Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/FveeOj9l7FxxmRsSwt1HgCwwQeA.roa
File:                     FveeOj9l7FxxmRsSwt1HgCwwQeA.roa (raw, json)
Hash identifier:          M4dtF8jy0wzwUCk1jVRckWxwU5GEJHMwlYsYHLu5Fdo=
Subject key identifier:   16:F7:9E:3A:3F:65:EC:5C:71:99:1B:12:C2:DD:47:80:2C:30:41:E0
Certificate issuer:       /CN=8d68f7928c10fc2b54b5b589448fe77d404218ca
Certificate serial:       019420687658E15876DE89B2F2359CD61C5D
Authority key identifier: 8D:68:F7:92:8C:10:FC:2B:54:B5:B5:89:44:8F:E7:7D:40:42:18:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jWj3kowQ_CtUtbWJRI_nfUBCGMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/FveeOj9l7FxxmRsSwt1HgCwwQeA.roa
Signing time:             Wed 01 Jan 2025 05:48:24 +0000
ROA not before:           Wed 01 Jan 2025 05:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201602
IP address blocks:        185.199.50.0/24 maxlen: 24
                          185.199.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/jWj3kowQ_CtUtbWJRI_nfUBCGMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/jWj3kowQ_CtUtbWJRI_nfUBCGMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jWj3kowQ_CtUtbWJRI_nfUBCGMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:76:58:e1:58:76:de:89:b2:f2:35:9c:d6:1c:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d68f7928c10fc2b54b5b589448fe77d404218ca
        Validity
            Not Before: Jan  1 05:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16f79e3a3f65ec5c71991b12c2dd47802c3041e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:a8:00:74:41:e7:80:3a:d9:e1:f8:84:bb:be:
                    37:9e:c9:bd:bf:1a:55:97:78:03:df:3f:94:72:ef:
                    d0:08:60:af:44:0a:a9:b2:08:ff:87:fc:51:34:79:
                    fc:f8:e9:15:f9:70:ec:4b:e6:31:e9:4b:9a:3b:f8:
                    8a:6d:70:29:6f:4d:2d:18:2c:b1:af:4e:de:7e:63:
                    19:a4:d7:a6:7f:66:f4:19:2b:b1:dc:07:bc:59:08:
                    bd:e3:80:a3:b7:68:06:7c:ba:5b:a4:0a:40:45:56:
                    92:81:3a:e9:5e:40:d1:a7:dd:f9:ba:5b:5f:ba:b1:
                    ee:a9:76:b2:3b:92:35:30:d0:7c:b5:e2:73:e8:5e:
                    c0:2c:56:f6:37:17:4e:ad:f7:7a:b4:f5:2f:37:0a:
                    d5:97:65:87:36:5e:d5:0c:d9:54:34:0c:62:49:c8:
                    4e:ff:0b:64:a6:e8:55:dd:15:ae:cd:6c:3d:ff:6d:
                    36:98:a0:fb:54:22:ff:9b:2a:25:ef:e0:af:f1:a2:
                    29:1b:2a:2c:f8:5e:b3:7c:2a:7b:da:ba:6f:4d:a9:
                    7e:4d:86:ec:38:93:74:b7:3b:b8:ff:3d:2d:92:26:
                    f1:be:73:03:9e:34:dc:9b:cc:65:1e:4d:f4:9f:d1:
                    8a:90:51:ed:d0:6d:a4:fd:50:a9:7e:39:ef:8c:7d:
                    7d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:F7:9E:3A:3F:65:EC:5C:71:99:1B:12:C2:DD:47:80:2C:30:41:E0
            X509v3 Authority Key Identifier:
                keyid:8D:68:F7:92:8C:10:FC:2B:54:B5:B5:89:44:8F:E7:7D:40:42:18:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jWj3kowQ_CtUtbWJRI_nfUBCGMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/FveeOj9l7FxxmRsSwt1HgCwwQeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/aec861-8112-4d8a-b216-d01115089463/1/jWj3kowQ_CtUtbWJRI_nfUBCGMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.50.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:02:6c:5e:f9:34:71:f9:18:bf:3b:35:4d:2f:0c:94:ec:0b:
         aa:70:9f:77:c4:14:cd:2e:28:ed:28:d5:26:71:1f:fb:6c:21:
         ff:33:79:5f:93:dd:fd:b2:f7:29:3f:45:8e:77:ba:cc:5d:da:
         b7:ed:ee:06:6c:02:bb:7e:f3:c1:b0:fb:25:0d:f0:65:0b:43:
         dd:27:e2:a2:dd:68:f2:de:13:69:82:b2:29:f6:a2:ff:88:ce:
         8e:50:38:03:4f:43:2f:01:59:4a:c6:c1:b6:a2:dd:62:27:88:
         df:f2:d6:92:5b:94:1e:44:68:b1:73:63:c5:e5:79:9b:fe:9c:
         d3:f0:95:ec:0e:13:4c:84:5a:54:8f:40:a3:dd:3e:9d:a5:9a:
         02:f9:80:75:e0:cd:78:94:a7:10:29:b4:53:c0:c1:49:8f:69:
         7a:a7:4f:aa:0f:1b:b6:1e:98:29:99:a1:48:1e:33:e4:c4:c5:
         a9:5f:cf:b7:d1:cb:e1:ed:d4:fc:53:c8:39:4b:c4:b0:35:ad:
         d4:31:8c:98:10:a8:f7:d5:88:8d:fc:b4:52:d3:34:78:b2:d8:
         5f:19:40:f6:c4:1e:44:84:7f:72:2a:75:40:51:4b:19:6c:f5:
         5b:da:4b:93:13:f1:e4:2d:b1:1b:e1:83:13:f0:15:d7:87:a2:
         c7:d8:db:b2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaHZY4Vh23omy8jWc1hxdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNjhmNzkyOGMxMGZjMmI1NGI1YjU4OTQ0OGZlNzdkNDA0
MjE4Y2EwHhcNMjUwMTAxMDU0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmY3OWUzYTNmNjVlYzVjNzE5OTFiMTJjMmRkNDc4MDJjMzA0MWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl6gAdEHngDrZ4fiEu743nsm9vxpV
l3gD3z+Ucu/QCGCvRAqpsgj/h/xRNHn8+OkV+XDsS+Yx6UuaO/iKbXApb00tGCyx
r07efmMZpNemf2b0GSux3Ae8WQi944Cjt2gGfLpbpApARVaSgTrpXkDRp935ultf
urHuqXayO5I1MNB8teJz6F7ALFb2NxdOrfd6tPUvNwrVl2WHNl7VDNlUNAxiSchO
/wtkpuhV3RWuzWw9/202mKD7VCL/myol7+Cv8aIpGyos+F6zfCp72rpvTal+TYbs
OJN0tzu4/z0tkibxvnMDnjTcm8xlHk30n9GKkFHt0G2k/VCpfjnvjH19iQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBb3njo/ZexccZkbEsLdR4AsMEHgMB8GA1UdIwQY
MBaAFI1o95KMEPwrVLW1iUSP531AQhjKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaldqM2tvd1FfQ3RVdGJXSlJJX25mVUJDR01vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9hZWM4NjEtODExMi00ZDhhLWIyMTYt
ZDAxMTE1MDg5NDYzLzEvRnZlZU9qOWw3Rnh4bVJzU3d0MUhnQ3d3UWVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9hZWM4NjEtODExMi00ZDhhLWIyMTYtZDAxMTE1MDg5NDYz
LzEvaldqM2tvd1FfQ3RVdGJXSlJJX25mVUJDR01vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuccyMA0G
CSqGSIb3DQEBCwUAA4IBAQBeAmxe+TRx+Ri/OzVNLwyU7AuqcJ93xBTNLijtKNUm
cR/7bCH/M3lfk939svcpP0WOd7rMXdq37e4GbAK7fvPBsPslDfBlC0PdJ+Ki3Wjy
3hNpgrIp9qL/iM6OUDgDT0MvAVlKxsG2ot1iJ4jf8taSW5QeRGixc2PF5Xmb/pzT
8JXsDhNMhFpUj0Cj3T6dpZoC+YB14M14lKcQKbRTwMFJj2l6p0+qDxu2HpgpmaFI
HjPkxMWpX8+30cvh7dT8U8g5S8SwNa3UMYyYEKj31YiN/LRS0zR4sthfGUD2xB5E
hH9yKnVAUUsZbPVb2kuTE/HkLbEb4YMT8BXXh6LH2Nuy
-----END CERTIFICATE-----