Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/J68WndLp5Mnq9_2aAoaD1s8g-20.roa
File:                     J68WndLp5Mnq9_2aAoaD1s8g-20.roa (raw, json)
Hash identifier:          erLznfZzKbu6OJGlroxknEZTda8TISXJDngMGjcXvvg=
Subject key identifier:   27:AF:16:9D:D2:E9:E4:C9:EA:F7:FD:9A:02:86:83:D6:CF:20:FB:6D
Certificate issuer:       /CN=335c3336e2ce3bd75ab29ce81e54ff81ec56f1da
Certificate serial:       018CC86F2264F470E04A4DD023D73E68F38D
Authority key identifier: 33:5C:33:36:E2:CE:3B:D7:5A:B2:9C:E8:1E:54:FF:81:EC:56:F1:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M1wzNuLOO9daspzoHlT_gexW8do.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/J68WndLp5Mnq9_2aAoaD1s8g-20.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202823
IP address blocks:        185.150.221.0/24 maxlen: 24
                          185.150.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/M1wzNuLOO9daspzoHlT_gexW8do.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/M1wzNuLOO9daspzoHlT_gexW8do.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M1wzNuLOO9daspzoHlT_gexW8do.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:22:64:f4:70:e0:4a:4d:d0:23:d7:3e:68:f3:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=335c3336e2ce3bd75ab29ce81e54ff81ec56f1da
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=27af169dd2e9e4c9eaf7fd9a028683d6cf20fb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:a9:00:b0:e5:ec:98:48:f5:6c:d5:93:ec:d8:
                    e1:b4:af:e1:1e:62:cb:b3:d6:57:cf:1e:65:2a:05:
                    df:7b:2d:55:67:25:74:2b:5b:86:1c:a8:5e:4f:af:
                    d1:0c:ab:91:1e:f7:26:b1:ef:4e:4b:75:63:03:f1:
                    fd:4b:33:44:7f:92:1f:45:4e:ca:01:6c:6b:4a:a2:
                    26:8b:60:6e:89:67:76:fa:43:dd:00:da:be:6b:dd:
                    1e:c6:8c:ef:d6:3e:8c:c0:c5:ad:66:8c:b7:28:e3:
                    08:2a:b7:36:bd:2e:49:df:56:4d:f4:6d:0b:cb:0d:
                    0c:d3:60:55:28:0c:52:a9:bd:b7:e9:d6:dc:19:41:
                    f7:19:65:d9:09:66:4e:d9:93:6d:4f:a3:4b:53:1a:
                    8d:2b:6c:f6:d5:8a:65:54:df:00:65:16:e8:df:d4:
                    77:86:28:fd:55:63:b1:5c:37:d0:21:0c:54:a5:fe:
                    53:2e:a0:94:17:17:16:a2:e8:25:04:04:26:6e:ae:
                    3a:b3:15:e9:e3:d5:a2:3c:ed:0c:18:f8:69:9f:2a:
                    e7:06:6b:fb:45:cd:6c:e4:6c:36:df:89:29:ea:97:
                    20:ab:1f:cf:90:2d:53:f4:72:b8:b4:7c:b0:e7:9e:
                    67:a0:f4:ec:55:30:c2:0d:ac:c9:a9:47:9c:d1:ef:
                    ef:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:AF:16:9D:D2:E9:E4:C9:EA:F7:FD:9A:02:86:83:D6:CF:20:FB:6D
            X509v3 Authority Key Identifier:
