Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/kOS_zQ_9QdJrXsqqjiYllx1iudY.roa
File:                     kOS_zQ_9QdJrXsqqjiYllx1iudY.roa (raw, json)
Hash identifier:          bVD5G0IDitRIoBDWuaz1X5lH42EalqII3gNqm9UQkh8=
Subject key identifier:   90:E4:BF:CD:0F:FD:41:D2:6B:5E:CA:AA:8E:26:25:97:1D:62:B9:D6
Certificate issuer:       /CN=c172c5aef33c06c4aef2dac8f0503fcbdd9a7287
Certificate serial:       018CC3B71DF245CFFA9BFB93205553A6912C
Authority key identifier: C1:72:C5:AE:F3:3C:06:C4:AE:F2:DA:C8:F0:50:3F:CB:DD:9A:72:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wXLFrvM8BsSu8trI8FA_y92acoc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/kOS_zQ_9QdJrXsqqjiYllx1iudY.roa
Signing time:             Mon 01 Jan 2024 06:30:07 +0000
ROA not before:           Mon 01 Jan 2024 06:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210292
IP address blocks:        160.238.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/wXLFrvM8BsSu8trI8FA_y92acoc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/wXLFrvM8BsSu8trI8FA_y92acoc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wXLFrvM8BsSu8trI8FA_y92acoc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 12:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:1d:f2:45:cf:fa:9b:fb:93:20:55:53:a6:91:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c172c5aef33c06c4aef2dac8f0503fcbdd9a7287
        Validity
            Not Before: Jan  1 06:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90e4bfcd0ffd41d26b5ecaaa8e2625971d62b9d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:e0:a0:78:23:cf:fb:f0:15:d5:00:11:9a:ff:
                    8d:d3:b1:65:71:cc:c2:ed:f8:4f:39:55:49:f4:1b:
                    8f:03:74:ab:3b:3e:c6:ba:0e:29:96:87:16:69:c1:
                    00:2b:3d:c3:c2:3c:0d:f9:f7:99:54:4f:12:48:e6:
                    db:85:1c:fe:19:29:f4:52:48:d2:c3:20:ea:43:b8:
                    d4:06:ed:a6:da:ee:1c:6a:83:83:45:fd:df:4e:c5:
                    6f:39:12:cf:97:d5:b9:48:e3:47:88:3c:20:55:83:
                    6b:aa:16:6a:d9:c3:f0:be:99:9a:7e:83:a6:a8:3d:
                    ae:e8:ce:3f:93:49:67:84:59:76:d7:7d:8e:15:af:
                    13:01:5f:c2:df:ad:2e:0f:14:d3:b0:13:f0:12:3e:
                    51:2d:a3:c6:22:c6:e4:f6:5f:0e:84:bd:33:63:3e:
                    ae:74:1d:6d:8b:a7:67:61:82:5e:76:6a:ac:4a:01:
                    23:c1:46:6d:76:1d:e8:b2:6b:96:a3:2c:3c:2d:69:
                    97:cf:32:59:fd:98:97:cb:d2:b0:64:bc:30:ee:c2:
                    d2:d0:15:e8:6c:5b:d9:c7:2a:75:f9:f4:50:ff:c0:
                    1e:d2:59:a7:d7:71:c0:6b:3c:1d:ef:d5:11:0f:92:
                    a7:33:60:ef:7d:7a:9a:11:24:d3:07:f7:0a:20:56:
                    40:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:E4:BF:CD:0F:FD:41:D2:6B:5E:CA:AA:8E:26:25:97:1D:62:B9:D6
            X509v3 Authority Key Identifier:
