Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/I9UcyFkxclyQfZHhVQikKNPSVgY.roa
File:                     I9UcyFkxclyQfZHhVQikKNPSVgY.roa (raw, json)
Hash identifier:          xTi80oKD/t5UjogmPH/rk43vPfKlVZ63gwaMGRnVoxM=
Subject key identifier:   23:D5:1C:C8:59:31:72:5C:90:7D:91:E1:55:08:A4:28:D3:D2:56:06
Certificate issuer:       /CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
Certificate serial:       019423696A3A45A4870604AFC58BDBCD413F
Authority key identifier: 80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/I9UcyFkxclyQfZHhVQikKNPSVgY.roa
Signing time:             Wed 01 Jan 2025 19:48:18 +0000
ROA not before:           Wed 01 Jan 2025 19:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136184
IP address blocks:        185.228.92.0/22 maxlen: 22
                          185.228.92.0/24 maxlen: 24
                          185.228.93.0/24 maxlen: 24
                          185.228.94.0/24 maxlen: 24
                          185.228.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:6a:3a:45:a4:87:06:04:af:c5:8b:db:cd:41:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80d608a14118b1a8dcddebbb40f96ecd48f85c71
        Validity
            Not Before: Jan  1 19:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23d51cc85931725c907d91e15508a428d3d25606
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:bc:23:ac:b4:46:90:1f:75:11:3c:4e:0a:d7:
                    7c:1f:ea:a8:a4:bd:79:80:e4:0c:44:ff:e2:5b:ed:
                    f3:1f:c2:fd:29:67:05:68:67:9e:3a:a6:3c:7d:63:
                    b5:d1:68:d8:67:2b:27:85:c3:33:f4:a4:4c:c0:bb:
                    32:87:2d:37:f5:04:5c:b0:7d:02:59:3d:99:90:55:
                    78:81:24:1f:22:16:8f:88:a3:fb:14:61:6d:e2:96:
                    bb:5f:65:34:f4:d5:33:da:32:49:00:50:cb:d0:49:
                    7c:cd:c5:21:d8:ff:85:23:db:95:d7:c5:58:6f:37:
                    b2:06:53:6e:18:1a:32:4d:ce:fa:31:17:21:79:dc:
                    9e:0b:dd:16:0b:16:4f:af:e9:98:fd:f0:03:d9:b4:
                    db:3e:ef:68:66:e0:92:e0:4f:e9:61:4f:1c:9b:52:
                    b8:e3:db:cd:29:5c:e6:5a:b2:b1:26:46:b7:2c:70:
                    6f:78:08:1a:ea:0a:55:74:8d:46:e1:e7:4c:11:45:
                    00:e7:81:ad:1e:56:2a:12:84:1d:4b:fa:4b:59:d9:
                    9a:8c:10:e8:21:54:a8:a5:ed:df:9b:aa:5a:dc:2b:
                    64:48:8f:04:ae:c0:16:2e:3a:98:d1:14:84:6f:c2:
                    b4:de:17:78:6a:b8:b3:07:6d:df:76:36:4c:97:a1:
                    ab:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:D5:1C:C8:59:31:72:5C:90:7D:91:E1:55:08:A4:28:D3:D2:56:06
            X509v3 Authority Key Identifier:
                keyid:80:D6:08:A1:41:18:B1:A8:DC:DD:EB:BB:40:F9:6E:CD:48:F8:5C:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gNYIoUEYsajc3eu7QPluzUj4XHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/I9UcyFkxclyQfZHhVQikKNPSVgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/012130-8103-4c25-93ba-9928dd3f2f82/1/gNYIoUEYsajc3eu7QPluzUj4XHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.228.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:d8:8b:b7:d3:de:df:56:6b:b0:c1:5e:d8:c1:dd:ca:9a:95:
         3c:3a:aa:c8:98:1c:49:28:4e:83:7b:c3:b0:00:a0:c4:6d:9c:
         1f:e3:ce:3e:be:4a:cd:06:16:d4:d4:e2:d0:be:99:8d:57:78:
         4b:c8:92:31:1c:42:e5:64:8b:a4:a8:c2:43:ce:b9:64:90:69:
         bf:2d:18:a4:cc:05:e1:e3:14:a0:6c:f8:84:98:6e:61:2e:50:
         e2:d4:c9:c9:c9:14:6d:83:3c:7f:35:3a:d2:9b:5a:37:af:03:
         51:99:f6:53:1d:79:6d:9a:bf:9c:5f:3d:c9:f7:58:1c:1a:19:
         bc:39:9c:16:e2:47:ba:11:90:28:50:5e:f3:2e:ee:45:c8:ce:
         10:37:83:c6:32:e0:d5:bb:4c:e4:88:dd:77:86:29:a1:d6:1e:
         d0:35:29:e3:0e:ee:6f:8f:32:23:1b:38:d3:9b:76:d2:4c:b9:
         8a:bf:57:53:cb:85:e2:e3:be:38:5a:bc:92:4a:11:31:b9:95:
         83:cf:e4:2a:e3:77:8f:20:70:02:13:0c:4d:5f:82:39:d6:0c:
         59:c0:b7:bf:a7:39:1b:b2:9f:31:b6:36:99:d5:b1:42:2b:e0:
         da:55:d4:bf:f3:af:a4:8c:bb:c6:98:0e:aa:9d:cc:57:68:47:
         4f:06:95:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaWo6RaSHBgSvxYvbzUE/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZDYwOGExNDExOGIxYThkY2RkZWJiYjQwZjk2ZWNkNDhm
ODVjNzEwHhcNMjUwMTAxMTk0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2Q1MWNjODU5MzE3MjVjOTA3ZDkxZTE1NTA4YTQyOGQzZDI1NjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7wjrLRGkB91ETxOCtd8H+qopL15
gOQMRP/iW+3zH8L9KWcFaGeeOqY8fWO10WjYZysnhcMz9KRMwLsyhy039QRcsH0C
WT2ZkFV4gSQfIhaPiKP7FGFt4pa7X2U09NUz2jJJAFDL0El8zcUh2P+FI9uV18VY
bzeyBlNuGBoyTc76MRchedyeC90WCxZPr+mY/fAD2bTbPu9oZuCS4E/pYU8cm1K4
49vNKVzmWrKxJka3LHBveAga6gpVdI1G4edMEUUA54GtHlYqEoQdS/pLWdmajBDo
IVSope3fm6pa3CtkSI8ErsAWLjqY0RSEb8K03hd4arizB23fdjZMl6GrXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCPVHMhZMXJckH2R4VUIpCjT0lYGMB8GA1UdIwQY
MBaAFIDWCKFBGLGo3N3ru0D5bs1I+FxxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEt
OTkyOGRkM2YyZjgyLzEvSTlVY3lGa3hjbHlRZlpIaFZRaWtLTlBTVmdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8wMTIxMzAtODEwMy00YzI1LTkzYmEtOTkyOGRkM2YyZjgy
LzEvZ05ZSW9VRVlzYWpjM2V1N1FQbHV6VWo0WEhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueRcMA0G
CSqGSIb3DQEBCwUAA4IBAQB22Iu3097fVmuwwV7Ywd3KmpU8OqrImBxJKE6De8Ow
AKDEbZwf484+vkrNBhbU1OLQvpmNV3hLyJIxHELlZIukqMJDzrlkkGm/LRikzAXh
4xSgbPiEmG5hLlDi1MnJyRRtgzx/NTrSm1o3rwNRmfZTHXltmr+cXz3J91gcGhm8
OZwW4ke6EZAoUF7zLu5FyM4QN4PGMuDVu0zkiN13himh1h7QNSnjDu5vjzIjGzjT
m3bSTLmKv1dTy4Xi4744WrySShExuZWDz+Qq43ePIHACEwxNX4I51gxZwLe/pzkb
sp8xtjaZ1bFCK+DaVdS/86+kjLvGmA6qncxXaEdPBpUk
-----END CERTIFICATE-----