Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/vhK_Yxm6USyMKqIqCR3-oVQmPZE.roa
File:                     vhK_Yxm6USyMKqIqCR3-oVQmPZE.roa (raw, json)
Hash identifier:          l0JZu1Vg9zmXDVUYyvrn5tS7W142VehQwNMSQCn1f3Y=
Subject key identifier:   BE:12:BF:63:19:BA:51:2C:8C:2A:A2:2A:09:1D:FE:A1:54:26:3D:91
Certificate issuer:       /CN=9705462cbfc8764777e6da31b595d7ccbfe38243
Certificate serial:       018CC9BCC91439F85F1362895022E14AE56B
Authority key identifier: 97:05:46:2C:BF:C8:76:47:77:E6:DA:31:B5:95:D7:CC:BF:E3:82:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lwVGLL_Idkd35toxtZXXzL_jgkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/vhK_Yxm6USyMKqIqCR3-oVQmPZE.roa
Signing time:             Tue 02 Jan 2024 10:34:01 +0000
ROA not before:           Tue 02 Jan 2024 10:34:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8758
IP address blocks:        185.96.76.0/22 maxlen: 22
                          2a05:ff80::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/lwVGLL_Idkd35toxtZXXzL_jgkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/lwVGLL_Idkd35toxtZXXzL_jgkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lwVGLL_Idkd35toxtZXXzL_jgkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:c9:14:39:f8:5f:13:62:89:50:22:e1:4a:e5:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9705462cbfc8764777e6da31b595d7ccbfe38243
        Validity
            Not Before: Jan  2 10:34:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be12bf6319ba512c8c2aa22a091dfea154263d91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:9c:80:7b:76:95:2d:d3:37:b1:18:44:23:6d:
                    ec:a6:14:6f:d3:f1:15:9d:a6:a9:8c:e4:a3:3c:08:
                    53:d7:5f:7f:7f:72:1b:b4:10:fc:c1:5a:1e:68:0a:
                    9c:03:01:ea:df:b4:1b:7d:b1:77:ac:43:c0:ac:80:
                    c3:0f:4f:8f:50:06:b8:fa:42:ab:36:02:93:0b:2c:
                    ef:11:35:e1:5d:c9:7f:ef:c8:4c:59:7c:17:26:15:
                    c8:58:9d:f2:4b:96:02:56:5d:2b:3b:f6:4a:6a:d2:
                    da:da:ec:6a:7a:ee:28:f8:94:19:5e:c6:2a:15:b8:
                    9e:cb:db:ad:8c:8d:2e:d5:38:ff:23:63:6d:be:b9:
                    9b:5a:ea:7a:55:72:eb:e9:25:b9:00:14:8b:81:d3:
                    04:6e:8a:af:87:27:11:2d:74:9a:84:4c:c7:6e:00:
                    95:ec:74:f1:11:17:ee:d1:1e:c3:55:a2:57:7a:34:
                    19:bf:ce:42:0f:86:05:a5:2c:79:67:fe:74:93:cd:
                    a4:1e:00:6f:ce:b5:e3:ba:1e:c6:5e:56:87:aa:12:
                    99:ee:a5:f0:99:e6:26:1e:a2:68:6b:55:ad:29:ff:
                    d1:c9:cc:ea:5f:61:08:10:d6:c5:54:88:29:a6:f8:
                    9c:aa:30:69:64:11:9e:e0:cc:47:e9:45:86:de:af:
                    18:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:12:BF:63:19:BA:51:2C:8C:2A:A2:2A:09:1D:FE:A1:54:26:3D:91
            X509v3 Authority Key Identifier:
                keyid:97:05:46:2C:BF:C8:76:47:77:E6:DA:31:B5:95:D7:CC:BF:E3:82:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lwVGLL_Idkd35toxtZXXzL_jgkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/vhK_Yxm6USyMKqIqCR3-oVQmPZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/edcd12-3be2-4629-a559-e72fbddb7746/1/lwVGLL_Idkd35toxtZXXzL_jgkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.96.76.0/22
                IPv6:
                  2a05:ff80::/29

    Signature Algorithm: sha256WithRSAEncryption
         8b:fe:17:1b:a2:26:eb:17:88:e1:85:47:97:0d:46:10:dc:5c:
         83:38:40:d3:46:c9:65:60:c6:90:e4:12:9d:92:85:06:dc:06:
         c8:27:9f:32:46:24:3f:cd:b9:65:35:e0:62:01:25:dd:96:0a:
         c7:51:ca:b9:30:31:0c:be:5b:68:cd:56:61:27:56:06:56:b2:
         78:97:4f:c8:9d:36:9f:cb:e8:b6:c3:bc:dc:cf:84:35:d6:e7:
         97:5f:2d:9b:bb:61:df:13:cb:2c:cf:c7:90:07:ae:bf:42:64:
         18:3e:2f:5e:98:26:ea:08:3b:50:7c:7a:e5:29:8f:1a:83:99:
         25:81:8a:ef:ce:de:1a:49:64:63:a2:53:7e:71:97:02:c1:38:
         dc:f9:4e:b9:e3:f6:dd:c6:3f:da:23:ea:f3:c0:37:32:ca:2d:
         0b:fc:a7:2e:b7:f0:e9:e7:69:d8:2d:93:df:7b:8c:b8:c9:ae:
         d7:61:8f:2b:8e:95:35:f0:35:9a:9a:4b:41:48:2c:c9:22:91:
         0d:f5:99:1d:c7:70:6f:26:62:46:76:cd:85:ce:94:f0:35:41:
         4a:42:f2:6b:85:c5:30:c8:41:b4:5a:f5:f3:a2:6e:ed:cc:2a:
         82:a8:e2:95:d0:9d:ee:a1:2d:62:97:32:b5:8f:54:00:32:f0:
         1b:a5:03:af
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJvMkUOfhfE2KJUCLhSuVrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MDU0NjJjYmZjODc2NDc3N2U2ZGEzMWI1OTVkN2NjYmZl
MzgyNDMwHhcNMjQwMTAyMTAzNDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTEyYmY2MzE5YmE1MTJjOGMyYWEyMmEwOTFkZmVhMTU0MjYzZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApJyAe3aVLdM3sRhEI23sphRv0/EV
naapjOSjPAhT119/f3IbtBD8wVoeaAqcAwHq37QbfbF3rEPArIDDD0+PUAa4+kKr
NgKTCyzvETXhXcl/78hMWXwXJhXIWJ3yS5YCVl0rO/ZKatLa2uxqeu4o+JQZXsYq
Fbiey9utjI0u1Tj/I2NtvrmbWup6VXLr6SW5ABSLgdMEboqvhycRLXSahEzHbgCV
7HTxERfu0R7DVaJXejQZv85CD4YFpSx5Z/50k82kHgBvzrXjuh7GXlaHqhKZ7qXw
meYmHqJoa1WtKf/RyczqX2EIENbFVIgppvicqjBpZBGe4MxH6UWG3q8YQQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL4Sv2MZulEsjCqiKgkd/qFUJj2RMB8GA1UdIwQY
MBaAFJcFRiy/yHZHd+baMbWV18y/44JDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHdWR0xMX0lka2QzNXRveHRaWFh6TF9qZ2tNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9lZGNkMTItM2JlMi00NjI5LWE1NTkt
ZTcyZmJkZGI3NzQ2LzEvdmhLX1l4bTZVU3lNS3FJcUNSMy1vVlFtUFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9lZGNkMTItM2JlMi00NjI5LWE1NTktZTcyZmJkZGI3NzQ2
LzEvbHdWR0xMX0lka2QzNXRveHRaWFh6TF9qZ2tNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuWBMMA0E
AgACMAcDBQMqBf+AMA0GCSqGSIb3DQEBCwUAA4IBAQCL/hcboibrF4jhhUeXDUYQ
3FyDOEDTRsllYMaQ5BKdkoUG3AbIJ58yRiQ/zbllNeBiASXdlgrHUcq5MDEMvlto
zVZhJ1YGVrJ4l0/InTafy+i2w7zcz4Q11ueXXy2bu2HfE8ssz8eQB66/QmQYPi9e
mCbqCDtQfHrlKY8ag5klgYrvzt4aSWRjolN+cZcCwTjc+U654/bdxj/aI+rzwDcy
yi0L/Kcut/Dp52nYLZPfe4y4ya7XYY8rjpU18DWamktBSCzJIpEN9Zkdx3BvJmJG
ds2FzpTwNUFKQvJrhcUwyEG0WvXzom7tzCqCqOKV0J3uoS1ilzK1j1QAMvAbpQOv
-----END CERTIFICATE-----