Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/1-ewnqONH7jLfrezIF9XAcdgbOts.roa
File:                     1-ewnqONH7jLfrezIF9XAcdgbOts.roa (raw, json)
Hash identifier:          eqsS7ZHnEwFQmp9h0aA6caz/1K3xNECzoWizmcAS9uc=
Subject key identifier:   F9:EC:27:A8:E3:47:EE:32:DF:AD:EC:C8:17:D5:C0:71:D8:1B:3A:DB
Certificate issuer:       /CN=b4a90f6896678442afaee1baaaa6b2a2decacd3b
Certificate serial:       018CC94DC96DB6BE649126D731DE8B6A8A35
Authority key identifier: B4:A9:0F:68:96:67:84:42:AF:AE:E1:BA:AA:A6:B2:A2:DE:CA:CD:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tKkPaJZnhEKvruG6qqayot7KzTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/1-ewnqONH7jLfrezIF9XAcdgbOts.roa
Signing time:             Tue 02 Jan 2024 08:32:47 +0000
ROA not before:           Tue 02 Jan 2024 08:32:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        185.150.60.0/24 maxlen: 24
                          185.150.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/tKkPaJZnhEKvruG6qqayot7KzTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/tKkPaJZnhEKvruG6qqayot7KzTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tKkPaJZnhEKvruG6qqayot7KzTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:c9:6d:b6:be:64:91:26:d7:31:de:8b:6a:8a:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4a90f6896678442afaee1baaaa6b2a2decacd3b
        Validity
            Not Before: Jan  2 08:32:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9ec27a8e347ee32dfadecc817d5c071d81b3adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d9:1f:50:2f:08:62:89:29:5f:5f:58:1c:26:
                    24:db:65:c5:3c:52:4b:b6:1a:98:72:71:d6:50:8e:
                    bf:7a:09:49:6b:4e:7c:89:2a:9b:2b:36:c3:e7:f8:
                    7b:9f:07:4e:a2:40:df:eb:7c:95:2b:37:6d:35:08:
                    1d:38:37:c1:20:7c:db:ef:3e:64:ee:b6:87:e8:31:
                    05:d0:55:60:95:74:06:10:8f:56:85:ab:eb:c0:d8:
                    39:c4:8b:6c:bf:ac:00:cf:a9:27:4d:09:0d:89:9e:
                    ec:29:1b:d2:60:f8:e5:80:bd:41:31:f1:6c:f2:a5:
                    99:c1:1c:85:a5:43:4b:81:a8:0a:ce:21:b3:ef:70:
                    93:45:db:f4:29:6b:94:d7:4c:85:c2:6b:79:8f:48:
                    a5:d1:67:a5:5d:d1:ec:23:a8:0b:66:9c:39:77:c4:
                    41:4a:9e:a8:67:8b:e6:16:62:dc:36:e2:3f:21:13:
                    6f:e8:53:47:96:30:0a:2a:18:d6:2d:1a:09:9e:ce:
                    42:b9:ee:67:71:99:71:e2:d8:89:1c:53:cf:7e:21:
                    3e:2d:37:c4:a9:5d:60:fd:3a:7e:1d:16:91:90:a3:
                    8c:c7:64:4a:67:05:18:60:03:7a:fd:30:fe:44:78:
                    e1:f8:7f:8b:49:1b:4e:c9:16:66:07:90:e1:05:30:
                    26:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:EC:27:A8:E3:47:EE:32:DF:AD:EC:C8:17:D5:C0:71:D8:1B:3A:DB
            X509v3 Authority Key Identifier:
                keyid:B4:A9:0F:68:96:67:84:42:AF:AE:E1:BA:AA:A6:B2:A2:DE:CA:CD:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tKkPaJZnhEKvruG6qqayot7KzTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/1-ewnqONH7jLfrezIF9XAcdgbOts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/tKkPaJZnhEKvruG6qqayot7KzTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2b:c3:bc:6a:94:25:40:1f:d7:25:44:e9:a6:e7:86:7c:67:3a:
         92:6d:85:68:15:73:e0:61:76:7f:38:a5:90:33:1a:81:48:c3:
         e7:ea:b1:34:52:0a:98:8a:22:39:13:a9:9d:a7:fa:b0:f8:eb:
         90:08:c0:ee:77:34:41:36:c1:c9:0b:e9:57:8b:87:39:57:2f:
         d5:65:37:6c:b2:2f:d1:be:c3:7c:f6:b4:96:08:f1:93:2b:78:
         ba:d0:28:56:42:70:7d:0b:27:cb:56:7e:a4:99:31:e8:35:3c:
         b3:41:da:42:33:0c:b0:7e:48:17:af:33:4f:69:06:7a:7d:9f:
         bf:47:ed:54:45:3a:f2:b2:f4:50:f3:0d:19:16:ce:98:0f:ce:
         6b:ca:e0:cf:38:1b:c9:0f:6c:b6:aa:6f:fa:7f:d1:53:68:4a:
         a1:c0:9e:10:5b:44:af:f1:5a:88:b9:00:55:ae:9a:fa:64:67:
         ed:f3:75:bc:4d:e9:a7:c1:c3:96:7d:c4:06:fe:ad:6c:e2:ca:
         28:92:99:aa:45:91:a0:f6:d1:13:07:38:67:7d:cc:2b:c0:0c:
         59:d0:f3:72:b5:5a:69:84:67:66:b6:51:a1:cc:4f:82:66:82:
         5a:84:38:c4:6d:2f:a9:4d:1b:b3:7a:43:33:9a:e5:4d:a0:41:
         46:de:bb:19
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzJTclttr5kkSbXMd6Laoo1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YTkwZjY4OTY2Nzg0NDJhZmFlZTFiYWFhYTZiMmEyZGVj
YWNkM2IwHhcNMjQwMTAyMDgzMjQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWVjMjdhOGUzNDdlZTMyZGZhZGVjYzgxN2Q1YzA3MWQ4MWIzYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtkfUC8IYokpX19YHCYk22XFPFJL
thqYcnHWUI6/eglJa058iSqbKzbD5/h7nwdOokDf63yVKzdtNQgdODfBIHzb7z5k
7raH6DEF0FVglXQGEI9WhavrwNg5xItsv6wAz6knTQkNiZ7sKRvSYPjlgL1BMfFs
8qWZwRyFpUNLgagKziGz73CTRdv0KWuU10yFwmt5j0il0WelXdHsI6gLZpw5d8RB
Sp6oZ4vmFmLcNuI/IRNv6FNHljAKKhjWLRoJns5Cue5ncZlx4tiJHFPPfiE+LTfE
qV1g/Tp+HRaRkKOMx2RKZwUYYAN6/TD+RHjh+H+LSRtOyRZmB5DhBTAmhwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnsJ6jjR+4y363syBfVwHHYGzrbMB8GA1UdIwQY
MBaAFLSpD2iWZ4RCr67huqqmsqLeys07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEtrUGFKWm5oRUt2cnVHNnFxYXlvdDdLelRzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9lNjE2MTQtZWJjNS00NzMxLTg1NjAt
OWQxODEyOTk5YTM1LzEvMS1ld25xT05IN2pMZnJleklGOVhBY2RnYk90cy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZjEvZTYxNjE0LWViYzUtNDczMS04NTYwLTlkMTgxMjk5OWEz
NS8xL3RLa1BhSlpuaEVLdnJ1RzZxcWF5b3Q3S3pUcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAbmWPDAN
BgkqhkiG9w0BAQsFAAOCAQEAK8O8apQlQB/XJUTppueGfGc6km2FaBVz4GF2fzil
kDMagUjD5+qxNFIKmIoiOROpnaf6sPjrkAjA7nc0QTbByQvpV4uHOVcv1WU3bLIv
0b7DfPa0lgjxkyt4utAoVkJwfQsny1Z+pJkx6DU8s0HaQjMMsH5IF68zT2kGen2f
v0ftVEU68rL0UPMNGRbOmA/Oa8rgzzgbyQ9stqpv+n/RU2hKocCeEFtEr/FaiLkA
Va6a+mRn7fN1vE3pp8HDln3EBv6tbOLKKJKZqkWRoPbREwc4Z33MK8AMWdDzcrVa
aYRnZrZRocxPgmaCWoQ4xG0vqU0bs3pDM5rlTaBBRt67GQ==
-----END CERTIFICATE-----