Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/2EIzexQ0O1e6OAwkqoEqc-hS4eI.roa
File:                     2EIzexQ0O1e6OAwkqoEqc-hS4eI.roa (raw, json)
Hash identifier:          9XBVWOg6AwbDq5K8di/+/ApXibs9CxjFDJ0FbrXspZc=
Subject key identifier:   D8:42:33:7B:14:34:3B:57:BA:38:0C:24:AA:81:2A:73:E8:52:E1:E2
Certificate issuer:       /CN=133f456d2b82cc6d80b7b1ac571b4787f1569b60
Certificate serial:       018CC3B724C195E0A094E392012EAB9F6AD2
Authority key identifier: 13:3F:45:6D:2B:82:CC:6D:80:B7:B1:AC:57:1B:47:87:F1:56:9B:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ez9FbSuCzG2At7GsVxtHh_FWm2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/2EIzexQ0O1e6OAwkqoEqc-hS4eI.roa
Signing time:             Mon 01 Jan 2024 06:30:08 +0000
ROA not before:           Mon 01 Jan 2024 06:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210585
IP address blocks:        185.23.211.0/24 maxlen: 24
                          185.23.208.0/24 maxlen: 24
                          185.23.209.0/24 maxlen: 24
                          185.23.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/Ez9FbSuCzG2At7GsVxtHh_FWm2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/Ez9FbSuCzG2At7GsVxtHh_FWm2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ez9FbSuCzG2At7GsVxtHh_FWm2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:24:c1:95:e0:a0:94:e3:92:01:2e:ab:9f:6a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=133f456d2b82cc6d80b7b1ac571b4787f1569b60
        Validity
            Not Before: Jan  1 06:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d842337b14343b57ba380c24aa812a73e852e1e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:99:f4:91:a4:1f:4e:10:eb:c2:5a:7b:95:b0:
                    69:fa:58:75:be:ab:0c:ec:fa:75:f1:fa:b1:8b:80:
                    7a:9f:cd:18:c2:0b:1b:00:f6:36:cb:06:b6:62:53:
                    02:01:6a:3c:88:8b:ba:71:a5:10:ed:32:ec:94:da:
                    71:ff:cf:c2:43:97:9c:e0:d5:d0:b9:bd:27:b5:45:
                    e8:4e:9a:15:c6:ce:ce:d9:4e:50:97:1c:f8:7e:23:
                    aa:5b:6f:74:f5:ef:72:e1:82:df:28:93:f0:76:2f:
                    f3:00:92:e5:31:e3:82:d1:04:84:11:f8:c1:5b:ec:
                    c5:a3:f7:42:f1:54:ce:02:5a:b6:80:fb:3b:f8:23:
                    22:ce:a8:ed:ce:00:e5:bb:54:5c:72:1b:1c:4e:e1:
                    e3:ca:39:b4:76:90:5c:58:4f:eb:8e:47:59:26:a0:
                    28:d5:3d:77:47:ea:03:20:f4:5d:08:75:6e:64:00:
                    18:b4:55:1c:70:5a:13:99:23:e2:6f:09:72:8c:b4:
                    ee:38:eb:3f:bd:11:b3:e6:f2:5a:ff:e4:60:4b:64:
                    73:f9:25:dd:dd:13:fa:28:68:f4:41:d4:1a:af:09:
                    4a:46:47:ee:20:eb:a9:a7:43:48:53:4f:b9:81:a1:
                    06:6c:22:6b:07:7e:86:74:bc:39:7c:54:56:45:db:
                    9a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:42:33:7B:14:34:3B:57:BA:38:0C:24:AA:81:2A:73:E8:52:E1:E2
            X509v3 Authority Key Identifier:
