Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/cf3RUm_66Y15DDXcbEjXv-u8xCA.roa
File:                     cf3RUm_66Y15DDXcbEjXv-u8xCA.roa (raw, json)
Hash identifier:          Vo9OIltbgdrl6L+n5IxMbVIBiH+2dwmTDwJpbB3b2Po=
Subject key identifier:   71:FD:D1:52:6F:FA:E9:8D:79:0C:35:DC:6C:48:D7:BF:EB:BC:C4:20
Certificate issuer:       /CN=d48551e26169b3b3e124f6964e2702e95768253e
Certificate serial:       018CC7258B0631B3307E1C285556B8B825FD
Authority key identifier: D4:85:51:E2:61:69:B3:B3:E1:24:F6:96:4E:27:02:E9:57:68:25:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1IVR4mFps7PhJPaWTicC6VdoJT4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/cf3RUm_66Y15DDXcbEjXv-u8xCA.roa
Signing time:             Mon 01 Jan 2024 22:29:35 +0000
ROA not before:           Mon 01 Jan 2024 22:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203640
IP address blocks:        185.29.109.0/24 maxlen: 24
                          185.29.108.0/24 maxlen: 24
                          185.29.111.0/24 maxlen: 24
                          185.29.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/1IVR4mFps7PhJPaWTicC6VdoJT4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/1IVR4mFps7PhJPaWTicC6VdoJT4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1IVR4mFps7PhJPaWTicC6VdoJT4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:25:8b:06:31:b3:30:7e:1c:28:55:56:b8:b8:25:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48551e26169b3b3e124f6964e2702e95768253e
        Validity
            Not Before: Jan  1 22:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71fdd1526ffae98d790c35dc6c48d7bfebbcc420
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:93:4d:38:f8:72:e0:de:49:2a:73:7a:26:29:
                    94:d1:93:80:e8:29:a6:58:a4:e8:ec:6d:fd:24:02:
                    6c:8b:7e:82:0e:f9:05:88:17:f5:92:c2:03:e3:72:
                    53:3a:30:10:07:43:51:35:9e:0e:f2:39:10:fe:da:
                    65:56:d6:5b:b4:6d:e9:1f:9f:e2:6f:46:85:b1:fe:
                    af:85:29:a1:b8:12:a0:e9:00:f6:77:24:6c:d7:c6:
                    d2:94:dc:87:8a:0a:11:e5:d3:10:74:73:69:22:26:
                    48:6a:7b:0f:bb:84:04:f2:d4:8a:1d:91:d2:70:63:
                    99:9f:85:b3:58:46:e1:6c:05:11:4e:8f:36:f7:d1:
                    68:27:db:dc:c0:75:fa:19:51:18:41:7f:a6:c6:29:
                    6c:8e:a7:fa:d3:93:61:4f:65:73:ee:d3:d4:64:d2:
                    52:49:cd:fb:f8:0c:ef:b4:3d:f2:f6:e1:0b:00:20:
                    f6:da:79:8f:e3:34:dc:f1:6d:ee:2d:5d:e3:b4:4d:
                    7d:69:0e:f1:0e:8e:d6:07:b3:32:53:9d:98:79:5e:
                    84:4f:0e:6c:8c:94:61:73:db:af:19:4c:86:b3:da:
                    c6:fc:fc:a7:5a:8c:97:58:bb:98:ee:ee:e4:6e:3a:
                    40:e8:d8:9d:e0:ea:f6:a3:1c:fb:ef:a9:92:70:07:
                    a7:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:FD:D1:52:6F:FA:E9:8D:79:0C:35:DC:6C:48:D7:BF:EB:BC:C4:20
            X509v3 Authority Key Identifier:
