Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/2HCBJIX5AwlQw5itkpbxu-ijjmk.roa
File:                     2HCBJIX5AwlQw5itkpbxu-ijjmk.roa (raw, json)
Hash identifier:          PvO3JA7EOrGZaCXFQBX1/p9bbO95IhgeMuSkTUD055k=
Subject key identifier:   D8:70:81:24:85:F9:03:09:50:C3:98:AD:92:96:F1:BB:E8:A3:8E:69
Certificate issuer:       /CN=133f456d2b82cc6d80b7b1ac571b4787f1569b60
Certificate serial:       019420680228D618AEB6504731C4E61318A5
Authority key identifier: 13:3F:45:6D:2B:82:CC:6D:80:B7:B1:AC:57:1B:47:87:F1:56:9B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ez9FbSuCzG2At7GsVxtHh_FWm2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/2HCBJIX5AwlQw5itkpbxu-ijjmk.roa
Signing time:             Wed 01 Jan 2025 05:47:54 +0000
ROA not before:           Wed 01 Jan 2025 05:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210585
IP address blocks:        185.23.208.0/24 maxlen: 24
                          185.23.209.0/24 maxlen: 24
                          185.23.210.0/24 maxlen: 24
                          185.23.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/Ez9FbSuCzG2At7GsVxtHh_FWm2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/Ez9FbSuCzG2At7GsVxtHh_FWm2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ez9FbSuCzG2At7GsVxtHh_FWm2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:02:28:d6:18:ae:b6:50:47:31:c4:e6:13:18:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=133f456d2b82cc6d80b7b1ac571b4787f1569b60
        Validity
            Not Before: Jan  1 05:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d870812485f9030950c398ad9296f1bbe8a38e69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:7d:cf:d5:29:56:d2:b5:2d:1b:41:9c:0b:98:
                    51:b3:a7:a3:ac:9b:01:10:ae:8d:42:96:e9:0d:ce:
                    74:62:da:21:10:07:a3:31:6e:d0:28:f4:40:08:5b:
                    e4:71:eb:12:d4:09:93:69:9b:17:5d:f4:07:bd:fd:
                    84:52:5e:6a:c1:d9:18:bf:9f:69:e0:12:39:58:9d:
                    9c:1d:b8:25:5c:a3:d7:d5:fe:72:c9:77:87:49:5c:
                    de:31:56:22:1f:16:2c:f6:be:7e:73:68:2a:de:2f:
                    59:c3:bf:8b:c1:d6:24:6d:d5:c2:c5:1f:8c:01:26:
                    24:95:5d:21:fc:52:30:f3:c6:32:cf:02:5f:c2:db:
                    77:f1:e9:a9:d3:b9:cb:87:92:7e:1e:d2:1b:c8:d2:
                    1a:9f:10:a9:30:e1:1b:0f:1d:e6:44:61:3b:d1:30:
                    28:49:b8:2e:24:0d:0e:62:be:33:5a:1c:79:6f:63:
                    51:96:a0:ee:78:4c:97:78:2a:25:f9:ff:95:e5:ee:
                    10:b2:6a:87:e6:97:68:21:15:89:58:df:5d:3f:13:
                    a1:08:93:b2:42:31:78:2d:95:c0:e3:c7:d2:a8:63:
                    ff:a8:ac:44:ae:b1:ae:24:2f:61:ee:9a:c9:25:22:
                    88:f1:8e:34:bd:73:d0:5a:48:cf:35:84:fb:01:48:
                    ac:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:70:81:24:85:F9:03:09:50:C3:98:AD:92:96:F1:BB:E8:A3:8E:69
