Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/50ZlfNXQIWGYz585joKHwvQvF88.roa
File:                     50ZlfNXQIWGYz585joKHwvQvF88.roa (raw, json)
Hash identifier:          7EIculqnk0n31qVPGM9NIxWSraKrQWRGQIfuyfBNaaw=
Subject key identifier:   E7:46:65:7C:D5:D0:21:61:98:CF:9F:39:8E:82:87:C2:F4:2F:17:CF
Certificate issuer:       /CN=a15e3f974b5f974656ccf4d45596caad1b9096d4
Certificate serial:       018CC2DAD42734DD6073D0EBB8B27A88944A
Authority key identifier: A1:5E:3F:97:4B:5F:97:46:56:CC:F4:D4:55:96:CA:AD:1B:90:96:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/50ZlfNXQIWGYz585joKHwvQvF88.roa
Signing time:             Mon 01 Jan 2024 02:29:30 +0000
ROA not before:           Mon 01 Jan 2024 02:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34549
IP address blocks:        185.220.149.0/24 maxlen: 24
                          2a0b:f841::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:d4:27:34:dd:60:73:d0:eb:b8:b2:7a:88:94:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a15e3f974b5f974656ccf4d45596caad1b9096d4
        Validity
            Not Before: Jan  1 02:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e746657cd5d0216198cf9f398e8287c2f42f17cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ec:a2:d3:f2:3a:34:bf:38:4d:15:67:6e:01:
                    44:97:35:8b:9a:3c:63:8a:be:d3:b4:86:aa:5a:c8:
                    8e:3d:96:36:bf:15:ec:af:e9:6d:80:73:ff:a4:97:
                    11:23:41:cb:02:5a:d5:8b:65:9f:a8:9c:83:8e:a7:
                    f8:bc:b2:33:3a:27:35:94:1f:0f:1e:c6:98:a0:e6:
                    97:3e:30:57:6c:a4:77:d2:b8:64:05:4f:54:b2:bd:
                    ce:df:9d:e0:c8:0e:1b:a3:4a:da:9f:e1:65:de:cc:
                    d6:a4:4e:2f:3b:00:e2:b3:86:6b:50:65:41:c3:ce:
                    53:21:a8:3d:12:d9:d3:47:24:9c:fb:89:62:f0:23:
                    ec:a6:de:6a:6a:56:13:c2:91:11:99:50:cd:11:cc:
                    a5:c3:2b:31:ea:b5:bd:ee:ec:c6:f8:71:99:c1:7b:
                    15:44:23:bb:1f:2c:89:8d:56:03:66:c0:c1:3e:2f:
                    d8:0d:91:f2:57:ac:88:a3:e5:1c:f2:0a:15:fa:e0:
                    0f:39:02:a8:7d:26:c3:11:ad:c2:b3:8f:8c:ec:c5:
                    c6:e3:c1:da:53:d4:71:8c:b3:88:0c:e1:c9:39:98:
                    bb:36:d8:7f:88:e5:c9:1d:64:59:a8:6c:c7:b2:a8:
                    7c:92:79:5e:c9:01:1f:42:16:d8:d6:8d:95:28:f6:
                    18:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:46:65:7C:D5:D0:21:61:98:CF:9F:39:8E:82:87:C2:F4:2F:17:CF
            X509v3 Authority Key Identifier:
                keyid:A1:5E:3F:97:4B:5F:97:46:56:CC:F4:D4:55:96:CA:AD:1B:90:96:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/50ZlfNXQIWGYz585joKHwvQvF88.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/d6a422-3612-45af-83ab-d24b68966e0e/1/oV4_l0tfl0ZWzPTUVZbKrRuQltQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.149.0/24
