Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/AnE4imXJx9s_8FLYPpB-B9o_2-c.roa
File:                     AnE4imXJx9s_8FLYPpB-B9o_2-c.roa (raw, json)
Hash identifier:          h7dgrIM0NgAVs6VhcFtrBlXobey51bgIC9Wi5N5UgdQ=
Subject key identifier:   02:71:38:8A:65:C9:C7:DB:3F:F0:52:D8:3E:90:7E:07:DA:3F:DB:E7
Certificate issuer:       /CN=c172c5aef33c06c4aef2dac8f0503fcbdd9a7287
Certificate serial:       018CC3B71DBD0DC1304CBFEC6B87BD0CBD7E
Authority key identifier: C1:72:C5:AE:F3:3C:06:C4:AE:F2:DA:C8:F0:50:3F:CB:DD:9A:72:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wXLFrvM8BsSu8trI8FA_y92acoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/AnE4imXJx9s_8FLYPpB-B9o_2-c.roa
Signing time:             Mon 01 Jan 2024 06:30:06 +0000
ROA not before:           Mon 01 Jan 2024 06:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43824
IP address blocks:        160.238.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/wXLFrvM8BsSu8trI8FA_y92acoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/wXLFrvM8BsSu8trI8FA_y92acoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wXLFrvM8BsSu8trI8FA_y92acoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1d:bd:0d:c1:30:4c:bf:ec:6b:87:bd:0c:bd:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c172c5aef33c06c4aef2dac8f0503fcbdd9a7287
        Validity
            Not Before: Jan  1 06:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0271388a65c9c7db3ff052d83e907e07da3fdbe7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9f:ac:a2:16:97:1b:89:fb:90:69:39:bc:fc:
                    94:53:90:37:d3:b9:18:da:e3:88:16:b0:2e:40:8e:
                    c1:fa:22:17:44:b4:9a:43:bf:06:ad:f0:15:b3:5a:
                    83:bd:0d:28:27:9e:84:ab:61:29:21:17:af:d8:6c:
                    7f:64:b5:be:8b:2e:4c:2a:3d:77:91:96:9c:a1:7f:
                    ec:3e:08:38:8d:df:75:b7:67:48:33:3d:85:c3:5c:
                    f9:cf:4f:0f:b5:d6:ff:f6:8f:79:4c:ba:5b:d4:3d:
                    99:61:0f:17:7d:43:ca:b9:11:4a:ce:7d:87:c9:56:
                    d1:d1:52:1c:46:54:57:88:3b:24:17:bf:5b:10:96:
                    2e:07:d9:78:13:c9:ed:d5:10:88:2a:34:03:ef:dd:
                    41:19:c7:85:c3:df:82:5d:9f:6b:19:62:a0:22:b1:
                    5b:cc:e2:7d:b5:b1:1f:7c:27:db:30:9c:45:39:95:
                    49:8e:bf:ea:a1:7e:dd:26:9c:98:13:87:d6:30:f5:
                    a4:b9:92:b5:6b:2c:4b:7f:ce:40:f2:09:58:39:87:
                    77:a0:dc:47:cc:9e:0f:73:dd:56:5e:e3:ad:19:a8:
                    6e:4c:da:90:40:41:c2:97:f0:2a:8e:68:ba:89:7c:
                    83:51:5f:8e:05:a9:f5:20:b4:b5:c5:0e:67:62:9d:
                    48:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:71:38:8A:65:C9:C7:DB:3F:F0:52:D8:3E:90:7E:07:DA:3F:DB:E7
            X509v3 Authority Key Identifier:
                keyid:C1:72:C5:AE:F3:3C:06:C4:AE:F2:DA:C8:F0:50:3F:CB:DD:9A:72:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wXLFrvM8BsSu8trI8FA_y92acoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/AnE4imXJx9s_8FLYPpB-B9o_2-c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/wXLFrvM8BsSu8trI8FA_y92acoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.238.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:84:74:d3:ee:4e:18:4a:f6:74:ac:70:e4:b0:97:ce:6d:8e:
         99:75:e6:ca:a3:da:09:ea:56:7e:ca:cf:b8:e5:ee:17:0b:0a:
         96:72:af:49:71:59:8d:7d:a5:2f:2e:4f:2a:c9:ce:c1:08:92:
         db:ec:8b:15:24:42:e5:6a:ed:88:2d:12:c2:1a:bd:8b:3c:e8:
         e3:9e:f1:03:a3:f6:3c:f8:c7:e7:cb:a0:44:60:09:fd:88:30:
         3e:bc:47:d3:1e:10:ef:b4:ef:77:43:0a:8f:18:c0:50:7d:48:
         cf:b6:30:f2:15:1f:30:f6:20:91:8e:1f:b8:61:b0:03:b7:8e:
         76:58:9b:ae:bc:09:58:8e:ff:e5:9c:43:28:66:6a:89:88:10:
         b6:ef:5d:1e:10:74:8a:d4:20:d6:e5:d6:89:6f:37:1e:39:38:
         78:63:a2:a6:e2:54:18:d6:d2:f8:54:9c:fc:3e:11:41:c0:80:
         24:c8:31:da:50:dd:62:f4:58:73:10:09:f3:c9:01:64:dd:80:
         c1:4c:63:9b:fd:b0:cb:d6:fc:b5:b7:43:45:2f:55:01:39:c2:
         b9:76:22:de:89:e3:ef:a8:76:46:d0:ce:db:48:9f:f1:9c:96:
         15:56:48:56:f7:5a:49:8a:af:71:e9:cc:db:dd:28:c0:d9:05:
         6b:4a:dd:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx29DcEwTL/sa4e9DL1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNzJjNWFlZjMzYzA2YzRhZWYyZGFjOGYwNTAzZmNiZGQ5
YTcyODcwHhcNMjQwMTAxMDYzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjcxMzg4YTY1YzljN2RiM2ZmMDUyZDgzZTkwN2UwN2RhM2ZkYmU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvp+sohaXG4n7kGk5vPyUU5A307kY
2uOIFrAuQI7B+iIXRLSaQ78GrfAVs1qDvQ0oJ56Eq2EpIRev2Gx/ZLW+iy5MKj13
kZacoX/sPgg4jd91t2dIMz2Fw1z5z08Ptdb/9o95TLpb1D2ZYQ8XfUPKuRFKzn2H
yVbR0VIcRlRXiDskF79bEJYuB9l4E8nt1RCIKjQD791BGceFw9+CXZ9rGWKgIrFb
zOJ9tbEffCfbMJxFOZVJjr/qoX7dJpyYE4fWMPWkuZK1ayxLf85A8glYOYd3oNxH
zJ4Pc91WXuOtGahuTNqQQEHCl/Aqjmi6iXyDUV+OBan1ILS1xQ5nYp1ILwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJxOIplycfbP/BS2D6QfgfaP9vnMB8GA1UdIwQY
MBaAFMFyxa7zPAbErvLayPBQP8vdmnKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1hMRnJ2TThCc1N1OHRySThGQV95OTJhY29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zMDYzMzAtMTFkMi00NDNmLTgzNDIt
ZWE1ODcwNjUzMDc2LzEvQW5FNGltWEp4OXNfOEZMWVBwQi1COW9fMi1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zMDYzMzAtMTFkMi00NDNmLTgzNDItZWE1ODcwNjUzMDc2
LzEvd1hMRnJ2TThCc1N1OHRySThGQV95OTJhY29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoO55MA0G
CSqGSIb3DQEBCwUAA4IBAQA1hHTT7k4YSvZ0rHDksJfObY6ZdebKo9oJ6lZ+ys+4
5e4XCwqWcq9JcVmNfaUvLk8qyc7BCJLb7IsVJELlau2ILRLCGr2LPOjjnvEDo/Y8
+Mfny6BEYAn9iDA+vEfTHhDvtO93QwqPGMBQfUjPtjDyFR8w9iCRjh+4YbADt452
WJuuvAlYjv/lnEMoZmqJiBC2710eEHSK1CDW5daJbzceOTh4Y6Km4lQY1tL4VJz8
PhFBwIAkyDHaUN1i9FhzEAnzyQFk3YDBTGOb/bDL1vy1t0NFL1UBOcK5diLeiePv
qHZG0M7bSJ/xnJYVVkhW91pJiq9x6czb3SjA2QVrSt2h
-----END CERTIFICATE-----