            X509v3 Authority Key Identifier:
                keyid:13:3F:45:6D:2B:82:CC:6D:80:B7:B1:AC:57:1B:47:87:F1:56:9B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ez9FbSuCzG2At7GsVxtHh_FWm2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/2HCBJIX5AwlQw5itkpbxu-ijjmk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/Ez9FbSuCzG2At7GsVxtHh_FWm2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:8a:49:94:70:a2:4b:f5:c1:07:40:c5:26:51:d4:c4:05:f6:
         10:08:fe:54:fc:be:d6:d4:ec:db:a1:af:5b:6c:ba:a4:ea:28:
         dd:e5:77:e9:02:87:7f:59:63:cf:10:54:4c:b0:49:e6:24:af:
         11:52:26:e5:f1:87:4b:2e:5b:4a:48:c9:20:c9:46:12:6c:ac:
         14:17:91:fa:1d:84:42:13:97:51:fa:63:ac:66:13:9a:d5:17:
         61:2d:63:de:a2:ba:bf:37:17:c9:67:6b:86:8b:48:3c:dd:46:
         f8:bc:0e:13:26:07:5b:fc:15:5c:ab:43:e1:fb:d8:1a:99:b6:
         d9:4c:6a:2b:bf:c0:e3:2d:79:53:1e:53:83:5f:ad:1f:82:7e:
         ca:f2:c7:cf:50:bd:93:18:c4:5d:ce:09:79:ad:9b:73:45:16:
         ec:ce:c6:65:fb:c0:e0:1f:48:73:fe:e2:8c:31:13:99:55:bf:
         99:eb:a1:83:de:31:2c:7c:8c:25:ac:bf:c9:19:96:60:22:ec:
         d6:f8:fa:a3:c8:81:f0:7b:13:1c:0d:b6:73:da:a7:84:82:eb:
         66:9f:08:0a:21:c8:12:5c:41:68:f4:c6:87:76:8a:05:4e:81:
         ee:19:56:9a:c5:d3:bb:20:71:7d:53:17:a0:08:4a:28:be:73:
         d9:cb:9f:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaAIo1hiutlBHMcTmExilMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzM2Y0NTZkMmI4MmNjNmQ4MGI3YjFhYzU3MWI0Nzg3ZjE1
NjliNjAwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODcwODEyNDg1ZjkwMzA5NTBjMzk4YWQ5Mjk2ZjFiYmU4YTM4ZTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkX3P1SlW0rUtG0GcC5hRs6ejrJsB
EK6NQpbpDc50YtohEAejMW7QKPRACFvkcesS1AmTaZsXXfQHvf2EUl5qwdkYv59p
4BI5WJ2cHbglXKPX1f5yyXeHSVzeMVYiHxYs9r5+c2gq3i9Zw7+LwdYkbdXCxR+M
ASYklV0h/FIw88YyzwJfwtt38emp07nLh5J+HtIbyNIanxCpMOEbDx3mRGE70TAo
SbguJA0OYr4zWhx5b2NRlqDueEyXeCol+f+V5e4QsmqH5pdoIRWJWN9dPxOhCJOy
QjF4LZXA48fSqGP/qKxErrGuJC9h7prJJSKI8Y40vXPQWkjPNYT7AUisfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhwgSSF+QMJUMOYrZKW8bvoo45pMB8GA1UdIwQY
MBaAFBM/RW0rgsxtgLexrFcbR4fxVptgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXo5RmJTdUN6RzJBdDdHc1Z4dEhoX0ZXbTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kMDAyMTAtZDY4NS00OGIyLThlNTMt
YmIyZmRjYTc4MjQ1LzEvMkhDQkpJWDVBd2xRdzVpdGtwYnh1LWlqam1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kMDAyMTAtZDY4NS00OGIyLThlNTMtYmIyZmRjYTc4MjQ1
LzEvRXo5RmJTdUN6RzJBdDdHc1Z4dEhoX0ZXbTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRfQMA0G
CSqGSIb3DQEBCwUAA4IBAQAjikmUcKJL9cEHQMUmUdTEBfYQCP5U/L7W1Ozboa9b
bLqk6ijd5XfpAod/WWPPEFRMsEnmJK8RUibl8YdLLltKSMkgyUYSbKwUF5H6HYRC
E5dR+mOsZhOa1RdhLWPeorq/NxfJZ2uGi0g83Ub4vA4TJgdb/BVcq0Ph+9gambbZ
TGorv8DjLXlTHlODX60fgn7K8sfPUL2TGMRdzgl5rZtzRRbszsZl+8DgH0hz/uKM
MROZVb+Z66GD3jEsfIwlrL/JGZZgIuzW+PqjyIHwexMcDbZz2qeEgutmnwgKIcgS
XEFo9MaHdooFToHuGVaaxdO7IHF9UxegCEoovnPZy5+7
-----END CERTIFICATE-----