                keyid:C1:72:C5:AE:F3:3C:06:C4:AE:F2:DA:C8:F0:50:3F:CB:DD:9A:72:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wXLFrvM8BsSu8trI8FA_y92acoc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/kOS_zQ_9QdJrXsqqjiYllx1iudY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/37/306330-11d2-443f-8342-ea5870653076/1/wXLFrvM8BsSu8trI8FA_y92acoc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.238.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:e5:e7:fe:aa:10:25:c8:dc:ee:f8:ba:e4:41:56:f4:c0:ae:
         83:24:1a:f9:34:5f:57:0a:65:f1:a7:db:2c:e7:97:5f:eb:d9:
         04:3c:0e:5f:83:cc:5d:3c:2b:a1:2c:af:ba:23:17:1f:81:7a:
         ae:f2:0b:07:71:b0:7f:9a:09:71:c6:63:c9:02:f5:e3:68:2d:
         1e:ae:35:33:32:99:f7:7b:9d:66:56:a8:fb:22:c2:46:3f:98:
         69:bd:f2:e7:29:7e:8a:de:b9:56:47:ae:4b:b0:4c:44:0f:64:
         a4:06:48:3d:e4:bd:df:eb:82:a6:49:27:04:b2:89:f4:81:d4:
         db:79:82:92:8c:50:8d:6e:27:41:d7:ad:ba:2e:1e:2f:b4:8b:
         5f:ac:bd:85:a2:09:ec:88:21:d5:32:3b:a7:e3:b2:b4:4c:55:
         64:c9:f5:04:89:9e:ad:e5:2b:c5:9e:b4:a2:41:f3:10:91:1f:
         df:53:c5:b1:2a:37:c3:0a:50:fa:a2:7f:a5:02:07:33:ab:ac:
         f7:da:07:16:05:f5:12:a0:71:7d:d6:0c:60:9b:7e:b3:86:c7:
         53:2b:91:06:da:14:ca:59:83:0d:d1:4f:9b:1c:8f:5c:cd:cc:
         cd:92:72:8d:83:48:1f:99:d7:91:90:da:55:9f:50:96:ed:c8:
         fc:6c:2b:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtx3yRc/6m/uTIFVTppEsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxNzJjNWFlZjMzYzA2YzRhZWYyZGFjOGYwNTAzZmNiZGQ5
YTcyODcwHhcNMjQwMTAxMDYzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGU0YmZjZDBmZmQ0MWQyNmI1ZWNhYWE4ZTI2MjU5NzFkNjJiOWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOCgeCPP+/AV1QARmv+N07FlcczC
7fhPOVVJ9BuPA3SrOz7Gug4plocWacEAKz3DwjwN+feZVE8SSObbhRz+GSn0UkjS
wyDqQ7jUBu2m2u4caoODRf3fTsVvORLPl9W5SONHiDwgVYNrqhZq2cPwvpmafoOm
qD2u6M4/k0lnhFl2132OFa8TAV/C360uDxTTsBPwEj5RLaPGIsbk9l8OhL0zYz6u
dB1ti6dnYYJedmqsSgEjwUZtdh3osmuWoyw8LWmXzzJZ/ZiXy9KwZLww7sLS0BXo
bFvZxyp1+fRQ/8Ae0lmn13HAazwd79URD5KnM2DvfXqaESTTB/cKIFZAVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDkv80P/UHSa17Kqo4mJZcdYrnWMB8GA1UdIwQY
MBaAFMFyxa7zPAbErvLayPBQP8vdmnKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1hMRnJ2TThCc1N1OHRySThGQV95OTJhY29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy8zMDYzMzAtMTFkMi00NDNmLTgzNDIt
ZWE1ODcwNjUzMDc2LzEva09TX3pRXzlRZEpyWHNxcWppWWxseDFpdWRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy8zMDYzMzAtMTFkMi00NDNmLTgzNDItZWE1ODcwNjUzMDc2
LzEvd1hMRnJ2TThCc1N1OHRySThGQV95OTJhY29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAoO55MA0G
CSqGSIb3DQEBCwUAA4IBAQBv5ef+qhAlyNzu+LrkQVb0wK6DJBr5NF9XCmXxp9ss
55df69kEPA5fg8xdPCuhLK+6IxcfgXqu8gsHcbB/mglxxmPJAvXjaC0erjUzMpn3
e51mVqj7IsJGP5hpvfLnKX6K3rlWR65LsExED2SkBkg95L3f64KmSScEson0gdTb
eYKSjFCNbidB1626Lh4vtItfrL2FognsiCHVMjun47K0TFVkyfUEiZ6t5SvFnrSi
QfMQkR/fU8WxKjfDClD6on+lAgczq6z32gcWBfUSoHF91gxgm36zhsdTK5EG2hTK
WYMN0U+bHI9czczNknKNg0gfmdeRkNpVn1CW7cj8bCtD
-----END CERTIFICATE-----