Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/OAkrSqfZjROgM8oZN4ddqwaUIFY.roa
File:                     OAkrSqfZjROgM8oZN4ddqwaUIFY.roa (raw, json)
Hash identifier:          njs/k7l0yWQH9Tc0wN0u7gMoEWInaliFjlKXNYgF0Kg=
Subject key identifier:   38:09:2B:4A:A7:D9:8D:13:A0:33:CA:19:37:87:5D:AB:06:94:20:56
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369F72EB2BA0A3B7311A8045FBA6898
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/OAkrSqfZjROgM8oZN4ddqwaUIFY.roa
Signing time:             Wed 01 Jan 2025 19:48:54 +0000
ROA not before:           Wed 01 Jan 2025 19:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208949
IP address blocks:        160.19.94.0/24 maxlen: 24
                          160.19.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f7:2e:b2:ba:0a:3b:73:11:a8:04:5f:ba:68:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=38092b4aa7d98d13a033ca1937875dab06942056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:5a:9a:2a:f3:31:75:0d:3c:99:49:05:0e:38:
                    42:4e:21:b4:6e:af:2c:d2:16:6e:a7:96:90:c1:1b:
                    60:5e:9e:5a:e5:5e:1d:10:b5:e4:93:74:98:ee:1e:
                    39:a5:16:4d:f8:81:3c:f2:fb:95:9c:e0:8b:d6:e7:
                    14:c6:94:04:07:7a:6f:66:2d:2f:66:dc:d6:61:fa:
                    3a:8f:5b:37:14:e9:d4:4d:72:2b:a9:8e:bc:03:dd:
                    11:3d:f1:81:ca:33:3d:a6:7e:9f:07:dd:93:78:e7:
                    5b:21:0e:ee:05:0e:82:39:d9:01:7b:e7:27:35:3e:
                    37:eb:bd:1f:14:91:3e:e4:c4:aa:35:3b:be:4a:ee:
                    85:67:1e:f0:77:6d:79:d5:42:74:d3:8a:1e:fe:14:
                    9e:f1:14:2f:1e:0c:48:85:59:92:f8:ab:10:d7:ef:
                    7c:08:ba:84:52:8c:cf:24:ef:e5:ee:2c:f9:02:00:
                    59:97:48:45:9a:63:06:08:d9:31:a6:06:e8:a5:21:
                    a9:92:c9:77:0f:97:1c:22:f1:35:e2:80:e9:26:0a:
                    a8:65:0a:b6:8c:ea:06:9d:b5:3c:d2:04:d4:d2:14:
                    c2:d4:80:08:f0:77:f1:95:cc:1d:93:6a:55:5f:f4:
                    29:d1:7b:e4:e0:a7:b5:21:5d:4a:df:b7:6f:c3:0e:
                    d4:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:09:2B:4A:A7:D9:8D:13:A0:33:CA:19:37:87:5D:AB:06:94:20:56
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/OAkrSqfZjROgM8oZN4ddqwaUIFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.19.94.0/23

    Signature Algorithm: sha256WithRSAEncryption
         73:cc:fc:69:d4:76:d1:e5:9b:07:01:36:a2:6d:51:b0:4f:f9:
         74:27:52:d8:0d:d8:85:f1:6f:25:70:88:d6:24:6a:5b:35:83:
         ce:5a:30:9f:62:f7:72:f0:d1:7c:03:bc:6a:42:87:1f:e9:da:
         5e:62:a8:0a:e4:14:86:62:c8:8a:85:3a:0c:c7:7e:13:f4:12:
         c8:f6:99:b1:d0:87:37:ea:53:8c:aa:11:f8:b3:b5:03:42:3b:
         81:1f:4b:1f:5d:16:82:06:b4:30:58:fa:6b:18:03:36:ac:39:
         df:fb:7e:38:ab:4c:9c:6f:78:a1:b2:f9:ac:85:ac:98:95:42:
         4f:f9:2a:90:50:d9:19:37:05:ae:0c:23:db:bb:8c:e0:4a:13:
         01:b0:45:e8:4e:30:e8:8c:c7:74:d9:0f:1a:91:8d:4b:ab:44:
         cc:36:74:9b:09:c7:7f:88:bf:a6:6b:2b:fe:41:22:e9:3c:42:
         60:ab:52:e3:48:dc:52:8c:2d:a5:aa:b6:9b:89:e7:c8:a7:db:
         0f:2d:46:18:9d:21:07:5e:6d:66:b4:29:4b:8c:d1:23:e3:dd:
         57:81:d5:11:b8:2c:da:28:b2:11:94:57:c8:e4:56:18:29:1b:
         21:4b:34:0b:27:cc:c0:1e:f5:96:ed:d7:00:f8:3d:d7:35:b0:
         a1:64:b7:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafcusroKO3MRqARfumiYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODA5MmI0YWE3ZDk4ZDEzYTAzM2NhMTkzNzg3NWRhYjA2OTQyMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVqaKvMxdQ08mUkFDjhCTiG0bq8s
0hZup5aQwRtgXp5a5V4dELXkk3SY7h45pRZN+IE88vuVnOCL1ucUxpQEB3pvZi0v
ZtzWYfo6j1s3FOnUTXIrqY68A90RPfGByjM9pn6fB92TeOdbIQ7uBQ6COdkBe+cn
NT43670fFJE+5MSqNTu+Su6FZx7wd2151UJ004oe/hSe8RQvHgxIhVmS+KsQ1+98
CLqEUozPJO/l7iz5AgBZl0hFmmMGCNkxpgbopSGpksl3D5ccIvE14oDpJgqoZQq2
jOoGnbU80gTU0hTC1IAI8Hfxlcwdk2pVX/Qp0Xvk4Ke1IV1K37dvww7U5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDgJK0qn2Y0ToDPKGTeHXasGlCBWMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvT0FrclNxZlpqUk9nTThvWk40ZGRxd2FVSUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBoBNeMA0G
CSqGSIb3DQEBCwUAA4IBAQBzzPxp1HbR5ZsHATaibVGwT/l0J1LYDdiF8W8lcIjW
JGpbNYPOWjCfYvdy8NF8A7xqQocf6dpeYqgK5BSGYsiKhToMx34T9BLI9pmx0Ic3
6lOMqhH4s7UDQjuBH0sfXRaCBrQwWPprGAM2rDnf+344q0ycb3ihsvmshayYlUJP
+SqQUNkZNwWuDCPbu4zgShMBsEXoTjDojMd02Q8akY1Lq0TMNnSbCcd/iL+mayv+
QSLpPEJgq1LjSNxSjC2lqrabiefIp9sPLUYYnSEHXm1mtClLjNEj491XgdURuCza
KLIRlFfI5FYYKRshSzQLJ8zAHvWW7dcA+D3XNbChZLcc
-----END CERTIFICATE-----