Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/vhhINde8pr6IniUZPu9g1A1HxLI.roa
File:                     vhhINde8pr6IniUZPu9g1A1HxLI.roa (raw, json)
Hash identifier:          /EZkqQztrjHRonhFehIiiH7gCy2pH5kPTbr0oKdPMAc=
Subject key identifier:   BE:18:48:35:D7:BC:A6:BE:88:9E:25:19:3E:EF:60:D4:0D:47:C4:B2
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       018CC26D02D920B20D62F8F9E26BE3976744
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/vhhINde8pr6IniUZPu9g1A1HxLI.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396356
IP address blocks:        185.48.52.0/22 maxlen: 22
                          43.229.8.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:02:d9:20:b2:0d:62:f8:f9:e2:6b:e3:97:67:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be184835d7bca6be889e25193eef60d40d47c4b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:59:5a:40:7c:ed:50:7c:24:34:1b:43:33:12:
                    b0:2e:44:cd:df:2a:f3:be:6c:cb:0c:42:93:1f:1e:
                    42:a9:bc:15:75:ec:33:e0:f2:d5:f0:e2:7a:4a:d3:
                    30:fb:71:55:3a:f6:af:44:18:67:af:68:d2:15:75:
                    db:84:b9:a1:b5:75:93:fc:57:fa:8a:03:8d:d8:b2:
                    52:d5:ba:ed:75:10:f5:76:09:f5:16:8c:0a:7d:22:
                    c8:78:60:7e:f2:93:7e:0c:a2:b1:11:2c:b8:6e:f7:
                    d5:e4:4c:62:59:a0:8a:98:df:3a:ea:47:1b:2d:10:
                    ae:fa:49:69:4a:cd:ac:5b:cc:9b:32:b2:85:c3:b1:
                    61:cc:05:5e:8c:35:85:0b:7a:08:63:8b:6d:2b:dd:
                    95:24:66:03:67:33:09:d0:cc:a9:40:4f:34:69:a9:
                    13:95:70:4c:92:69:e5:f0:e4:63:e0:74:fb:70:eb:
                    fc:59:3a:e1:47:3f:0e:8e:3f:1b:fa:98:ae:51:60:
                    6c:25:f6:c0:19:88:1f:5d:62:e5:0b:73:63:f8:48:
                    d3:96:09:d6:1a:ec:26:ab:26:35:36:44:07:64:b9:
                    b2:90:a6:62:ba:7d:2f:3f:d2:f9:69:f7:66:4d:4f:
                    81:66:94:b0:15:e4:22:19:c1:9d:dc:93:de:58:23:
                    5f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:18:48:35:D7:BC:A6:BE:88:9E:25:19:3E:EF:60:D4:0D:47:C4:B2
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/vhhINde8pr6IniUZPu9g1A1HxLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.229.8.0/22
                  185.48.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:a8:a1:85:53:4a:37:d0:7c:19:4b:94:aa:85:77:52:fa:6a:
         e4:9d:ad:98:59:2a:8b:ef:a6:8d:c8:79:64:57:6f:b4:e1:09:
         fb:c9:49:7a:95:7d:46:39:1e:59:53:29:d0:7d:1a:e9:e0:4a:
         64:a3:b9:36:a9:aa:86:b1:3a:23:5f:ec:be:29:ae:f0:22:e4:
         f1:ba:91:b2:21:89:ce:1a:f5:74:44:d9:60:8e:18:7e:d8:d4:
         9d:98:19:da:e9:e0:7d:d9:cd:bc:d5:cb:94:08:ae:6a:86:e5:
         46:c0:16:6f:a2:20:9d:d7:21:fd:91:cd:15:66:93:27:b8:7f:
         05:3f:7d:29:ac:78:4a:f7:5e:85:2c:fa:29:9d:aa:f6:74:de:
         20:c8:78:c5:ce:01:3e:e0:00:72:2f:eb:57:bb:6b:5f:3d:be:
         1a:bc:18:bf:95:c0:1a:04:64:d8:d0:13:f4:e2:d1:c9:26:62:
         c8:21:26:05:a7:a0:2d:44:7b:7a:4c:5a:7c:e7:6c:c6:b8:f2:
         9f:33:25:9b:e4:e8:63:e7:b2:e5:a4:bb:30:46:3a:8a:db:a1:
         72:33:13:a0:f5:4c:88:e3:1a:2b:56:f5:a1:34:f6:26:73:0f:
         e6:ab:32:74:9f:4a:2a:e9:33:eb:d5:82:0f:24:55:91:05:d0:
         8f:c7:fc:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbQLZILINYvj54mvjl2dEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTE4NDgzNWQ3YmNhNmJlODg5ZTI1MTkzZWVmNjBkNDBkNDdjNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VlaQHztUHwkNBtDMxKwLkTN3yrz
vmzLDEKTHx5CqbwVdewz4PLV8OJ6StMw+3FVOvavRBhnr2jSFXXbhLmhtXWT/Ff6
igON2LJS1brtdRD1dgn1FowKfSLIeGB+8pN+DKKxESy4bvfV5ExiWaCKmN866kcb
LRCu+klpSs2sW8ybMrKFw7FhzAVejDWFC3oIY4ttK92VJGYDZzMJ0MypQE80aakT
lXBMkmnl8ORj4HT7cOv8WTrhRz8Ojj8b+piuUWBsJfbAGYgfXWLlC3Nj+EjTlgnW
GuwmqyY1NkQHZLmykKZiun0vP9L5afdmTU+BZpSwFeQiGcGd3JPeWCNfZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL4YSDXXvKa+iJ4lGT7vYNQNR8SyMB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvdmhoSU5kZThwcjZJbmlVWlB1OWcxQTFIeExJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCK+UIAwQC
uTA0MA0GCSqGSIb3DQEBCwUAA4IBAQCWqKGFU0o30HwZS5SqhXdS+mrkna2YWSqL
76aNyHlkV2+04Qn7yUl6lX1GOR5ZUynQfRrp4Epko7k2qaqGsTojX+y+Ka7wIuTx
upGyIYnOGvV0RNlgjhh+2NSdmBna6eB92c281cuUCK5qhuVGwBZvoiCd1yH9kc0V
ZpMnuH8FP30prHhK916FLPopnar2dN4gyHjFzgE+4AByL+tXu2tfPb4avBi/lcAa
BGTY0BP04tHJJmLIISYFp6AtRHt6TFp852zGuPKfMyWb5Ohj57LlpLswRjqK26Fy
MxOg9UyI4xorVvWhNPYmcw/mqzJ0n0oq6TPr1YIPJFWRBdCPx/zs
-----END CERTIFICATE-----