Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/AniCfvHHgAGFPbxwI6bK98LRwwA.roa
File:                     AniCfvHHgAGFPbxwI6bK98LRwwA.roa (raw, json)
Hash identifier:          xrpxnkklh1kBWFIbn5lYZ7zk9Q9b/Kob+qqiooHjJVE=
Subject key identifier:   02:78:82:7E:F1:C7:80:01:85:3D:BC:70:23:A6:CA:F7:C2:D1:C3:00
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D72F431F99BF9DA16B3AAFF37B1751
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/AniCfvHHgAGFPbxwI6bK98LRwwA.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215115
IP address blocks:        94.142.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:2f:43:1f:99:bf:9d:a1:6b:3a:af:f3:7b:17:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0278827ef1c78001853dbc7023a6caf7c2d1c300
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d0:c3:67:19:e3:41:d3:36:25:0c:3d:2b:49:
                    1d:d1:99:64:d0:4c:30:f3:50:eb:fb:90:aa:a6:f5:
                    a8:68:fd:9d:f4:26:07:bc:3d:98:32:95:04:2a:03:
                    1d:fb:ca:09:30:45:67:8b:4e:44:2d:42:a6:be:8f:
                    00:82:dc:58:8a:45:89:31:4a:ab:0e:de:37:c2:68:
                    3b:dd:12:51:d8:4f:ef:49:a7:9c:cf:55:be:c2:2c:
                    80:7e:45:9c:79:aa:77:cb:1f:3a:25:ac:56:74:96:
                    ef:af:3d:aa:5f:63:c3:34:47:ad:b9:22:14:16:13:
                    7f:98:fb:c3:8f:1b:0e:a1:75:08:fe:5a:7a:d5:82:
                    5d:c8:02:40:02:34:ef:4f:98:1a:9b:94:67:74:f4:
                    21:58:de:f2:a4:3d:1c:39:50:a9:ff:4e:ba:de:48:
                    18:28:e9:a8:9a:53:c8:4c:38:80:bf:5b:ed:54:ec:
                    72:c4:ba:01:1f:3e:56:80:30:10:8c:77:ac:c0:8d:
                    e0:9f:c0:02:4e:85:bf:dc:c8:33:04:fa:5e:eb:2c:
                    21:27:d5:a4:c5:52:6c:de:2d:bf:5d:f4:8e:6b:a9:
                    17:04:f2:cd:df:ef:04:88:55:74:86:b2:58:d6:3d:
                    c8:90:a2:2d:17:ee:84:a4:7b:e0:a2:92:a3:27:00:
                    d7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:78:82:7E:F1:C7:80:01:85:3D:BC:70:23:A6:CA:F7:C2:D1:C3:00
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/AniCfvHHgAGFPbxwI6bK98LRwwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:5b:b7:4c:b1:0c:a1:36:a6:3d:07:2e:64:6d:a7:34:d5:17:
         d3:0b:3b:03:c6:a3:84:03:78:cc:fd:ef:75:33:f6:7d:f9:50:
         55:96:5d:c4:16:d2:03:b6:05:a4:e0:d7:ca:54:4d:9a:00:6d:
         ab:a6:ec:e9:10:08:e5:f4:ae:9f:21:71:1c:d1:68:04:06:a2:
         54:e3:a9:35:12:9d:e9:8e:20:c1:22:69:83:ff:4d:12:48:75:
         ca:1d:d7:a3:e9:7d:ed:13:c4:27:41:64:00:29:f6:7d:63:ec:
         48:ca:0c:8b:9c:77:d5:b2:71:44:fc:f1:e3:c9:b6:a8:49:c4:
         05:1e:df:4b:6a:af:ce:b9:07:c9:6c:49:08:22:7c:39:8e:7c:
         36:6b:af:0e:57:be:00:0e:ce:cc:e4:d9:d2:9d:23:22:ca:cc:
         87:b1:db:46:f9:d4:1e:be:cf:ac:18:93:6c:8f:a4:3f:c9:31:
         1e:0b:80:7f:70:b2:1e:22:74:34:db:c2:48:c3:80:ed:64:76:
         97:e1:8f:d5:c8:26:eb:b8:c6:75:67:b5:70:21:14:a9:e5:90:
         ce:70:8a:79:c0:0c:22:60:87:0a:37:93:31:8d:8a:5d:91:94:
         19:3a:d1:d9:8c:84:50:e7:be:c9:09:03:ea:4a:3a:91:d2:76:
         c1:58:1c:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1y9DH5m/naFrOq/zexdRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjc4ODI3ZWYxYzc4MDAxODUzZGJjNzAyM2E2Y2FmN2MyZDFjMzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstDDZxnjQdM2JQw9K0kd0Zlk0Eww
81Dr+5CqpvWoaP2d9CYHvD2YMpUEKgMd+8oJMEVni05ELUKmvo8AgtxYikWJMUqr
Dt43wmg73RJR2E/vSaecz1W+wiyAfkWceap3yx86JaxWdJbvrz2qX2PDNEetuSIU
FhN/mPvDjxsOoXUI/lp61YJdyAJAAjTvT5gam5RndPQhWN7ypD0cOVCp/0663kgY
KOmomlPITDiAv1vtVOxyxLoBHz5WgDAQjHeswI3gn8ACToW/3MgzBPpe6ywhJ9Wk
xVJs3i2/XfSOa6kXBPLN3+8EiFV0hrJY1j3IkKItF+6EpHvgopKjJwDXlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJ4gn7xx4ABhT28cCOmyvfC0cMAMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvQW5pQ2Z2SEhnQUdGUGJ4d0k2Yks5OExSd3dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo6PMA0G
CSqGSIb3DQEBCwUAA4IBAQAJW7dMsQyhNqY9By5kbac01RfTCzsDxqOEA3jM/e91
M/Z9+VBVll3EFtIDtgWk4NfKVE2aAG2rpuzpEAjl9K6fIXEc0WgEBqJU46k1Ep3p
jiDBImmD/00SSHXKHdej6X3tE8QnQWQAKfZ9Y+xIygyLnHfVsnFE/PHjybaoScQF
Ht9Laq/OuQfJbEkIInw5jnw2a68OV74ADs7M5NnSnSMiysyHsdtG+dQevs+sGJNs
j6Q/yTEeC4B/cLIeInQ028JIw4DtZHaX4Y/VyCbruMZ1Z7VwIRSp5ZDOcIp5wAwi
YIcKN5MxjYpdkZQZOtHZjIRQ577JCQPqSjqR0nbBWByo
-----END CERTIFICATE-----