Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/a4debb-27b7-4140-b27e-ea653824b1f2/1/XCHFsiw98Ra_dX2RtR0kSz-jB5E.roa
File:                     XCHFsiw98Ra_dX2RtR0kSz-jB5E.roa (raw, json)
Hash identifier:          mWSzzq6ojvvQbNnzaTDCJQ9VnDdZBJzFxq38w1wipNE=
Subject key identifier:   5C:21:C5:B2:2C:3D:F1:16:BF:75:7D:91:B5:1D:24:4B:3F:A3:07:91
Certificate issuer:       /CN=7e1540fdd5add6b775498c1e3f25c90e213a612f
Certificate serial:       018CC8703FF87AEA3CE0DC1AD5A0FC7D1106
Authority key identifier: 7E:15:40:FD:D5:AD:D6:B7:75:49:8C:1E:3F:25:C9:0E:21:3A:61:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhVA_dWt1rd1SYwePyXJDiE6YS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/a4debb-27b7-4140-b27e-ea653824b1f2/1/XCHFsiw98Ra_dX2RtR0kSz-jB5E.roa
Signing time:             Tue 02 Jan 2024 04:30:48 +0000
ROA not before:           Tue 02 Jan 2024 04:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44821
IP address blocks:        185.148.252.0/22 maxlen: 22
                          2a07:6380::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/a4debb-27b7-4140-b27e-ea653824b1f2/1/fhVA_dWt1rd1SYwePyXJDiE6YS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/a4debb-27b7-4140-b27e-ea653824b1f2/1/fhVA_dWt1rd1SYwePyXJDiE6YS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhVA_dWt1rd1SYwePyXJDiE6YS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:3f:f8:7a:ea:3c:e0:dc:1a:d5:a0:fc:7d:11:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e1540fdd5add6b775498c1e3f25c90e213a612f
        Validity
            Not Before: Jan  2 04:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c21c5b22c3df116bf757d91b51d244b3fa30791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4b:b5:a4:dd:00:32:c1:7a:96:96:6d:dc:56:
                    11:79:23:09:18:cf:fa:6c:15:3f:f9:40:54:13:06:
                    e1:56:93:13:60:7c:b7:3e:98:bb:dc:37:92:26:5d:
                    16:43:ad:43:80:e1:0b:26:2e:78:5b:a1:0f:32:10:
                    52:43:b2:f2:53:0b:c2:b7:17:05:d2:60:d5:79:43:
                    e7:ca:f4:4d:f2:7c:ff:98:d5:39:22:a3:46:70:20:
                    9d:8b:1a:d1:fc:ad:0d:13:ad:e7:08:7c:5f:f2:fd:
                    34:28:e6:d6:c4:a8:bf:f0:48:dc:dc:51:13:32:13:
                    01:33:b8:e4:9f:ed:ef:e7:e9:7e:69:dc:0d:2d:d6:
                    16:5e:74:ea:4d:26:05:e9:bd:43:b4:9d:86:f1:83:
                    8d:e0:9a:a3:96:3d:e4:dc:d3:ff:b5:73:83:ae:f9:
                    f7:aa:62:6c:6f:3e:05:04:2c:42:68:ed:23:fd:27:
                    4a:de:d3:a1:a9:2a:47:80:80:71:88:30:cb:d1:6a:
                    84:e9:8a:c7:ee:aa:e3:f1:69:1a:36:56:ff:61:3b:
                    93:20:87:55:18:fb:d7:61:73:23:89:2a:fe:4a:00:
                    ca:92:e4:e6:1e:e9:8b:6b:58:fd:0f:7c:4b:f5:ac:
                    57:91:b2:51:2b:56:cf:f3:67:37:bf:e5:d4:f7:c5:
                    68:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:21:C5:B2:2C:3D:F1:16:BF:75:7D:91:B5:1D:24:4B:3F:A3:07:91
            X509v3 Authority Key Identifier:
