Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/BxuNK2XBHdo88OQyiW_5v_yfc5A.roa
File:                     BxuNK2XBHdo88OQyiW_5v_yfc5A.roa (raw, json)
Hash identifier:          MFlUpzcLU82WlS9U/NlO4CgGrVyG4i0P38/lEf9NP58=
Subject key identifier:   07:1B:8D:2B:65:C1:1D:DA:3C:F0:E4:32:89:6F:F9:BF:FC:9F:73:90
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       0194244548338581BD543E1F6206F1270846
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/BxuNK2XBHdo88OQyiW_5v_yfc5A.roa
Signing time:             Wed 01 Jan 2025 23:48:27 +0000
ROA not before:           Wed 01 Jan 2025 23:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209709
IP address blocks:        185.210.204.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 01:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:48:33:85:81:bd:54:3e:1f:62:06:f1:27:08:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jan  1 23:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=071b8d2b65c11dda3cf0e432896ff9bffc9f7390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:d5:01:bd:e6:59:4e:0c:f7:63:9f:c0:92:e3:
                    ad:ca:56:43:28:65:37:1b:ea:1d:80:19:27:3f:7a:
                    a3:4d:e4:3e:6c:a5:4f:ef:dc:9d:ea:7e:5d:53:fb:
                    6b:30:42:2b:5a:e5:9e:0d:8f:46:31:91:70:76:3c:
                    1b:be:41:2f:f9:80:e5:16:ff:c1:3e:5d:52:c5:5b:
                    eb:bf:9d:a1:03:8e:03:10:ea:c2:2b:a5:8a:38:1d:
                    11:5e:2c:7d:2f:ad:e5:6a:d8:18:79:e5:c7:46:dd:
                    d0:8e:de:77:b4:68:8b:fd:c0:33:66:97:10:47:a4:
                    84:47:0f:d9:f8:7a:81:52:77:56:89:32:93:cd:14:
                    0a:51:80:2a:e7:36:7a:b2:b0:38:33:dd:ba:fa:e9:
                    dc:93:22:c3:86:ac:a9:68:4d:99:ae:1f:bf:40:de:
                    91:36:d6:27:c6:2c:ee:df:a1:aa:6b:81:58:f1:5d:
                    8a:09:35:ea:67:78:be:9b:9e:71:c3:30:ca:b1:f0:
                    d7:ca:4d:7e:ba:cd:33:02:84:c7:30:23:6e:44:65:
                    14:8e:94:ca:a1:cd:42:48:b3:4d:cb:2b:14:be:a1:
                    ce:09:a6:c9:6f:6e:05:ab:1b:ec:2e:b0:d8:88:23:
                    6c:57:ae:c3:7c:4a:24:e9:c5:e1:ee:49:3c:9f:e7:
                    18:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:1B:8D:2B:65:C1:1D:DA:3C:F0:E4:32:89:6F:F9:BF:FC:9F:73:90
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/BxuNK2XBHdo88OQyiW_5v_yfc5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:18:c8:1e:c4:90:21:23:fb:60:d1:09:72:f3:d6:26:99:0b:
         2f:94:83:b1:3e:a1:d0:cb:11:a6:c9:ee:40:3b:18:1d:4e:46:
         d0:ad:32:37:33:6f:3b:b5:fd:89:a7:7b:25:46:ca:3a:68:38:
         e1:7d:a6:51:b8:5b:4d:df:d4:ed:4d:6c:f6:f2:d0:09:39:2f:
         c0:9d:07:24:7b:55:0e:95:72:c5:e4:e9:0a:5e:d2:bd:f0:9f:
         66:17:40:3a:b3:22:1c:27:66:43:9a:b6:0b:90:8b:bc:f5:19:
         b2:e0:95:6f:59:d7:30:20:7f:ca:a1:e8:bf:ca:4a:13:f2:91:
         50:be:e7:01:60:c1:99:59:22:c3:1a:11:7e:4a:1b:7c:8a:d4:
         5c:f5:ce:fb:f9:c4:b8:19:4c:51:49:93:dd:93:c3:89:1a:b9:
         b4:c8:6e:1b:2d:70:74:d0:bf:f8:5a:79:aa:18:61:85:e9:28:
         d2:86:0e:52:43:09:f0:0d:d5:6c:f1:e4:9b:7b:be:cf:76:b5:
         ee:61:12:db:50:d0:be:49:c7:c6:1f:03:7a:ef:4d:d2:d2:1b:
         05:fe:a5:67:b4:f6:1b:95:7a:08:8e:fd:c2:46:f8:0e:33:ed:
         7a:b8:a8:17:f7:5d:99:95:9b:74:16:ed:ab:23:09:b2:b8:62:
         7b:7b:62:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUgzhYG9VD4fYgbxJwhGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwMTAxMjM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzFiOGQyYjY1YzExZGRhM2NmMGU0MzI4OTZmZjliZmZjOWY3MzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgdUBveZZTgz3Y5/AkuOtylZDKGU3
G+odgBknP3qjTeQ+bKVP79yd6n5dU/trMEIrWuWeDY9GMZFwdjwbvkEv+YDlFv/B
Pl1SxVvrv52hA44DEOrCK6WKOB0RXix9L63latgYeeXHRt3Qjt53tGiL/cAzZpcQ
R6SERw/Z+HqBUndWiTKTzRQKUYAq5zZ6srA4M926+unckyLDhqypaE2Zrh+/QN6R
NtYnxizu36Gqa4FY8V2KCTXqZ3i+m55xwzDKsfDXyk1+us0zAoTHMCNuRGUUjpTK
oc1CSLNNyysUvqHOCabJb24FqxvsLrDYiCNsV67DfEok6cXh7kk8n+cYLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAcbjStlwR3aPPDkMolv+b/8n3OQMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEvQnh1TksyWEJIZG84OE9ReWlXXzV2X3lmYzVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudLMMA0G
CSqGSIb3DQEBCwUAA4IBAQA0GMgexJAhI/tg0Qly89YmmQsvlIOxPqHQyxGmye5A
OxgdTkbQrTI3M287tf2Jp3slRso6aDjhfaZRuFtN39TtTWz28tAJOS/AnQcke1UO
lXLF5OkKXtK98J9mF0A6syIcJ2ZDmrYLkIu89Rmy4JVvWdcwIH/Koei/ykoT8pFQ
vucBYMGZWSLDGhF+Sht8itRc9c77+cS4GUxRSZPdk8OJGrm0yG4bLXB00L/4Wnmq
GGGF6SjShg5SQwnwDdVs8eSbe77PdrXuYRLbUNC+ScfGHwN6703S0hsF/qVntPYb
lXoIjv3CRvgOM+16uKgX912ZlZt0Fu2rIwmyuGJ7e2J+
-----END CERTIFICATE-----