-4a75-a5a4-5559eb7cc218/1/M7-dbirEKjrXVDcRN9XSSyRz0mU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M7-dbirEKjrXVDcRN9XSSyRz0mU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 17:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b4:38:8e:b1:69:fb:31:d2:81:a0:8b:0b:0f:d7:e3:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33bf9d6e2ac42a3ad754371137d5d24b2473d265
        Validity
            Not Before: May  9 08:45:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fc2a716b319be1b59e169ddeec0ae6186fecf95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:71:fd:73:64:ef:95:07:ab:ee:01:e8:04:14:
                    56:0b:a2:2e:f8:06:e9:eb:7e:65:d0:7e:cb:21:25:
                    33:21:1b:88:99:4e:a6:45:6b:79:78:1e:77:87:8b:
                    b9:e8:6e:0a:29:fe:db:2f:b9:5b:24:32:7a:18:60:
                    8e:59:e2:8e:38:3f:2a:88:ec:9e:95:1e:14:7a:13:
                    cc:a2:15:72:bf:9d:75:a3:1f:6a:c2:8f:4d:15:88:
                    97:95:b7:09:dc:03:d5:80:9f:55:0e:f8:0c:a5:9d:
                    ec:f1:60:d5:ee:62:e2:99:88:f2:d6:f3:08:fb:f3:
                    6b:8d:ea:65:3a:12:91:f9:17:d1:2f:0d:68:b2:95:
                    0d:f0:cc:11:33:75:a4:7a:0f:8c:76:b0:9e:d0:24:
                    3a:15:03:f9:d1:02:e4:1d:2e:d8:c5:73:d1:5f:4f:
                    a7:e1:30:34:2a:5f:b1:89:3d:2b:db:8c:3b:53:66:
                    81:c7:3e:22:88:b4:0f:d6:5c:6e:f2:fc:6a:11:fe:
                    93:88:8b:0f:26:63:99:72:91:29:0d:17:d6:3e:e4:
                    62:be:f0:70:0f:d1:6e:93:0d:76:59:eb:fb:d2:66:
                    a4:8a:5e:b2:d0:1b:55:ff:bd:11:ce:c4:96:de:de:
                    94:4f:1c:76:a5:1f:28:9a:79:17:b7:57:54:19:8e:
                    d2:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C2:A7:16:B3:19:BE:1B:59:E1:69:DD:EE:C0:AE:61:86:FE:CF:95
            X509v3 Authority Key Identifier:
                keyid:33:BF:9D:6E:2A:C4:2A:3A:D7:54:37:11:37:D5:D2:4B:24:73:D2:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7-dbirEKjrXVDcRN9XSSyRz0mU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/133a83-8892-4a75-a5a4-5559eb7cc218/1/X8KnFrMZvhtZ4Wnd7sCuYYb-z5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/133a83-8892-4a75-a5a4-5559eb7cc218/1/M7-dbirEKjrXVDcRN9XSSyRz0mU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:bf:f0:37:bc:52:2f:01:9e:00:db:37:c7:82:c5:ef:f7:fa:
         8f:69:07:27:4e:f3:25:2f:7d:d4:16:d2:7d:d9:4d:0c:92:2c:
         fd:7a:48:14:23:ec:f2:37:ef:b9:f4:04:de:0d:36:87:09:4b:
         e6:90:4b:4c:94:b1:67:64:80:c6:01:8c:91:e2:44:c7:27:cc:
         23:9c:ba:0e:78:87:23:dc:4b:78:d5:0c:84:62:7a:06:64:d2:
         4c:63:f5:8e:ef:5c:c3:ed:05:6b:aa:50:05:4c:e5:fa:93:70:
         30:48:1b:19:88:cb:be:da:5d:14:37:6c:7a:7b:4c:a8:7c:7c:
         39:25:74:84:c9:b6:f7:be:d9:23:0d:14:06:9d:ed:f8:c9:74:
         2f:a7:fc:9c:69:c7:0d:90:32:9a:8b:d0:06:a7:77:71:a2:bc:
         af:d3:b6:cc:d3:8c:05:46:4f:2d:b5:77:34:a4:93:f0:03:d1:
         6a:b7:0e:09:9c:1d:8a:3e:7f:50:d3:74:df:e5:cc:5b:60:36:
         ae:e2:b5:ff:90:42:33:a4:b7:c6:d2:28:74:14:60:cc:c5:cf:
         44:c5:76:b6:52:78:8f:e7:7e:9c:b2:e5:77:ef:58:71:bd:d1:
         ad:63:52:c6:5a:1d:cf:16:1a:c1:0d:d6:95:f2:45:4c:5a:d0:
         df:53:ee:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa0OI6xafsx0oGgiwsP1+NnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYmY5ZDZlMmFjNDJhM2FkNzU0MzcxMTM3ZDVkMjRiMjQ3
M2QyNjUwHhcNMjUwNTA5MDg0NTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmMyYTcxNmIzMTliZTFiNTllMTY5ZGRlZWMwYWU2MTg2ZmVjZjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HH9c2TvlQer7gHoBBRWC6Iu+Abp
635l0H7LISUzIRuImU6mRWt5eB53h4u56G4KKf7bL7lbJDJ6GGCOWeKOOD8qiOye
lR4UehPMohVyv511ox9qwo9NFYiXlbcJ3APVgJ9VDvgMpZ3s8WDV7mLimYjy1vMI
+/NrjeplOhKR+RfRLw1ospUN8MwRM3Wkeg+MdrCe0CQ6FQP50QLkHS7YxXPRX0+n
4TA0Kl+xiT0r24w7U2aBxz4iiLQP1lxu8vxqEf6TiIsPJmOZcpEpDRfWPuRivvBw
D9Fukw12Wev70makil6y0BtV/70RzsSW3t6UTxx2pR8omnkXt1dUGY7SEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF/CpxazGb4bWeFp3e7ArmGG/s+VMB8GA1UdIwQY
MBaAFDO/nW4qxCo611Q3ETfV0kskc9JlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTctZGJpckVLanJYVkRjUk45WFNTeVJ6MG1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8xMzNhODMtODg5Mi00YTc1LWE1YTQt
NTU1OWViN2NjMjE4LzEvWDhLbkZyTVp2aHRaNFduZDdzQ3VZWWItejVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8xMzNhODMtODg5Mi00YTc1LWE1YTQtNTU1OWViN2NjMjE4
LzEvTTctZGJpckVLanJYVkRjUk45WFNTeVJ6MG1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UQMA0G
CSqGSIb3DQEBCwUAA4IBAQBRv/A3vFIvAZ4A2zfHgsXv9/qPaQcnTvMlL33UFtJ9
2U0Mkiz9ekgUI+zyN++59ATeDTaHCUvmkEtMlLFnZIDGAYyR4kTHJ8wjnLoOeIcj
3Et41QyEYnoGZNJMY/WO71zD7QVrqlAFTOX6k3AwSBsZiMu+2l0UN2x6e0yofHw5
JXSEybb3vtkjDRQGne34yXQvp/ycaccNkDKai9AGp3dxoryv07bM04wFRk8ttXc0
pJPwA9Fqtw4JnB2KPn9Q03Tf5cxbYDau4rX/kEIzpLfG0ih0FGDMxc9ExXa2UniP
536csuV371hxvdGtY1LGWh3PFhrBDdaV8kVMWtDfU+4q
-----END CERTIFICATE-----