Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/FYEnXPltTK7x-Tm558OZ166qvsY.roa
File:                     FYEnXPltTK7x-Tm558OZ166qvsY.roa (raw, json)
Hash identifier:          XYYAJZjWbPjgIAPPpWW8vwmDlQPwIsR5XksKgSWl2Yk=
Subject key identifier:   15:81:27:5C:F9:6D:4C:AE:F1:F9:39:B9:E7:C3:99:D7:AE:AA:BE:C6
Certificate issuer:       /CN=8d68f7928c10fc2b54b5b589448fe77d404218ca
Certificate serial:       018CC2DAC1D5A3E425E743EFBC881133EC39
Authority key identifier: 8D:68:F7:92:8C:10:FC:2B:54:B5:B5:89:44:8F:E7:7D:40:42:18:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jWj3kowQ_CtUtbWJRI_nfUBCGMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/FYEnXPltTK7x-Tm558OZ166qvsY.roa
Signing time:             Mon 01 Jan 2024 02:29:25 +0000
ROA not before:           Mon 01 Jan 2024 02:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201602
IP address blocks:        185.199.50.0/24 maxlen: 24
                          185.199.51.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/jWj3kowQ_CtUtbWJRI_nfUBCGMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/jWj3kowQ_CtUtbWJRI_nfUBCGMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jWj3kowQ_CtUtbWJRI_nfUBCGMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:c1:d5:a3:e4:25:e7:43:ef:bc:88:11:33:ec:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d68f7928c10fc2b54b5b589448fe77d404218ca
        Validity
            Not Before: Jan  1 02:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1581275cf96d4caef1f939b9e7c399d7aeaabec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:af:30:2d:9f:bd:fb:9d:3d:b4:9a:b4:b9:a0:
                    ab:f4:78:21:46:9f:97:35:61:f7:c4:6a:5a:9a:e5:
                    bb:a1:64:bd:b1:9c:9b:68:11:28:a6:94:c8:be:6c:
                    82:8e:4b:f0:20:ff:5a:d3:0c:14:61:a9:d5:94:1d:
                    3d:7b:80:0b:df:1d:f5:b7:48:9f:6b:30:82:51:ba:
                    9e:4a:85:f0:00:92:e4:be:82:17:66:e6:57:b4:17:
                    ec:8c:55:90:dd:3a:b5:c9:fd:6b:cc:0a:01:d6:40:
                    06:8f:e2:41:ed:5a:a7:b3:3c:fd:b1:29:69:ce:a9:
                    da:0b:ec:c0:26:8c:14:0e:97:e5:f1:67:a5:5e:bb:
                    a2:85:78:4e:16:f3:26:9a:7c:7a:01:a2:6f:8c:05:
                    92:2e:1d:db:34:d4:8d:b9:36:40:ce:1e:97:86:ce:
                    32:b1:e2:e4:3e:78:b9:56:41:17:c5:7e:26:28:06:
                    cb:9b:7e:fc:a6:e2:1b:32:8c:5e:15:45:27:ee:fc:
                    09:8b:87:e5:8b:42:d5:ef:32:c6:d5:08:8c:b4:e4:
                    d4:ba:72:5d:39:73:3c:99:f0:45:ad:1d:6a:04:05:
                    34:bf:5e:14:a7:b6:ae:4e:6a:3e:35:64:ec:d1:88:
                    96:34:4a:c8:5d:c4:c1:3d:e9:1d:e8:bd:ff:80:7c:
                    e0:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:81:27:5C:F9:6D:4C:AE:F1:F9:39:B9:E7:C3:99:D7:AE:AA:BE:C6
            X509v3 Authority Key Identifier:
                keyid:8D:68:F7:92:8C:10:FC:2B:54:B5:B5:89:44:8F:E7:7D:40:42:18:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWj3kowQ_CtUtbWJRI_nfUBCGMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/FYEnXPltTK7x-Tm558OZ166qvsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/jWj3kowQ_CtUtbWJRI_nfUBCGMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         68:b7:77:1f:7e:93:0c:12:f2:11:63:71:b3:18:ea:18:aa:e1:
         e7:bc:d0:8b:7b:cd:88:dc:ff:03:91:fc:36:e1:f4:e9:2c:19:
         30:95:ef:0f:23:0a:a3:8d:89:06:2c:8d:da:26:cb:8c:10:15:
         d6:9b:c3:e7:99:0e:6a:1e:7d:d7:c2:4c:39:99:b3:f8:ba:ef:
         7d:29:19:07:f3:4e:0c:81:54:ae:91:ae:cb:47:ea:2c:b3:53:
         d5:32:74:9a:33:51:2c:96:94:77:c5:8f:49:9e:0f:d2:80:12:
         a7:3f:19:56:81:e4:f1:0d:d6:78:42:f6:95:e0:9c:79:f4:90:
         c7:59:7c:02:82:95:6d:9c:07:25:dc:ba:d3:07:64:c8:6a:aa:
         e6:70:b1:e4:0d:f6:b0:6e:cb:82:03:ff:49:7a:c4:49:77:ac:
         dd:c8:1a:64:c3:8c:b2:2a:12:d9:bd:78:71:ec:28:4b:e6:4e:
         01:eb:55:0c:f5:9c:15:da:6b:64:38:64:12:af:8f:dd:c0:7e:
         c3:66:12:a2:3e:6c:37:69:b9:8b:5f:4e:10:7e:0e:4f:f1:dd:
         6c:10:20:a1:65:e5:de:b1:83:bb:8e:c6:ec:49:dd:14:71:e7:
         35:c8:d2:32:bd:f0:9f:16:b0:c3:77:a5:e5:5a:c1:a0:27:ee:
         c1:a0:94:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2sHVo+Ql50PvvIgRM+w5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjhmNzkyOGMxMGZjMmI1NGI1YjU4OTQ0OGZlNzdkNDA0
MjE4Y2EwHhcNMjQwMTAxMDIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTgxMjc1Y2Y5NmQ0Y2FlZjFmOTM5YjllN2MzOTlkN2FlYWFiZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk68wLZ+9+509tJq0uaCr9HghRp+X
NWH3xGpamuW7oWS9sZybaBEoppTIvmyCjkvwIP9a0wwUYanVlB09e4AL3x31t0if
azCCUbqeSoXwAJLkvoIXZuZXtBfsjFWQ3Tq1yf1rzAoB1kAGj+JB7Vqnszz9sSlp
zqnaC+zAJowUDpfl8WelXruihXhOFvMmmnx6AaJvjAWSLh3bNNSNuTZAzh6Xhs4y
seLkPni5VkEXxX4mKAbLm378puIbMoxeFUUn7vwJi4fli0LV7zLG1QiMtOTUunJd
OXM8mfBFrR1qBAU0v14Up7auTmo+NWTs0YiWNErIXcTBPekd6L3/gHzgHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBWBJ1z5bUyu8fk5uefDmdeuqr7GMB8GA1UdIwQY
MBaAFI1o95KMEPwrVLW1iUSP531AQhjKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldqM2tvd1FfQ3RVdGJXSlJJX25mVUJDR01vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hZWM4NjEtODExMi00ZDhhLWIyMTYt
ZDAxMTE1MDg5NDYzLzEvRllFblhQbHRUSzd4LVRtNTU4T1oxNjZxdnNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hZWM4NjEtODExMi00ZDhhLWIyMTYtZDAxMTE1MDg5NDYz
LzEvaldqM2tvd1FfQ3RVdGJXSlJJX25mVUJDR01vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuccyMA0G
CSqGSIb3DQEBCwUAA4IBAQBot3cffpMMEvIRY3GzGOoYquHnvNCLe82I3P8Dkfw2
4fTpLBkwle8PIwqjjYkGLI3aJsuMEBXWm8PnmQ5qHn3Xwkw5mbP4uu99KRkH804M
gVSuka7LR+oss1PVMnSaM1EslpR3xY9Jng/SgBKnPxlWgeTxDdZ4QvaV4Jx59JDH
WXwCgpVtnAcl3LrTB2TIaqrmcLHkDfawbsuCA/9JesRJd6zdyBpkw4yyKhLZvXhx
7ChL5k4B61UM9ZwV2mtkOGQSr4/dwH7DZhKiPmw3abmLX04Qfg5P8d1sECChZeXe
sYO7jsbsSd0Ucec1yNIyvfCfFrDDd6XlWsGgJ+7BoJRi
-----END CERTIFICATE-----