Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/HDxSohX-IDNPW8pjacRSI1H_PKk.roa
File:                     HDxSohX-IDNPW8pjacRSI1H_PKk.roa (raw, json)
Hash identifier:          LmMZXQdXNsqjvcfV+qIzu55UsIszcW5rLny8ykXmqHQ=
Subject key identifier:   1C:3C:52:A2:15:FE:20:33:4F:5B:CA:63:69:C4:52:23:51:FF:3C:A9
Certificate issuer:       /CN=472694d8a399a3a66f442ec72295c754acbbad41
Certificate serial:       0194266C4A01095786F7A88A130F852CC7C2
Authority key identifier: 47:26:94:D8:A3:99:A3:A6:6F:44:2E:C7:22:95:C7:54:AC:BB:AD:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/HDxSohX-IDNPW8pjacRSI1H_PKk.roa
Signing time:             Thu 02 Jan 2025 09:50:18 +0000
ROA not before:           Thu 02 Jan 2025 09:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205967
IP address blocks:        185.83.233.0/24 maxlen: 24
                          2a03:6e60:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:4a:01:09:57:86:f7:a8:8a:13:0f:85:2c:c7:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=472694d8a399a3a66f442ec72295c754acbbad41
        Validity
            Not Before: Jan  2 09:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1c3c52a215fe20334f5bca6369c4522351ff3ca9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:43:6e:6e:24:71:f4:4d:b7:50:0d:68:d3:1a:
                    6f:a7:fe:05:11:1a:65:7b:09:17:60:49:7a:b4:11:
                    5e:b4:c3:6b:cb:6c:1f:85:fe:5e:28:7d:bc:0f:83:
                    38:5e:a4:53:ce:00:b7:e9:be:ad:4c:70:3d:e4:99:
                    3c:be:45:b0:f1:e3:92:3b:af:df:b7:a3:c6:5d:bf:
                    9b:f0:51:82:da:35:84:fe:55:14:37:25:d0:f1:e9:
                    19:e5:38:7a:7e:be:c0:e8:e5:af:42:12:2b:06:80:
                    09:76:ba:7f:89:f8:c7:65:49:0b:13:69:94:8a:2f:
                    86:0f:af:49:2f:bd:f5:b9:a3:60:98:59:2e:62:18:
                    09:86:73:b9:ba:a5:25:2f:7c:f3:7e:26:b3:c5:aa:
                    98:63:1c:2f:b5:b0:af:9f:08:f4:12:84:4c:e9:99:
                    a2:b5:c2:a1:27:07:29:a1:d4:b2:ac:6b:2a:6e:67:
                    e9:62:00:ee:56:6a:2c:2b:c3:f2:61:bc:fc:7c:35:
                    b1:f1:e5:57:89:35:bd:f4:a4:3d:b9:ec:df:ac:03:
                    4f:0f:00:83:4c:db:03:66:10:1a:88:1b:e4:9b:8b:
                    1f:bb:39:ca:6e:b4:85:f2:d7:c4:52:8c:b2:86:06:
                    c8:c9:59:c0:d1:68:38:f2:51:b4:27:4d:e4:6e:7a:
                    99:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:3C:52:A2:15:FE:20:33:4F:5B:CA:63:69:C4:52:23:51:FF:3C:A9
            X509v3 Authority Key Identifier:
                keyid:47:26:94:D8:A3:99:A3:A6:6F:44:2E:C7:22:95:C7:54:AC:BB:AD:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/HDxSohX-IDNPW8pjacRSI1H_PKk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/ddc26e-31da-43dd-b4d1-063a0881a6d2/1/RyaU2KOZo6ZvRC7HIpXHVKy7rUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.233.0/24