                keyid:D4:85:51:E2:61:69:B3:B3:E1:24:F6:96:4E:27:02:E9:57:68:25:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1IVR4mFps7PhJPaWTicC6VdoJT4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/cf3RUm_66Y15DDXcbEjXv-u8xCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ead277-84c9-4b8e-879e-5f73267102a6/1/1IVR4mFps7PhJPaWTicC6VdoJT4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.29.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         29:ff:80:3d:d2:64:1f:05:99:7d:82:86:ac:2c:15:d2:ff:f5:
         16:b7:29:88:5f:09:63:e1:90:a7:90:46:1c:8d:91:51:db:86:
         d2:87:72:4a:89:4b:51:95:41:0f:06:5d:40:88:6d:be:00:d4:
         ba:a7:51:36:8e:d8:53:f0:06:5c:c1:80:bf:d8:10:25:96:cf:
         ee:21:af:08:fd:ce:77:64:2e:de:28:11:b6:ef:7e:c5:c3:88:
         3b:20:60:a6:65:90:de:3e:90:13:40:34:21:63:9d:27:9b:b6:
         66:85:f7:59:2a:e3:7f:34:00:73:90:ac:e6:ef:41:69:93:6c:
         9c:c9:82:e2:f2:12:1d:28:6e:c4:57:73:c5:98:05:e3:4f:63:
         1f:ab:e4:82:1e:cb:6d:1c:4d:16:74:1a:03:9b:66:1d:8a:85:
         a4:95:d1:a7:22:3f:c6:02:04:9c:90:64:24:4b:65:fa:f8:44:
         38:fe:fd:e8:df:5a:05:12:60:29:6c:6f:c2:dc:67:93:fd:8a:
         c9:c5:f6:f0:5d:fc:a6:fd:f2:cd:44:04:89:b5:46:02:02:ca:
         5f:04:f5:d9:af:60:42:0f:22:58:3f:81:8b:18:8a:29:a1:f2:
         72:37:79:d4:3e:08:33:da:4a:50:54:5e:83:a2:30:d9:d1:4a:
         d7:16:c9:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJYsGMbMwfhwoVVa4uCX9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0ODU1MWUyNjE2OWIzYjNlMTI0ZjY5NjRlMjcwMmU5NTc2
ODI1M2UwHhcNMjQwMTAxMjIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWZkZDE1MjZmZmFlOThkNzkwYzM1ZGM2YzQ4ZDdiZmViYmNjNDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75NNOPhy4N5JKnN6JimU0ZOA6Cmm
WKTo7G39JAJsi36CDvkFiBf1ksID43JTOjAQB0NRNZ4O8jkQ/tplVtZbtG3pH5/i
b0aFsf6vhSmhuBKg6QD2dyRs18bSlNyHigoR5dMQdHNpIiZIansPu4QE8tSKHZHS
cGOZn4WzWEbhbAURTo8299FoJ9vcwHX6GVEYQX+mxilsjqf605NhT2Vz7tPUZNJS
Sc37+AzvtD3y9uELACD22nmP4zTc8W3uLV3jtE19aQ7xDo7WB7MyU52YeV6ETw5s
jJRhc9uvGUyGs9rG/PynWoyXWLuY7u7kbjpA6Nid4Or2oxz776mScAengQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHH90VJv+umNeQw13GxI17/rvMQgMB8GA1UdIwQY
MBaAFNSFUeJhabOz4ST2lk4nAulXaCU+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlWUjRtRnBzN1BoSlBhV1RpY0M2VmRvSlQ0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9lYWQyNzctODRjOS00YjhlLTg3OWUt
NWY3MzI2NzEwMmE2LzEvY2YzUlVtXzY2WTE1RERYY2JFalh2LXU4eENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9lYWQyNzctODRjOS00YjhlLTg3OWUtNWY3MzI2NzEwMmE2
LzEvMUlWUjRtRnBzN1BoSlBhV1RpY0M2VmRvSlQ0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuR1sMA0G
CSqGSIb3DQEBCwUAA4IBAQAp/4A90mQfBZl9goasLBXS//UWtymIXwlj4ZCnkEYc
jZFR24bSh3JKiUtRlUEPBl1AiG2+ANS6p1E2jthT8AZcwYC/2BAlls/uIa8I/c53
ZC7eKBG2737Fw4g7IGCmZZDePpATQDQhY50nm7ZmhfdZKuN/NABzkKzm70Fpk2yc
yYLi8hIdKG7EV3PFmAXjT2Mfq+SCHsttHE0WdBoDm2YdioWkldGnIj/GAgSckGQk
S2X6+EQ4/v3o31oFEmApbG/C3GeT/YrJxfbwXfym/fLNRASJtUYCAspfBPXZr2BC
DyJYP4GLGIopofJyN3nUPggz2kpQVF6DojDZ0UrXFsnM
-----END CERTIFICATE-----