                IPv6:
                  2a0b:f841::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:4a:aa:3a:c6:a3:39:04:ee:af:01:f9:73:c6:d9:c1:3d:1f:
         8b:02:c2:a3:13:af:dc:1d:00:86:13:fe:28:dc:c3:b7:c0:97:
         8d:be:eb:68:eb:c0:a5:6e:99:90:65:60:c4:d5:97:75:aa:2d:
         d1:5a:43:e8:2b:57:63:46:15:38:2c:8b:55:6d:25:92:c4:33:
         af:41:81:d0:da:31:5c:b2:75:cf:81:5d:b1:26:85:3e:fd:dd:
         0f:89:e1:92:a9:47:b8:7d:77:f5:10:67:41:52:8b:5d:e8:7d:
         2f:2a:d4:56:5d:c1:93:1a:65:3f:92:58:ee:e6:f9:b2:be:d8:
         96:30:63:61:e6:a0:0f:87:fd:08:a6:9c:27:86:ca:8b:c3:35:
         3f:77:d3:28:31:89:c6:8b:cc:ca:03:4f:67:92:53:10:fd:fb:
         13:4e:f6:41:6a:7e:a5:35:aa:1d:a2:22:a4:40:93:e2:66:96:
         be:10:ef:14:3e:65:4d:1e:f5:f9:71:5a:09:04:48:b9:6d:b9:
         cd:a9:e9:65:13:7b:a7:26:00:8b:c5:97:b6:b8:d5:4b:0f:29:
         15:84:55:57:07:f3:f9:f5:3b:89:e8:26:c7:e5:04:fd:53:b5:
         e2:b9:de:fd:dd:be:25:f7:7f:c4:d2:16:7c:3b:4f:26:1d:fd:
         18:7b:6f:7f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzC2tQnNN1gc9DruLJ6iJRKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNWUzZjk3NGI1Zjk3NDY1NmNjZjRkNDU1OTZjYWFkMWI5
MDk2ZDQwHhcNMjQwMTAxMDIyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzQ2NjU3Y2Q1ZDAyMTYxOThjZjlmMzk4ZTgyODdjMmY0MmYxN2NmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueyi0/I6NL84TRVnbgFElzWLmjxj
ir7TtIaqWsiOPZY2vxXsr+ltgHP/pJcRI0HLAlrVi2WfqJyDjqf4vLIzOic1lB8P
HsaYoOaXPjBXbKR30rhkBU9Usr3O353gyA4bo0ran+Fl3szWpE4vOwDis4ZrUGVB
w85TIag9EtnTRySc+4li8CPspt5qalYTwpERmVDNEcylwysx6rW97uzG+HGZwXsV
RCO7HyyJjVYDZsDBPi/YDZHyV6yIo+Uc8goV+uAPOQKofSbDEa3Cs4+M7MXG48Ha
U9RxjLOIDOHJOZi7Nth/iOXJHWRZqGzHsqh8knleyQEfQhbY1o2VKPYYVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOdGZXzV0CFhmM+fOY6Ch8L0LxfPMB8GA1UdIwQY
MBaAFKFeP5dLX5dGVsz01FWWyq0bkJbUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1Y0X2wwdGZsMFpXelBUVVZaYktyUnVRbHRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9kNmE0MjItMzYxMi00NWFmLTgzYWIt
ZDI0YjY4OTY2ZTBlLzEvNTBabGZOWFFJV0dZejU4NWpvS0h3dlF2Rjg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9kNmE0MjItMzYxMi00NWFmLTgzYWItZDI0YjY4OTY2ZTBl
LzEvb1Y0X2wwdGZsMFpXelBUVVZaYktyUnVRbHRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAudyVMA0E
AgACMAcDBQAqC/hBMA0GCSqGSIb3DQEBCwUAA4IBAQAXSqo6xqM5BO6vAflzxtnB
PR+LAsKjE6/cHQCGE/4o3MO3wJeNvuto68ClbpmQZWDE1Zd1qi3RWkPoK1djRhU4
LItVbSWSxDOvQYHQ2jFcsnXPgV2xJoU+/d0PieGSqUe4fXf1EGdBUotd6H0vKtRW
XcGTGmU/klju5vmyvtiWMGNh5qAPh/0IppwnhsqLwzU/d9MoMYnGi8zKA09nklMQ
/fsTTvZBan6lNaodoiKkQJPiZpa+EO8UPmVNHvX5cVoJBEi5bbnNqellE3unJgCL
xZe2uNVLDykVhFVXB/P59TuJ6CbH5QT9U7Xiud793b4l93/E0hZ8O08mHf0Ye29/
-----END CERTIFICATE-----