Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/KJNGjPkcmIFOzP_uINRLs1xoz9Y.roa
File:                     KJNGjPkcmIFOzP_uINRLs1xoz9Y.roa (raw, json)
Hash identifier:          glnyJFBp57pliTzR7vvfipC69mbxLAn260n51iwiKuU=
Subject key identifier:   28:93:46:8C:F9:1C:98:81:4E:CC:FF:EE:20:D4:4B:B3:5C:68:CF:D6
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       018CC8DF178B6CB1183D44F601D2FA124F54
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/KJNGjPkcmIFOzP_uINRLs1xoz9Y.roa
Signing time:             Tue 02 Jan 2024 06:31:52 +0000
ROA not before:           Tue 02 Jan 2024 06:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212669
IP address blocks:        185.199.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:17:8b:6c:b1:18:3d:44:f6:01:d2:fa:12:4f:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  2 06:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2893468cf91c98814eccffee20d44bb35c68cfd6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:1f:18:cd:e9:9c:b5:e6:66:0b:92:f7:d7:fd:
                    87:8d:e1:32:1a:74:2c:67:34:55:ea:0e:df:f0:3a:
                    8e:c0:93:b3:e8:c5:05:e4:ab:c9:a1:e7:c0:d4:24:
                    40:3f:e3:58:c6:00:14:ff:66:0d:b8:da:30:39:a8:
                    a3:bf:a9:40:ee:ee:02:02:b2:07:df:04:f0:ac:aa:
                    07:a0:16:ac:8b:07:f9:25:a9:45:5a:bd:8f:1f:8b:
                    91:b7:21:f4:dd:cc:b7:4c:4e:34:8c:6d:e2:60:d7:
                    18:85:b0:f3:07:25:23:03:88:04:f3:b7:b4:0d:30:
                    0e:f1:95:da:cd:b4:56:86:49:1f:c9:39:05:c3:f9:
                    69:1a:75:62:2a:79:5a:b5:80:ad:43:48:32:60:87:
                    44:93:70:96:17:7c:75:98:7b:4e:fb:df:f4:0a:85:
                    3a:7e:43:49:d7:cc:44:96:1d:59:78:bf:c8:a6:79:
                    70:24:54:7f:06:88:9a:66:24:c8:2d:12:3a:38:ff:
                    57:d0:23:80:ad:b4:46:60:4a:70:fe:41:97:90:5c:
                    cd:ce:41:01:ef:94:b4:27:fe:0a:dd:38:de:fc:90:
                    a7:99:cb:80:75:81:95:ca:2a:a5:ab:9a:b4:9b:6d:
                    b2:68:0d:f9:a4:be:19:9d:3d:9c:3b:93:c5:12:cc:
                    74:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:93:46:8C:F9:1C:98:81:4E:CC:FF:EE:20:D4:4B:B3:5C:68:CF:D6
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/KJNGjPkcmIFOzP_uINRLs1xoz9Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:16:cc:c9:3d:d4:3a:70:1b:5f:6c:4e:db:1b:ba:f7:d8:37:
         cf:df:10:21:b6:ca:a1:6c:7a:f7:c5:0c:e1:5e:f8:fd:f9:61:
         45:06:4c:d6:01:d7:b0:ef:7f:4a:c5:ca:6f:25:22:08:73:a4:
         99:c4:ee:0c:c6:ba:0e:80:45:93:fe:41:a9:e8:4b:84:80:04:
         ec:e6:9e:88:70:64:df:3c:36:35:65:bf:f1:06:57:b8:a8:88:
         51:b0:e7:42:7a:09:04:e6:2e:04:c4:aa:12:ef:d7:d6:05:b0:
         76:c9:4b:6c:45:48:ba:c0:46:03:bb:49:9e:bb:69:e2:1e:54:
         d9:04:e8:d0:5a:41:35:d7:30:24:b3:22:01:9d:12:cc:cb:57:
         a5:c0:4c:e4:74:66:b6:79:0f:f8:cb:e2:ed:9c:fe:e2:39:f2:
         04:3e:59:a1:78:fd:22:f9:a5:62:20:6e:f6:96:fd:37:ed:c1:
         6d:4c:c8:a6:4d:ba:b7:02:1a:98:45:5b:eb:d5:6c:fa:80:79:
         dc:15:73:44:58:92:b3:bd:42:9e:5c:a9:6f:00:67:b1:37:02:
         a9:53:81:09:15:4c:31:34:f4:db:3a:62:3b:b1:e8:24:e1:a5:
         b1:0f:8d:f8:d8:2f:51:a7:13:a2:25:c4:85:dc:7a:2b:56:6e:
         ab:7a:d0:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3xeLbLEYPUT2AdL6Ek9UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjQwMTAyMDYzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODkzNDY4Y2Y5MWM5ODgxNGVjY2ZmZWUyMGQ0NGJiMzVjNjhjZmQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAix8YzemcteZmC5L31/2HjeEyGnQs
ZzRV6g7f8DqOwJOz6MUF5KvJoefA1CRAP+NYxgAU/2YNuNowOaijv6lA7u4CArIH
3wTwrKoHoBasiwf5JalFWr2PH4uRtyH03cy3TE40jG3iYNcYhbDzByUjA4gE87e0
DTAO8ZXazbRWhkkfyTkFw/lpGnViKnlatYCtQ0gyYIdEk3CWF3x1mHtO+9/0CoU6
fkNJ18xElh1ZeL/IpnlwJFR/BoiaZiTILRI6OP9X0COArbRGYEpw/kGXkFzNzkEB
75S0J/4K3Tje/JCnmcuAdYGVyiqlq5q0m22yaA35pL4ZnT2cO5PFEsx0UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCiTRoz5HJiBTsz/7iDUS7NcaM/WMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvS0pOR2pQa2NtSUZPelBfdUlOUkxzMXhvejlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuceWMA0G
CSqGSIb3DQEBCwUAA4IBAQChFszJPdQ6cBtfbE7bG7r32DfP3xAhtsqhbHr3xQzh
Xvj9+WFFBkzWAdew739KxcpvJSIIc6SZxO4MxroOgEWT/kGp6EuEgATs5p6IcGTf
PDY1Zb/xBle4qIhRsOdCegkE5i4ExKoS79fWBbB2yUtsRUi6wEYDu0meu2niHlTZ
BOjQWkE11zAksyIBnRLMy1elwEzkdGa2eQ/4y+LtnP7iOfIEPlmheP0i+aViIG72
lv037cFtTMimTbq3AhqYRVvr1Wz6gHncFXNEWJKzvUKeXKlvAGexNwKpU4EJFUwx
NPTbOmI7segk4aWxD4342C9RpxOiJcSF3HorVm6retD8
-----END CERTIFICATE-----