Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/b2b221-2ae9-45cc-ad1e-fcd3de868431/1/cflyn93rcQDxnaom3KrUdkbsfok.roa
File:                     cflyn93rcQDxnaom3KrUdkbsfok.roa (raw, json)
Hash identifier:          Vw9eK3uvukMITgOoRa2f44dbFK2nJb441ohtPSffz1M=
Subject key identifier:   71:F9:72:9F:DD:EB:71:00:F1:9D:AA:26:DC:AA:D4:76:46:EC:7E:89
Certificate issuer:       /CN=fe3ecfb35993217c36743bcafaa7b0259d2e476a
Certificate serial:       018E6A53DF2B911B492B31D67EE3241B68EC
Authority key identifier: FE:3E:CF:B3:59:93:21:7C:36:74:3B:CA:FA:A7:B0:25:9D:2E:47:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_j7Ps1mTIXw2dDvK-qewJZ0uR2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/b2b221-2ae9-45cc-ad1e-fcd3de868431/1/cflyn93rcQDxnaom3KrUdkbsfok.roa
Signing time:             Sat 23 Mar 2024 08:01:05 +0000
ROA not before:           Sat 23 Mar 2024 08:01:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203102
IP address blocks:        185.144.64.0/22 maxlen: 22
                          185.144.64.0/24 maxlen: 24
                          185.144.65.0/24 maxlen: 24
                          185.144.66.0/24 maxlen: 24
                          185.144.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/b2b221-2ae9-45cc-ad1e-fcd3de868431/1/_j7Ps1mTIXw2dDvK-qewJZ0uR2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/b2b221-2ae9-45cc-ad1e-fcd3de868431/1/_j7Ps1mTIXw2dDvK-qewJZ0uR2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_j7Ps1mTIXw2dDvK-qewJZ0uR2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6a:53:df:2b:91:1b:49:2b:31:d6:7e:e3:24:1b:68:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe3ecfb35993217c36743bcafaa7b0259d2e476a
        Validity
            Not Before: Mar 23 08:01:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71f9729fddeb7100f19daa26dcaad47646ec7e89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:0e:a0:d0:f9:06:0d:a7:b6:00:2f:d7:31:ef:
                    e4:7b:e5:91:e8:e9:f9:e9:68:69:fb:38:10:3d:a7:
                    7e:94:73:37:3e:cc:8c:26:26:5a:0e:b1:c5:cf:7b:
                    57:d8:cc:82:25:35:1e:76:e0:78:0a:e8:ea:17:c8:
                    50:1d:de:bc:1f:4b:65:44:02:9c:1b:c3:07:28:41:
                    e3:f2:a6:19:7d:cc:40:39:26:f7:a2:2d:67:25:6d:
                    25:6e:3e:0e:82:14:5c:a2:95:70:5a:2a:90:92:54:
                    3a:cd:91:ce:86:e2:3a:73:d7:84:bf:e6:98:21:5e:
                    50:53:0b:b9:cb:20:84:f1:29:e4:3c:ca:09:76:ed:
                    42:36:bf:59:e1:5d:72:2a:59:e9:2e:32:54:ba:94:
                    c7:70:bf:b8:03:d5:0e:38:7e:c4:c4:38:f8:86:93:
                    9c:94:c4:9c:8e:59:c6:dd:e8:0f:a0:10:1b:0a:60:
                    9f:30:e2:3f:33:21:3d:c3:b3:c5:8d:4a:f4:24:08:
                    a5:3a:fe:69:be:0a:13:35:97:ec:85:1a:d6:c0:e2:
                    08:f4:48:10:88:20:92:13:d7:a6:6a:6b:d8:79:63:
                    dc:3e:63:9a:e4:8c:fe:f1:a5:2d:5e:01:13:d9:02:
                    bb:8d:17:a8:3d:b3:91:e6:3e:8f:1c:88:5e:96:38:
                    ef:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:F9:72:9F:DD:EB:71:00:F1:9D:AA:26:DC:AA:D4:76:46:EC:7E:89
