Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/rFlugNGr-3DyDG3Ypn6kJRgihYw.roa
File:                     rFlugNGr-3DyDG3Ypn6kJRgihYw.roa (raw, json)
Hash identifier:          Moz7baZEmGb60gs946/SMPJbRzqsgdeQtjmQD/8Bfj4=
Subject key identifier:   AC:59:6E:80:D1:AB:FB:70:F2:0C:6D:D8:A6:7E:A4:25:18:22:85:8C
Certificate issuer:       /CN=50399d4435bb85fae910abe38e68533204dfd60b
Certificate serial:       019422FC4C456F2BA7D0781A929074B34A4D
Authority key identifier: 50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/rFlugNGr-3DyDG3Ypn6kJRgihYw.roa
Signing time:             Wed 01 Jan 2025 17:49:07 +0000
ROA not before:           Wed 01 Jan 2025 17:49:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44071
IP address blocks:        185.167.188.0/24 maxlen: 24
                          185.167.189.0/24 maxlen: 24
                          185.167.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 11:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:4c:45:6f:2b:a7:d0:78:1a:92:90:74:b3:4a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50399d4435bb85fae910abe38e68533204dfd60b
        Validity
            Not Before: Jan  1 17:49:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac596e80d1abfb70f20c6dd8a67ea4251822858c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a4:f4:45:0f:4b:71:15:53:7c:74:1c:9d:25:
                    02:90:87:f8:be:70:99:73:d2:52:75:6f:d6:73:71:
                    1d:d8:f6:18:e2:67:48:ce:2e:bb:27:7a:3f:3a:9a:
                    ff:c4:3e:f5:3e:40:ca:ea:a3:5f:3b:72:7d:45:57:
                    89:62:81:90:26:d2:b8:6a:c7:a1:45:9d:8c:eb:ea:
                    1c:64:be:c0:16:54:3c:5e:c1:a6:2f:ae:c7:76:c9:
                    84:bb:24:c0:83:ad:c1:97:6e:d8:66:95:05:33:11:
                    62:e3:61:e8:97:b3:29:8e:24:df:3a:54:69:4b:bc:
                    43:7b:20:33:c0:82:33:70:e9:ca:35:9d:3d:30:85:
                    50:36:82:bd:49:1c:3c:61:e9:7e:1b:38:56:1a:61:
                    f1:b5:94:0d:bd:71:41:91:cd:87:35:98:96:a0:85:
                    4a:ab:cd:68:4e:c8:0c:6e:d9:49:f7:58:47:2e:a8:
                    a4:94:8f:3f:cd:4e:99:26:d8:c3:ba:92:dd:90:0b:
                    c6:de:a2:68:ec:c8:42:3b:a6:a2:f8:43:f0:86:d5:
                    70:be:38:f7:ef:56:e4:0d:86:5f:47:7d:82:2a:c7:
                    5a:02:27:4c:45:9b:45:09:f2:6e:91:c5:ef:84:2c:
                    7e:0b:08:e2:b2:dd:29:17:70:2a:75:9e:86:c2:f1:
                    b5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:59:6E:80:D1:AB:FB:70:F2:0C:6D:D8:A6:7E:A4:25:18:22:85:8C
            X509v3 Authority Key Identifier:
                keyid:50:39:9D:44:35:BB:85:FA:E9:10:AB:E3:8E:68:53:32:04:DF:D6:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UDmdRDW7hfrpEKvjjmhTMgTf1gs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/rFlugNGr-3DyDG3Ypn6kJRgihYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/4f3f08-986b-48e4-85dd-34ffdb442113/1/UDmdRDW7hfrpEKvjjmhTMgTf1gs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.188.0-185.167.190.255

    Signature Algorithm: sha256WithRSAEncryption
         54:a1:9e:a9:1f:08:e5:a6:25:16:92:d0:cd:d6:24:0e:e9:10:
         c1:dd:f3:33:26:65:61:be:6a:f2:f9:1e:ee:05:ee:cc:0b:9b:
         6f:0b:36:6e:1a:6d:bc:7e:d9:1d:d8:f4:e1:a5:83:73:36:7f:
         f2:7b:f9:eb:3c:16:05:2c:94:2b:5a:fe:df:95:1d:3e:bd:21:
         d2:2c:2b:a6:b4:c9:d9:44:02:95:5d:86:33:3e:cc:d9:1d:58:
         2c:02:bf:3e:2a:33:7a:c9:ca:5b:f6:25:e6:fb:64:61:63:4a:
         16:50:e9:19:5e:25:60:14:c0:4e:cb:58:19:33:de:b1:f2:28:
         20:92:55:fa:e0:18:b7:50:80:ba:ff:81:be:36:98:57:66:26:
         46:d0:9c:8a:3b:b6:6c:e0:24:44:d0:ba:e1:15:1a:16:85:2a:
         77:00:dd:8e:0c:61:a9:dc:80:31:9c:a1:46:f5:67:3f:93:5c:
         b4:4b:f4:ee:62:82:be:51:a9:f0:a0:f0:b2:51:08:96:d5:ac:
         90:e5:e2:9d:92:0c:b9:70:ae:80:79:0e:16:8e:56:32:86:23:
         f1:ca:af:79:63:ae:4d:1f:aa:4c:f4:aa:4f:7c:5d:b1:25:ef:
         0f:39:aa:4f:42:10:e1:7b:53:aa:16:bc:d1:30:d3:7c:1b:1e:
         2f:bd:9d:a7
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi/ExFbyun0HgakpB0s0pNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwMzk5ZDQ0MzViYjg1ZmFlOTEwYWJlMzhlNjg1MzMyMDRk
ZmQ2MGIwHhcNMjUwMTAxMTc0OTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzU5NmU4MGQxYWJmYjcwZjIwYzZkZDhhNjdlYTQyNTE4MjI4NThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqT0RQ9LcRVTfHQcnSUCkIf4vnCZ
c9JSdW/Wc3Ed2PYY4mdIzi67J3o/Opr/xD71PkDK6qNfO3J9RVeJYoGQJtK4aseh
RZ2M6+ocZL7AFlQ8XsGmL67HdsmEuyTAg63Bl27YZpUFMxFi42Hol7MpjiTfOlRp
S7xDeyAzwIIzcOnKNZ09MIVQNoK9SRw8Yel+GzhWGmHxtZQNvXFBkc2HNZiWoIVK
q81oTsgMbtlJ91hHLqiklI8/zU6ZJtjDupLdkAvG3qJo7MhCO6ai+EPwhtVwvjj3
71bkDYZfR32CKsdaAidMRZtFCfJukcXvhCx+Cwjist0pF3AqdZ6GwvG1kQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKxZboDRq/tw8gxt2KZ+pCUYIoWMMB8GA1UdIwQY
MBaAFFA5nUQ1u4X66RCr445oUzIE39YLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQt
MzRmZmRiNDQyMTEzLzEvckZsdWdOR3ItM0R5REczWXBuNmtKUmdpaFl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi80ZjNmMDgtOTg2Yi00OGU0LTg1ZGQtMzRmZmRiNDQyMTEz
LzEvVURtZFJEVzdoZnJwRUt2amptaFRNZ1RmMWdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAK5p7wD
BAC5p74wDQYJKoZIhvcNAQELBQADggEBAFShnqkfCOWmJRaS0M3WJA7pEMHd8zMm
ZWG+avL5Hu4F7swLm28LNm4abbx+2R3Y9OGlg3M2f/J7+es8FgUslCta/t+VHT69
IdIsK6a0ydlEApVdhjM+zNkdWCwCvz4qM3rJylv2Jeb7ZGFjShZQ6RleJWAUwE7L
WBkz3rHyKCCSVfrgGLdQgLr/gb42mFdmJkbQnIo7tmzgJETQuuEVGhaFKncA3Y4M
YancgDGcoUb1Zz+TXLRL9O5igr5RqfCg8LJRCJbVrJDl4p2SDLlwroB5DhaOVjKG
I/HKr3ljrk0fqkz0qk98XbEl7w85qk9CEOF7U6oWvNEw03wbHi+9nac=
-----END CERTIFICATE-----