                IPv6:
                  2a03:6e60:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:3c:63:f6:de:bd:6b:88:2c:e3:8a:1a:98:63:80:ed:2c:7a:
         4a:87:01:8f:4d:81:f1:6f:26:92:af:1f:d4:22:c5:b4:af:66:
         8b:b3:e5:77:46:bf:60:f2:4e:81:21:94:98:21:c8:e1:a9:f0:
         0d:de:8d:72:aa:86:be:68:d1:ad:d5:84:f6:53:7f:1d:d9:a7:
         10:07:83:ef:67:4c:ae:31:32:a4:97:37:7d:fe:6c:cc:51:7d:
         51:15:ac:f9:2b:a0:b7:16:c8:fe:e4:58:ef:4e:43:1c:24:70:
         40:94:54:26:0c:d2:0e:46:e5:d1:f4:87:c4:49:a9:c1:91:2e:
         fd:8c:6c:1c:d5:e5:bd:96:77:6b:ac:3d:28:51:a3:09:67:6b:
         a7:3b:90:a0:9e:a7:e9:2c:3f:2c:5e:67:f8:a1:7f:ae:9c:5e:
         3c:c9:9f:0c:3a:d9:60:c6:b4:32:8d:25:e1:b0:b0:80:f6:15:
         61:65:e3:59:71:e8:f6:e1:84:67:3c:4d:57:74:7a:b3:8e:d3:
         b9:de:69:3b:56:72:a6:e8:c9:1a:c0:e6:05:fb:d8:f0:a0:51:
         b9:45:ec:b0:11:2b:3e:c6:af:9e:d1:e7:bf:00:93:33:25:5d:
         7c:ac:63:48:b4:da:55:09:47:e4:50:7a:95:c1:23:66:fa:3a:
         31:04:52:3d
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmbEoBCVeG96iKEw+FLMfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MjY5NGQ4YTM5OWEzYTY2ZjQ0MmVjNzIyOTVjNzU0YWNi
YmFkNDEwHhcNMjUwMTAyMDk1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYzNjNTJhMjE1ZmUyMDMzNGY1YmNhNjM2OWM0NTIyMzUxZmYzY2E5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkNubiRx9E23UA1o0xpvp/4FERpl
ewkXYEl6tBFetMNry2wfhf5eKH28D4M4XqRTzgC36b6tTHA95Jk8vkWw8eOSO6/f
t6PGXb+b8FGC2jWE/lUUNyXQ8ekZ5Th6fr7A6OWvQhIrBoAJdrp/ifjHZUkLE2mU
ii+GD69JL731uaNgmFkuYhgJhnO5uqUlL3zzfiazxaqYYxwvtbCvnwj0EoRM6Zmi
tcKhJwcpodSyrGsqbmfpYgDuVmosK8PyYbz8fDWx8eVXiTW99KQ9uezfrANPDwCD
TNsDZhAaiBvkm4sfuznKbrSF8tfEUoyyhgbIyVnA0Wg48lG0J03kbnqZ1wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBw8UqIV/iAzT1vKY2nEUiNR/zypMB8GA1UdIwQY
MBaAFEcmlNijmaOmb0QuxyKVx1Ssu61BMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnlhVTJLT1pvNlp2UkM3SElwWEhWS3k3clVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS9kZGMyNmUtMzFkYS00M2RkLWI0ZDEt
MDYzYTA4ODFhNmQyLzEvSER4U29oWC1JRE5QVzhwamFjUlNJMUhfUEtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS9kZGMyNmUtMzFkYS00M2RkLWI0ZDEtMDYzYTA4ODFhNmQy
LzEvUnlhVTJLT1pvNlp2UkM3SElwWEhWS3k3clVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuVPpMA8E
AgACMAkDBwAqA25gAAEwDQYJKoZIhvcNAQELBQADggEBAD08Y/bevWuILOOKGphj
gO0sekqHAY9NgfFvJpKvH9QixbSvZouz5XdGv2DyToEhlJghyOGp8A3ejXKqhr5o
0a3VhPZTfx3ZpxAHg+9nTK4xMqSXN33+bMxRfVEVrPkroLcWyP7kWO9OQxwkcECU
VCYM0g5G5dH0h8RJqcGRLv2MbBzV5b2Wd2usPShRowlna6c7kKCep+ksPyxeZ/ih
f66cXjzJnww62WDGtDKNJeGwsID2FWFl41lx6PbhhGc8TVd0erOO07neaTtWcqbo
yRrA5gX72PCgUblF7LARKz7Gr57R578AkzMlXXysY0i02lUJR+RQepXBI2b6OjEE
Uj0=
-----END CERTIFICATE-----