                keyid:33:5C:33:36:E2:CE:3B:D7:5A:B2:9C:E8:1E:54:FF:81:EC:56:F1:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M1wzNuLOO9daspzoHlT_gexW8do.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/J68WndLp5Mnq9_2aAoaD1s8g-20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6ed20e-2159-47d5-9b1d-41d509f8b155/1/M1wzNuLOO9daspzoHlT_gexW8do.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.220.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:f1:22:05:8d:bc:e3:d1:eb:24:60:f7:79:d8:ff:7a:a3:c0:
         8c:4c:71:c1:75:a2:c0:f0:24:83:51:3b:ce:f2:f5:ff:2b:b4:
         2b:5a:79:ad:9a:44:6b:43:43:7e:c8:0a:ca:0e:72:04:f0:ad:
         7f:91:26:e7:69:a2:d2:1c:09:ff:96:5f:25:02:64:a8:8c:b8:
         b0:4d:34:e2:ff:78:c9:ec:bd:9b:81:b8:d9:a3:95:89:fb:1c:
         8a:89:7f:56:b2:c7:5c:3e:70:25:ee:ab:56:37:f7:38:30:83:
         3f:6d:ff:0e:c1:1c:5d:71:81:79:3e:d4:ac:6c:ca:41:a7:0e:
         28:6d:59:ea:36:16:1f:69:9b:d5:b7:e7:ff:20:72:d6:f8:60:
         87:f8:61:8c:0e:b5:47:d1:44:56:29:da:92:75:44:4b:5b:a1:
         15:32:38:33:68:42:09:ca:f9:ce:4e:88:c4:fa:02:0a:9b:52:
         95:12:44:68:ad:2f:b4:2e:cd:59:a6:35:63:c0:21:fa:46:fc:
         e4:f5:e3:fb:b5:ee:d0:a6:af:c2:fc:a5:76:b3:ac:15:17:0d:
         f1:5e:4b:0e:1a:d4:76:ed:20:f1:50:09:3a:25:df:13:a3:6a:
         6e:fc:fe:c8:6b:3d:98:71:ec:60:79:54:a6:a4:7a:ef:e9:7a:
         c8:30:37:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbyJk9HDgSk3QI9c+aPONMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzNWMzMzM2ZTJjZTNiZDc1YWIyOWNlODFlNTRmZjgxZWM1
NmYxZGEwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2FmMTY5ZGQyZTllNGM5ZWFmN2ZkOWEwMjg2ODNkNmNmMjBmYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsakAsOXsmEj1bNWT7NjhtK/hHmLL
s9ZXzx5lKgXfey1VZyV0K1uGHKheT6/RDKuRHvcmse9OS3VjA/H9SzNEf5IfRU7K
AWxrSqImi2BuiWd2+kPdANq+a90exozv1j6MwMWtZoy3KOMIKrc2vS5J31ZN9G0L
yw0M02BVKAxSqb236dbcGUH3GWXZCWZO2ZNtT6NLUxqNK2z21YplVN8AZRbo39R3
hij9VWOxXDfQIQxUpf5TLqCUFxcWouglBAQmbq46sxXp49WiPO0MGPhpnyrnBmv7
Rc1s5Gw234kp6pcgqx/PkC1T9HK4tHyw555noPTsVTDCDazJqUec0e/vUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCevFp3S6eTJ6vf9mgKGg9bPIPttMB8GA1UdIwQY
MBaAFDNcMzbizjvXWrKc6B5U/4HsVvHaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTF3ek51TE9POWRhc3B6b0hsVF9nZXhXOGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My82ZWQyMGUtMjE1OS00N2Q1LTliMWQt
NDFkNTA5ZjhiMTU1LzEvSjY4V25kTHA1TW5xOV8yYUFvYUQxczhnLTIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My82ZWQyMGUtMjE1OS00N2Q1LTliMWQtNDFkNTA5ZjhiMTU1
LzEvTTF3ek51TE9POWRhc3B6b0hsVF9nZXhXOGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZbcMA0G
CSqGSIb3DQEBCwUAA4IBAQAh8SIFjbzj0eskYPd52P96o8CMTHHBdaLA8CSDUTvO
8vX/K7QrWnmtmkRrQ0N+yArKDnIE8K1/kSbnaaLSHAn/ll8lAmSojLiwTTTi/3jJ
7L2bgbjZo5WJ+xyKiX9WssdcPnAl7qtWN/c4MIM/bf8OwRxdcYF5PtSsbMpBpw4o
bVnqNhYfaZvVt+f/IHLW+GCH+GGMDrVH0URWKdqSdURLW6EVMjgzaEIJyvnOTojE
+gIKm1KVEkRorS+0Ls1ZpjVjwCH6Rvzk9eP7te7Qpq/C/KV2s6wVFw3xXksOGtR2
7SDxUAk6Jd8To2pu/P7Iaz2YcexgeVSmpHrv6XrIMDdA
-----END CERTIFICATE-----