                keyid:13:3F:45:6D:2B:82:CC:6D:80:B7:B1:AC:57:1B:47:87:F1:56:9B:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ez9FbSuCzG2At7GsVxtHh_FWm2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/2EIzexQ0O1e6OAwkqoEqc-hS4eI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/d00210-d685-48b2-8e53-bb2fdca78245/1/Ez9FbSuCzG2At7GsVxtHh_FWm2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.23.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:c6:ab:e0:70:8a:b4:73:7e:05:b3:71:08:70:5a:42:12:be:
         e5:33:b2:32:74:c1:b2:d6:04:df:ea:20:9a:ee:c2:70:1b:1a:
         63:66:82:95:ed:27:34:04:60:92:21:bf:c9:e1:cc:22:42:6b:
         7f:93:d5:98:af:70:e2:76:51:3c:d3:0d:1a:fa:c9:3f:23:36:
         2b:d4:a9:36:06:af:29:cd:53:de:c8:07:fc:fa:60:ef:4b:e9:
         98:69:89:2a:e0:2c:eb:99:c9:1b:11:25:02:80:92:bf:d8:98:
         94:aa:9f:63:ee:e0:45:e1:75:8f:f2:0a:4a:8e:83:29:56:a2:
         81:25:0b:a9:5e:af:7d:87:dc:20:22:b3:2b:88:a4:94:08:05:
         56:b4:82:76:45:44:05:a6:26:47:eb:fa:91:0b:04:c0:a1:17:
         a1:d2:b2:d9:3e:32:30:a8:5d:22:0e:39:06:e8:33:09:4e:7a:
         16:63:24:99:14:2f:b8:7c:02:0a:ab:90:99:87:31:3e:d9:cc:
         01:47:a2:19:53:35:6b:71:95:6e:88:a6:1a:68:f4:10:63:5a:
         55:ed:39:c7:47:57:a0:51:12:67:4c:b1:ec:2d:97:d7:f8:3d:
         41:3a:4b:dc:d4:01:7b:5d:cb:53:75:57:bd:db:23:36:50:5d:
         c7:f9:c0:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyTBleCglOOSAS6rn2rSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzM2Y0NTZkMmI4MmNjNmQ4MGI3YjFhYzU3MWI0Nzg3ZjE1
NjliNjAwHhcNMjQwMTAxMDYzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQyMzM3YjE0MzQzYjU3YmEzODBjMjRhYTgxMmE3M2U4NTJlMWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5Zn0kaQfThDrwlp7lbBp+lh1vqsM
7Pp18fqxi4B6n80YwgsbAPY2ywa2YlMCAWo8iIu6caUQ7TLslNpx/8/CQ5ec4NXQ
ub0ntUXoTpoVxs7O2U5Qlxz4fiOqW2909e9y4YLfKJPwdi/zAJLlMeOC0QSEEfjB
W+zFo/dC8VTOAlq2gPs7+CMizqjtzgDlu1RcchscTuHjyjm0dpBcWE/rjkdZJqAo
1T13R+oDIPRdCHVuZAAYtFUccFoTmSPibwlyjLTuOOs/vRGz5vJa/+RgS2Rz+SXd
3RP6KGj0QdQarwlKRkfuIOupp0NIU0+5gaEGbCJrB36GdLw5fFRWRduaVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhCM3sUNDtXujgMJKqBKnPoUuHiMB8GA1UdIwQY
MBaAFBM/RW0rgsxtgLexrFcbR4fxVptgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXo5RmJTdUN6RzJBdDdHc1Z4dEhoX0ZXbTJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9kMDAyMTAtZDY4NS00OGIyLThlNTMt
YmIyZmRjYTc4MjQ1LzEvMkVJemV4UTBPMWU2T0F3a3FvRXFjLWhTNGVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9kMDAyMTAtZDY4NS00OGIyLThlNTMtYmIyZmRjYTc4MjQ1
LzEvRXo5RmJTdUN6RzJBdDdHc1Z4dEhoX0ZXbTJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRfQMA0G
CSqGSIb3DQEBCwUAA4IBAQArxqvgcIq0c34Fs3EIcFpCEr7lM7IydMGy1gTf6iCa
7sJwGxpjZoKV7Sc0BGCSIb/J4cwiQmt/k9WYr3DidlE80w0a+sk/IzYr1Kk2Bq8p
zVPeyAf8+mDvS+mYaYkq4CzrmckbESUCgJK/2JiUqp9j7uBF4XWP8gpKjoMpVqKB
JQupXq99h9wgIrMriKSUCAVWtIJ2RUQFpiZH6/qRCwTAoReh0rLZPjIwqF0iDjkG
6DMJTnoWYySZFC+4fAIKq5CZhzE+2cwBR6IZUzVrcZVuiKYaaPQQY1pV7TnHR1eg
URJnTLHsLZfX+D1BOkvc1AF7XctTdVe92yM2UF3H+cAY
-----END CERTIFICATE-----