Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/anpa-7EN2RCCNdMmmzBTOZVaA98.roa
File:                     anpa-7EN2RCCNdMmmzBTOZVaA98.roa (raw, json)
Hash identifier:          HNFDHG/7rvDlnKm4rJiQRx291V6qHTDmbrY34I0zS4Q=
Subject key identifier:   6A:7A:5A:FB:B1:0D:D9:10:82:35:D3:26:9B:30:53:39:95:5A:03:DF
Certificate issuer:       /CN=2fa16ab06020067740a4c1fb47a912622f1d0722
Certificate serial:       018CC56DF72DFFFACED274D0DE4851AEC7F0
Authority key identifier: 2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/anpa-7EN2RCCNdMmmzBTOZVaA98.roa
Signing time:             Mon 01 Jan 2024 14:29:27 +0000
ROA not before:           Mon 01 Jan 2024 14:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     148996
IP address blocks:        213.145.88.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 01 Jun 2024 23:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f7:2d:ff:fa:ce:d2:74:d0:de:48:51:ae:c7:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2fa16ab06020067740a4c1fb47a912622f1d0722
        Validity
            Not Before: Jan  1 14:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a7a5afbb10dd9108235d3269b305339955a03df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:8e:83:1f:0e:38:8e:fd:ad:0f:13:72:fb:81:
                    2b:d1:99:11:da:57:d9:7f:48:48:45:19:b7:a4:90:
                    ef:6d:55:3e:2c:7a:7f:31:f6:27:a8:ab:65:57:72:
                    dd:2d:cc:de:3b:7c:15:66:ff:ab:4d:ce:fe:7d:98:
                    b4:99:5b:80:6d:65:de:50:75:7f:07:7a:d1:04:eb:
                    c3:98:98:85:17:73:a2:0c:bf:33:5c:4f:6c:88:4a:
                    d5:06:0e:14:63:ce:98:eb:32:f8:7c:4d:f8:64:dd:
                    a4:36:ac:ae:4c:2b:e8:8c:d4:97:07:cc:3e:14:a6:
                    3e:67:25:63:2f:de:cd:23:29:8f:13:a8:95:71:75:
                    6d:34:40:d5:5a:d8:d9:4e:51:ce:13:19:44:71:27:
                    97:d8:05:6c:44:b1:d9:d2:96:f7:b6:bf:86:2e:60:
                    7c:1a:2d:72:77:b4:42:09:77:89:9e:3d:cf:d5:54:
                    34:df:16:97:af:ba:9f:ee:b6:1b:c1:2c:dc:b7:dc:
                    a8:f0:39:e1:d7:88:ff:c6:83:7f:98:82:4d:31:3a:
                    98:9d:a0:01:9b:82:32:fb:fc:c4:f5:d3:ae:41:06:
                    8b:57:61:6e:58:e1:e7:c1:a3:66:23:93:aa:e1:e2:
                    22:62:9c:18:02:de:07:11:c1:43:54:19:6b:c0:a9:
                    27:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:7A:5A:FB:B1:0D:D9:10:82:35:D3:26:9B:30:53:39:95:5A:03:DF
            X509v3 Authority Key Identifier:
                keyid:2F:A1:6A:B0:60:20:06:77:40:A4:C1:FB:47:A9:12:62:2F:1D:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L6FqsGAgBndApMH7R6kSYi8dByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/anpa-7EN2RCCNdMmmzBTOZVaA98.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/7f2393-d01a-41f7-a52e-d242b6f3a8a1/1/L6FqsGAgBndApMH7R6kSYi8dByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.145.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         d3:a5:3d:60:93:fb:e6:be:f9:20:b3:80:a2:e0:df:39:00:7f:
         a2:dd:57:18:61:03:a6:56:ad:6e:eb:28:ee:26:27:53:8a:df:
         3b:30:dc:ac:95:35:c5:1b:ff:a2:bc:6a:9c:35:a1:01:2c:92:
         72:5e:ec:0f:25:e9:31:44:99:74:5c:7b:17:97:2a:f9:8e:68:
         38:17:be:87:c8:f1:63:c0:9d:21:58:77:e7:59:ed:13:62:ba:
         e7:f9:fb:6d:cd:8f:8e:27:a8:d8:48:32:a6:a3:1d:78:71:d4:
         3d:79:d6:a2:1e:e6:f4:86:c9:44:42:93:4e:e5:c4:13:7f:14:
         fe:5c:41:d4:25:06:00:45:cf:f5:56:56:df:6f:9e:8f:94:89:
         15:5f:23:2b:fb:1b:12:ff:51:dd:84:48:1d:34:f7:de:c9:f9:
         85:2b:b3:c9:cf:aa:1e:1b:23:81:72:25:cf:b3:34:f1:5e:d3:
         91:2c:a1:5b:06:03:b8:f4:7a:35:3f:e0:7e:f0:7b:37:e7:9b:
         27:5f:f4:0e:bd:ad:a7:6a:3a:45:28:20:93:81:ad:2d:c3:dd:
         5c:cd:7a:e2:61:8b:8a:1c:56:bc:64:6a:6e:51:3f:bd:ea:9b:
         89:bd:8a:e3:ad:3e:ab:ed:7b:f3:3c:8d:7b:94:a1:8e:58:24:
         8f:3e:8c:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfct//rO0nTQ3khRrsfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmYTE2YWIwNjAyMDA2Nzc0MGE0YzFmYjQ3YTkxMjYyMmYx
ZDA3MjIwHhcNMjQwMTAxMTQyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTdhNWFmYmIxMGRkOTEwODIzNWQzMjY5YjMwNTMzOTk1NWEwM2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmo6DHw44jv2tDxNy+4Er0ZkR2lfZ
f0hIRRm3pJDvbVU+LHp/MfYnqKtlV3LdLczeO3wVZv+rTc7+fZi0mVuAbWXeUHV/
B3rRBOvDmJiFF3OiDL8zXE9siErVBg4UY86Y6zL4fE34ZN2kNqyuTCvojNSXB8w+
FKY+ZyVjL97NIymPE6iVcXVtNEDVWtjZTlHOExlEcSeX2AVsRLHZ0pb3tr+GLmB8
Gi1yd7RCCXeJnj3P1VQ03xaXr7qf7rYbwSzct9yo8Dnh14j/xoN/mIJNMTqYnaAB
m4Iy+/zE9dOuQQaLV2FuWOHnwaNmI5Oq4eIiYpwYAt4HEcFDVBlrwKknbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGp6WvuxDdkQgjXTJpswUzmVWgPfMB8GA1UdIwQY
MBaAFC+harBgIAZ3QKTB+0epEmIvHQciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUt
ZDI0MmI2ZjNhOGExLzEvYW5wYS03RU4yUkNDTmRNbW16QlRPWlZhQTk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy83ZjIzOTMtZDAxYS00MWY3LWE1MmUtZDI0MmI2ZjNhOGEx
LzEvTDZGcXNHQWdCbmRBcE1IN1I2a1NZaThkQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1ZFYMA0G
CSqGSIb3DQEBCwUAA4IBAQDTpT1gk/vmvvkgs4Ci4N85AH+i3VcYYQOmVq1u6yju
JidTit87MNyslTXFG/+ivGqcNaEBLJJyXuwPJekxRJl0XHsXlyr5jmg4F76HyPFj
wJ0hWHfnWe0TYrrn+fttzY+OJ6jYSDKmox14cdQ9edaiHub0hslEQpNO5cQTfxT+
XEHUJQYARc/1Vlbfb56PlIkVXyMr+xsS/1HdhEgdNPfeyfmFK7PJz6oeGyOBciXP
szTxXtORLKFbBgO49Ho1P+B+8Hs355snX/QOva2najpFKCCTga0tw91czXriYYuK
HFa8ZGpuUT+96puJvYrjrT6r7XvzPI17lKGOWCSPPoyr
-----END CERTIFICATE-----