                keyid:7E:15:40:FD:D5:AD:D6:B7:75:49:8C:1E:3F:25:C9:0E:21:3A:61:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhVA_dWt1rd1SYwePyXJDiE6YS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/a4debb-27b7-4140-b27e-ea653824b1f2/1/XCHFsiw98Ra_dX2RtR0kSz-jB5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/a4debb-27b7-4140-b27e-ea653824b1f2/1/fhVA_dWt1rd1SYwePyXJDiE6YS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.252.0/22
                IPv6:
                  2a07:6380::/29

    Signature Algorithm: sha256WithRSAEncryption
         ae:89:99:38:32:53:be:0a:4c:b5:da:75:3c:28:e4:66:1b:7d:
         f7:6c:08:2f:d8:f5:4b:8e:fc:49:96:3a:8e:39:4e:e3:80:c5:
         d7:38:eb:3a:40:0a:f6:8a:ad:95:6c:7f:73:b9:36:d7:7a:21:
         a2:c3:d2:31:47:54:72:17:6d:82:ae:a8:e2:5e:d8:d5:48:0d:
         7d:8b:c2:a9:fd:82:78:f6:b7:2c:78:88:13:c2:18:c3:ad:d6:
         db:af:33:41:84:dd:43:eb:7e:67:2b:83:a7:c9:ac:28:b3:cd:
         f3:f8:dc:d3:61:81:64:ba:07:03:07:32:29:3f:2f:fc:e0:65:
         3e:5e:26:63:e3:e6:b3:dd:cd:0b:2b:bd:08:a5:cf:b8:d0:da:
         dc:02:83:d9:4c:23:54:54:81:cd:3f:b2:c8:96:9b:e8:67:83:
         b9:73:41:3e:50:51:f0:32:bd:67:45:c9:04:51:8b:55:ee:77:
         42:ef:f8:5e:d3:c1:df:70:d3:aa:6d:c5:e1:fa:27:a4:3b:00:
         b7:b2:44:0d:12:05:76:13:ed:d2:36:37:a6:2b:9d:37:7b:a1:
         67:6b:eb:b7:43:d9:d3:47:4e:97:b4:f6:62:fe:a0:d9:49:21:
         95:7e:a5:01:a3:6e:58:60:15:2c:37:b6:64:cb:c7:87:46:ef:
         7d:a9:61:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIcD/4euo84Nwa1aD8fREGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTU0MGZkZDVhZGQ2Yjc3NTQ5OGMxZTNmMjVjOTBlMjEz
YTYxMmYwHhcNMjQwMTAyMDQzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzIxYzViMjJjM2RmMTE2YmY3NTdkOTFiNTFkMjQ0YjNmYTMwNzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsku1pN0AMsF6lpZt3FYReSMJGM/6
bBU/+UBUEwbhVpMTYHy3Ppi73DeSJl0WQ61DgOELJi54W6EPMhBSQ7LyUwvCtxcF
0mDVeUPnyvRN8nz/mNU5IqNGcCCdixrR/K0NE63nCHxf8v00KObWxKi/8Ejc3FET
MhMBM7jkn+3v5+l+adwNLdYWXnTqTSYF6b1DtJ2G8YON4Jqjlj3k3NP/tXODrvn3
qmJsbz4FBCxCaO0j/SdK3tOhqSpHgIBxiDDL0WqE6YrH7qrj8WkaNlb/YTuTIIdV
GPvXYXMjiSr+SgDKkuTmHumLa1j9D3xL9axXkbJRK1bP82c3v+XU98Vo9wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFwhxbIsPfEWv3V9kbUdJEs/oweRMB8GA1UdIwQY
MBaAFH4VQP3Vrda3dUmMHj8lyQ4hOmEvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhWQV9kV3QxcmQxU1l3ZVB5WEpEaUU2WVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9hNGRlYmItMjdiNy00MTQwLWIyN2Ut
ZWE2NTM4MjRiMWYyLzEvWENIRnNpdzk4UmFfZFgyUnRSMGtTei1qQjVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9hNGRlYmItMjdiNy00MTQwLWIyN2UtZWE2NTM4MjRiMWYy
LzEvZmhWQV9kV3QxcmQxU1l3ZVB5WEpEaUU2WVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZT8MA0E
AgACMAcDBQMqB2OAMA0GCSqGSIb3DQEBCwUAA4IBAQCuiZk4MlO+Cky12nU8KORm
G333bAgv2PVLjvxJljqOOU7jgMXXOOs6QAr2iq2VbH9zuTbXeiGiw9IxR1RyF22C
rqjiXtjVSA19i8Kp/YJ49rcseIgTwhjDrdbbrzNBhN1D635nK4Onyawos83z+NzT
YYFkugcDBzIpPy/84GU+XiZj4+az3c0LK70Ipc+40NrcAoPZTCNUVIHNP7LIlpvo
Z4O5c0E+UFHwMr1nRckEUYtV7ndC7/he08HfcNOqbcXh+iekOwC3skQNEgV2E+3S
NjemK503e6Fna+u3Q9nTR06XtPZi/qDZSSGVfqUBo25YYBUsN7Zky8eHRu99qWFL
-----END CERTIFICATE-----