Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/C3RXy6n7ahBGWmHMmAeBoTEM4Us.roa
File:                     C3RXy6n7ahBGWmHMmAeBoTEM4Us.roa (raw, json)
Hash identifier:          6focqh+cK6/xOOqYNotWg9mye0yrMp3dklTf1GFNElM=
Subject key identifier:   0B:74:57:CB:A9:FB:6A:10:46:5A:61:CC:98:07:81:A1:31:0C:E1:4B
Certificate issuer:       /CN=9256ebf66b80f08135858d144ced6f785834f5f4
Certificate serial:       018CC9BC568A627FD612B274521E16F1A7B3
Authority key identifier: 92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/C3RXy6n7ahBGWmHMmAeBoTEM4Us.roa
Signing time:             Tue 02 Jan 2024 10:33:32 +0000
ROA not before:           Tue 02 Jan 2024 10:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35421
IP address blocks:        185.168.160.0/24 maxlen: 24
                          185.168.160.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 23:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:56:8a:62:7f:d6:12:b2:74:52:1e:16:f1:a7:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9256ebf66b80f08135858d144ced6f785834f5f4
        Validity
            Not Before: Jan  2 10:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0b7457cba9fb6a10465a61cc980781a1310ce14b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bd:2e:d0:ae:43:b2:19:f8:59:cf:c1:fa:46:
                    d0:c6:7d:65:dc:8f:fd:5d:e1:8a:ad:41:65:f8:e5:
                    21:0c:d2:ec:26:18:37:6b:ba:cc:ca:1d:dd:2f:a7:
                    19:d5:cb:a4:d8:ee:9a:84:ca:37:70:36:38:76:47:
                    c6:07:d7:35:c4:81:3d:59:01:17:fb:40:f2:d3:03:
                    9a:4b:c0:45:aa:db:21:60:ff:96:85:fe:ab:37:2f:
                    c8:61:b8:2b:af:e7:72:74:ef:73:e1:be:91:bb:81:
                    b6:38:7f:47:ec:ae:a9:1e:20:9a:8a:86:0f:60:e7:
                    0b:03:bf:0b:51:1d:37:62:2b:38:f4:b4:c3:e0:61:
                    f2:fa:ae:aa:94:2b:7a:a8:39:7a:55:7b:6c:e3:ba:
                    f8:aa:32:09:df:0b:9b:66:da:2b:f2:dc:0f:25:7c:
                    c1:21:c6:32:64:d1:6f:ce:7f:3b:bf:d2:b2:08:7f:
                    28:40:2d:f0:0e:40:99:2a:fe:c3:a5:da:5c:6d:19:
                    36:eb:ad:40:09:b7:dc:e7:ab:1d:99:d7:d9:71:b9:
                    01:67:8e:f9:8a:e7:4d:ff:e7:05:a2:3e:49:97:3a:
                    5f:0f:89:7e:7a:cb:0c:76:12:85:86:e4:0c:03:33:
                    ca:48:b2:34:4e:76:0e:64:09:ba:ca:20:cd:3b:c2:
                    c1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:74:57:CB:A9:FB:6A:10:46:5A:61:CC:98:07:81:A1:31:0C:E1:4B
            X509v3 Authority Key Identifier:
                keyid:92:56:EB:F6:6B:80:F0:81:35:85:8D:14:4C:ED:6F:78:58:34:F5:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/klbr9muA8IE1hY0UTO1veFg09fQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/C3RXy6n7ahBGWmHMmAeBoTEM4Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/b717c5-a64b-4475-be3e-5da8d677d847/1/klbr9muA8IE1hY0UTO1veFg09fQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.168.160.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:bb:89:3c:65:86:f2:ad:1e:ee:ef:64:f2:f2:56:ad:e8:8e:
         32:7a:2f:74:df:f2:24:9c:c8:5d:cf:15:99:a1:c5:5b:c2:b2:
         ef:e1:01:b8:68:70:2b:fe:ee:70:2d:d2:b6:d0:14:b2:f2:43:
         a5:41:6f:b9:e0:b8:a0:cd:36:33:c9:09:6e:49:9a:8a:f0:80:
         b3:85:50:8e:d8:17:51:31:3a:8b:e5:b6:7b:80:ce:13:5e:7d:
         cc:da:b5:38:40:6f:9a:48:ae:02:c7:05:a1:5d:29:bb:e6:fe:
         8c:6a:ba:1d:6c:83:66:ce:2c:98:4a:85:03:1b:85:8c:75:67:
         06:dc:a1:25:a6:24:10:4e:3a:fb:d1:81:59:47:d1:f0:5d:2a:
         3c:4f:84:b2:7b:cf:5a:de:73:b3:27:af:e7:67:9b:f3:ae:fb:
         54:ee:79:0e:39:f2:6d:d6:2f:1b:96:8a:77:5c:d0:7a:20:70:
         6e:37:82:3a:47:16:ac:3f:ef:81:0c:0a:75:52:61:be:0c:76:
         8b:a0:b5:13:6a:c2:d4:5f:39:5a:ef:b0:62:8d:28:35:a2:d6:
         12:8a:cf:08:71:50:e9:75:70:dd:ca:9e:9d:5d:ae:34:5a:53:
         7a:5b:9f:24:a7:ae:24:35:b3:91:f2:10:4d:36:f0:2d:3b:9a:
         f6:23:d9:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvFaKYn/WErJ0Uh4W8aezMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyNTZlYmY2NmI4MGYwODEzNTg1OGQxNDRjZWQ2Zjc4NTgz
NGY1ZjQwHhcNMjQwMTAyMTAzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjc0NTdjYmE5ZmI2YTEwNDY1YTYxY2M5ODA3ODFhMTMxMGNlMTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw70u0K5Dshn4Wc/B+kbQxn1l3I/9
XeGKrUFl+OUhDNLsJhg3a7rMyh3dL6cZ1cuk2O6ahMo3cDY4dkfGB9c1xIE9WQEX
+0Dy0wOaS8BFqtshYP+Whf6rNy/IYbgrr+dydO9z4b6Ru4G2OH9H7K6pHiCaioYP
YOcLA78LUR03Yis49LTD4GHy+q6qlCt6qDl6VXts47r4qjIJ3wubZtor8twPJXzB
IcYyZNFvzn87v9KyCH8oQC3wDkCZKv7DpdpcbRk2661ACbfc56sdmdfZcbkBZ475
iudN/+cFoj5JlzpfD4l+essMdhKFhuQMAzPKSLI0TnYOZAm6yiDNO8LBbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAt0V8up+2oQRlphzJgHgaExDOFLMB8GA1UdIwQY
MBaAFJJW6/ZrgPCBNYWNFEztb3hYNPX0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2Ut
NWRhOGQ2NzdkODQ3LzEvQzNSWHk2bjdhaEJHV21ITW1BZUJvVEVNNFVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9iNzE3YzUtYTY0Yi00NDc1LWJlM2UtNWRhOGQ2NzdkODQ3
LzEva2xicjltdUE4SUUxaFkwVVRPMXZlRmcwOWZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuaigMA0G
CSqGSIb3DQEBCwUAA4IBAQAZu4k8ZYbyrR7u72Ty8lat6I4yei903/IknMhdzxWZ
ocVbwrLv4QG4aHAr/u5wLdK20BSy8kOlQW+54LigzTYzyQluSZqK8ICzhVCO2BdR
MTqL5bZ7gM4TXn3M2rU4QG+aSK4CxwWhXSm75v6MarodbINmziyYSoUDG4WMdWcG
3KElpiQQTjr70YFZR9HwXSo8T4Sye89a3nOzJ6/nZ5vzrvtU7nkOOfJt1i8blop3
XNB6IHBuN4I6RxasP++BDAp1UmG+DHaLoLUTasLUXzla77BijSg1otYSis8IcVDp
dXDdyp6dXa40WlN6W58kp64kNbOR8hBNNvAtO5r2I9mf
-----END CERTIFICATE-----