Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/75ebd0HFGMdsp3MPs89DOK3-1Nk.roa
File:                     75ebd0HFGMdsp3MPs89DOK3-1Nk.roa (raw, json)
Hash identifier:          tril8Xcc+DTbBFz4g540ToTKsnG/wYjqYRYJ9lVTJjA=
Subject key identifier:   EF:97:9B:77:41:C5:18:C7:6C:A7:73:0F:B3:CF:43:38:AD:FE:D4:D9
Certificate issuer:       /CN=335c3336e2ce3bd75ab29ce81e54ff81ec56f1da
Certificate serial:       018CC86F21F596B18A4357DB2D3E537907A7
Authority key identifier: 33:5C:33:36:E2:CE:3B:D7:5A:B2:9C:E8:1E:54:FF:81:EC:56:F1:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M1wzNuLOO9daspzoHlT_gexW8do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/75ebd0HFGMdsp3MPs89DOK3-1Nk.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29644
IP address blocks:        185.150.220.0/24 maxlen: 24
                          185.150.221.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/M1wzNuLOO9daspzoHlT_gexW8do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/M1wzNuLOO9daspzoHlT_gexW8do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M1wzNuLOO9daspzoHlT_gexW8do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:21:f5:96:b1:8a:43:57:db:2d:3e:53:79:07:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=335c3336e2ce3bd75ab29ce81e54ff81ec56f1da
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef979b7741c518c76ca7730fb3cf4338adfed4d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:b8:2e:0a:a1:31:b9:50:ba:2d:73:71:6e:31:
                    4b:fa:07:12:69:ff:9d:f5:06:ad:df:81:5f:c7:6b:
                    e4:d5:ba:9c:47:16:f0:24:9a:a8:a0:78:9e:cc:9e:
                    1c:cd:c6:99:06:13:bf:2b:72:66:d1:66:6d:d9:c6:
                    ae:3f:63:ea:9c:ec:39:7f:af:f4:98:09:b6:3c:5b:
                    3c:6a:c3:f5:84:b1:a9:64:46:0b:8c:a9:f5:5e:b3:
                    c3:00:c6:29:8c:6c:14:8f:1d:74:9d:d4:c8:58:37:
                    fb:ec:b9:44:47:45:25:47:99:8a:36:a9:ab:c1:55:
                    14:da:c8:c6:b9:f1:ab:4e:76:56:31:40:e1:3b:30:
                    40:ce:bb:b5:ee:e5:e7:05:d2:ff:b9:9c:cd:91:41:
                    4c:1b:3c:01:a7:e5:00:31:78:73:23:a5:50:b5:61:
                    e9:ab:1f:22:fc:80:6c:76:5a:28:76:8b:e1:6e:72:
                    77:38:54:e6:ae:36:6b:40:af:95:20:7e:14:0a:57:
                    ab:cc:85:16:08:a0:7f:e5:d5:81:c6:b5:aa:5d:af:
                    fe:e7:13:3e:16:bb:99:61:1c:48:48:e7:81:fb:c5:
                    6f:73:9c:9d:29:68:ba:74:a1:af:61:dc:d9:c3:04:
                    cd:8d:6d:00:b7:58:b5:3d:a4:92:99:9c:24:ac:2d:
                    a2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:97:9B:77:41:C5:18:C7:6C:A7:73:0F:B3:CF:43:38:AD:FE:D4:D9
            X509v3 Authority Key Identifier:
                keyid:33:5C:33:36:E2:CE:3B:D7:5A:B2:9C:E8:1E:54:FF:81:EC:56:F1:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M1wzNuLOO9daspzoHlT_gexW8do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/75ebd0HFGMdsp3MPs89DOK3-1Nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/M1wzNuLOO9daspzoHlT_gexW8do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:84:38:18:72:20:42:1c:36:ff:eb:6c:1f:8d:39:53:ea:2b:
         fc:d3:4e:70:1d:5a:19:d0:b7:a1:ae:e2:7c:fc:bf:d9:3c:a3:
         7d:68:b9:9f:eb:38:92:8a:3c:0f:cc:7f:50:b7:df:e7:3f:5c:
         6b:4a:3a:07:e9:d4:f4:d1:4a:3a:0c:4b:d1:8b:ea:fc:31:bc:
         3a:c2:d3:ca:f6:25:b4:32:92:81:48:37:8e:be:f3:5f:e9:d7:
         10:4e:5d:5b:4d:26:21:32:6b:0e:4e:e2:5c:2c:71:ff:99:ee:
         f4:3a:2f:e0:9c:0a:94:65:a3:08:71:87:af:66:97:9d:4c:c5:
         cf:e1:b8:c2:08:70:32:f6:6d:43:65:cc:a7:a6:a4:4c:59:2e:
         53:39:44:9a:15:62:36:bb:72:1f:78:29:a7:41:33:3d:af:67:
         ff:2e:d4:91:62:4c:77:bb:99:94:49:d8:1a:a1:26:ae:3f:85:
         a0:b3:b7:52:92:58:95:2b:90:cc:f5:53:56:dd:f9:5b:c8:5d:
         6e:33:6b:db:70:34:78:9a:dc:ef:4e:88:bc:ee:45:f9:fe:3c:
         dc:9a:0d:60:21:1f:de:b8:69:c6:9a:4b:4d:17:bf:a3:fa:1f:
         d5:99:00:89:89:4c:8a:37:f4:f3:59:24:e1:ae:65:2c:c1:56:
         2c:62:80:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyH1lrGKQ1fbLT5TeQenMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNWMzMzM2ZTJjZTNiZDc1YWIyOWNlODFlNTRmZjgxZWM1
NmYxZGEwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjk3OWI3NzQxYzUxOGM3NmNhNzczMGZiM2NmNDMzOGFkZmVkNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl7guCqExuVC6LXNxbjFL+gcSaf+d
9Qat34Ffx2vk1bqcRxbwJJqooHiezJ4czcaZBhO/K3Jm0WZt2cauP2PqnOw5f6/0
mAm2PFs8asP1hLGpZEYLjKn1XrPDAMYpjGwUjx10ndTIWDf77LlER0UlR5mKNqmr
wVUU2sjGufGrTnZWMUDhOzBAzru17uXnBdL/uZzNkUFMGzwBp+UAMXhzI6VQtWHp
qx8i/IBsdloodovhbnJ3OFTmrjZrQK+VIH4UClerzIUWCKB/5dWBxrWqXa/+5xM+
FruZYRxISOeB+8Vvc5ydKWi6dKGvYdzZwwTNjW0At1i1PaSSmZwkrC2inQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO+Xm3dBxRjHbKdzD7PPQzit/tTZMB8GA1UdIwQY
MBaAFDNcMzbizjvXWrKc6B5U/4HsVvHaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTF3ek51TE9POWRhc3B6b0hsVF9nZXhXOGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My82ZWQyMGUtMjE1OS00N2Q1LTliMWQt
NDFkNTA5ZjhiMTU1LzEvNzVlYmQwSEZHTWRzcDNNUHM4OURPSzMtMU5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My82ZWQyMGUtMjE1OS00N2Q1LTliMWQtNDFkNTA5ZjhiMTU1
LzEvTTF3ek51TE9POWRhc3B6b0hsVF9nZXhXOGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZbcMA0G
CSqGSIb3DQEBCwUAA4IBAQB8hDgYciBCHDb/62wfjTlT6iv8005wHVoZ0LehruJ8
/L/ZPKN9aLmf6ziSijwPzH9Qt9/nP1xrSjoH6dT00Uo6DEvRi+r8Mbw6wtPK9iW0
MpKBSDeOvvNf6dcQTl1bTSYhMmsOTuJcLHH/me70Oi/gnAqUZaMIcYevZpedTMXP
4bjCCHAy9m1DZcynpqRMWS5TOUSaFWI2u3IfeCmnQTM9r2f/LtSRYkx3u5mUSdga
oSauP4Wgs7dSkliVK5DM9VNW3flbyF1uM2vbcDR4mtzvToi87kX5/jzcmg1gIR/e
uGnGmktNF7+j+h/VmQCJiUyKN/TzWSThrmUswVYsYoAJ
-----END CERTIFICATE-----