            X509v3 Authority Key Identifier:
                keyid:FE:3E:CF:B3:59:93:21:7C:36:74:3B:CA:FA:A7:B0:25:9D:2E:47:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_j7Ps1mTIXw2dDvK-qewJZ0uR2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b2b221-2ae9-45cc-ad1e-fcd3de868431/1/cflyn93rcQDxnaom3KrUdkbsfok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/b2b221-2ae9-45cc-ad1e-fcd3de868431/1/_j7Ps1mTIXw2dDvK-qewJZ0uR2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:12:31:d2:b3:2f:96:15:17:30:90:fc:e5:3f:6b:bb:c9:69:
         f6:b7:30:eb:84:f2:e8:3d:0c:54:e2:15:d6:9d:01:42:6a:6a:
         f0:3e:5d:74:cc:94:8a:0b:bf:c3:05:a2:3d:c5:b3:8d:a4:ff:
         e0:9e:92:12:5c:96:3f:9a:f7:3a:c7:a3:c9:7f:82:bd:2b:65:
         ce:b2:96:c9:df:81:27:ad:64:a7:b1:cc:75:04:2f:ed:8d:a2:
         90:32:50:3b:57:e4:6b:a3:e8:35:d3:3b:72:08:da:41:31:f5:
         4a:f3:a0:35:65:7d:89:13:df:97:de:0b:3c:d2:6a:4c:0c:a1:
         bd:f5:b0:d3:a3:b2:5d:0f:eb:bb:b0:54:ce:fa:4f:37:75:eb:
         25:a7:04:f3:eb:1c:00:64:01:38:eb:01:76:b1:e8:7a:7b:18:
         10:5b:fc:66:47:b6:52:1b:eb:e1:c3:d8:a7:f1:b5:18:d8:c5:
         02:c9:07:29:2b:35:bc:f4:40:44:c7:75:be:66:15:ed:e3:8e:
         af:8c:a6:7d:e7:cb:bd:56:cc:40:7e:d0:84:96:92:b3:32:42:
         3d:21:a5:8b:75:88:dd:cc:8c:b6:16:0d:38:fc:f0:09:b4:aa:
         c8:79:ec:0c:0d:6a:e1:63:6a:31:95:29:37:93:b8:a7:22:55:
         3e:db:ba:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5qU98rkRtJKzHWfuMkG2jsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlM2VjZmIzNTk5MzIxN2MzNjc0M2JjYWZhYTdiMDI1OWQy
ZTQ3NmEwHhcNMjQwMzIzMDgwMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWY5NzI5ZmRkZWI3MTAwZjE5ZGFhMjZkY2FhZDQ3NjQ2ZWM3ZTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQ6g0PkGDae2AC/XMe/ke+WR6On5
6Whp+zgQPad+lHM3PsyMJiZaDrHFz3tX2MyCJTUeduB4CujqF8hQHd68H0tlRAKc
G8MHKEHj8qYZfcxAOSb3oi1nJW0lbj4OghRcopVwWiqQklQ6zZHOhuI6c9eEv+aY
IV5QUwu5yyCE8SnkPMoJdu1CNr9Z4V1yKlnpLjJUupTHcL+4A9UOOH7ExDj4hpOc
lMScjlnG3egPoBAbCmCfMOI/MyE9w7PFjUr0JAilOv5pvgoTNZfshRrWwOII9EgQ
iCCSE9emamvYeWPcPmOa5Iz+8aUtXgET2QK7jReoPbOR5j6PHIheljjvHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHH5cp/d63EA8Z2qJtyq1HZG7H6JMB8GA1UdIwQY
MBaAFP4+z7NZkyF8NnQ7yvqnsCWdLkdqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX2o3UHMxbVRJWHcyZER2Sy1xZXdKWjB1UjJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9iMmIyMjEtMmFlOS00NWNjLWFkMWUt
ZmNkM2RlODY4NDMxLzEvY2ZseW45M3JjUUR4bmFvbTNLclVka2JzZm9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9iMmIyMjEtMmFlOS00NWNjLWFkMWUtZmNkM2RlODY4NDMx
LzEvX2o3UHMxbVRJWHcyZER2Sy1xZXdKWjB1UjJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZBAMA0G
CSqGSIb3DQEBCwUAA4IBAQAkEjHSsy+WFRcwkPzlP2u7yWn2tzDrhPLoPQxU4hXW
nQFCamrwPl10zJSKC7/DBaI9xbONpP/gnpISXJY/mvc6x6PJf4K9K2XOspbJ34En
rWSnscx1BC/tjaKQMlA7V+Rro+g10ztyCNpBMfVK86A1ZX2JE9+X3gs80mpMDKG9
9bDTo7JdD+u7sFTO+k83deslpwTz6xwAZAE46wF2seh6exgQW/xmR7ZSG+vhw9in
8bUY2MUCyQcpKzW89EBEx3W+ZhXt446vjKZ958u9VsxAftCElpKzMkI9IaWLdYjd
zIy2Fg04/PAJtKrIeewMDWrhY2oxlSk3k7inIlU+27pR
-----END CERTIFICATE-----