Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ohiM_yvSP1_9Y3cvHiELANqJvD8.roa
File:                     ohiM_yvSP1_9Y3cvHiELANqJvD8.roa (raw, json)
Hash identifier:          wTwYYG9t5wy8B7c7ycYnMlTqGd4EJ7bw/l5FctmXKAA=
Subject key identifier:   A2:18:8C:FF:2B:D2:3F:5F:FD:63:77:2F:1E:21:0B:00:DA:89:BC:3F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       018CC727570849B06E1D9E9DF67B61153148
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ohiM_yvSP1_9Y3cvHiELANqJvD8.roa
Signing time:             Mon 01 Jan 2024 22:31:33 +0000
ROA not before:           Mon 01 Jan 2024 22:31:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19762
IP address blocks:        194.69.160.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:57:08:49:b0:6e:1d:9e:9d:f6:7b:61:15:31:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 22:31:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a2188cff2bd23f5ffd63772f1e210b00da89bc3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:d6:83:63:4a:1e:1e:21:76:18:e4:64:a9:45:
                    0c:c1:ec:69:30:ef:c9:b2:43:7f:ec:34:c6:79:86:
                    89:34:8a:7c:85:b4:f5:7e:43:5a:c9:a1:63:bf:30:
                    80:54:ef:92:59:5b:c6:9a:09:c8:e6:3f:5b:33:82:
                    af:c3:b8:a6:3a:71:ed:f8:af:cf:53:69:c7:d2:b9:
                    e6:94:27:35:52:36:66:0c:0a:63:10:7e:a6:71:b7:
                    d9:0c:10:5a:90:83:d0:77:e7:25:dd:38:e5:80:68:
                    68:a7:7a:ca:21:27:ba:54:9d:dc:48:ba:f6:c7:01:
                    0e:4c:3b:02:db:e2:cf:f4:3e:9e:7c:56:ed:01:10:
                    33:9e:05:36:9d:bf:1d:0f:f7:63:e9:52:89:b3:0a:
                    b9:c4:de:a8:b5:40:97:d5:1c:cb:c6:6d:ce:d1:e2:
                    88:56:56:1d:75:3a:b0:0e:bb:dd:f2:a1:ab:e9:f1:
                    7d:5b:78:25:d7:e5:0a:bf:27:97:4a:2c:84:da:ce:
                    86:e4:a0:37:55:16:16:6b:9b:9d:88:f4:3c:ae:92:
                    0e:1f:fd:14:af:53:71:e7:84:01:31:cb:f8:bd:eb:
                    b6:5a:d2:83:07:3f:72:86:59:12:59:a4:01:43:5d:
                    2d:0d:4d:32:51:1c:48:ee:2f:64:09:c8:58:ae:47:
                    a9:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:18:8C:FF:2B:D2:3F:5F:FD:63:77:2F:1E:21:0B:00:DA:89:BC:3F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/ohiM_yvSP1_9Y3cvHiELANqJvD8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.69.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:ff:05:91:1a:e8:39:27:d0:ae:65:5f:0e:be:9f:f0:7b:33:
         60:93:7e:01:60:ed:94:a5:3b:58:71:dd:58:f2:57:24:a1:2d:
         a6:49:47:b4:d2:06:67:93:df:38:1e:63:33:19:12:11:7a:e4:
         d5:38:75:e3:ab:11:05:fb:85:07:fa:6c:60:8e:fb:ae:a6:5a:
         48:df:8e:a8:b3:6b:68:10:62:12:84:57:ce:86:fd:3e:87:d9:
         8c:14:92:8d:16:1b:3a:63:d7:2c:20:e7:52:54:15:db:f4:9e:
         2f:9d:79:f4:6b:ad:7a:c2:91:f5:b7:dc:83:de:a3:65:05:b8:
         cd:3c:34:b1:57:7c:66:d2:d6:5f:2b:6d:0d:33:4d:0b:8e:6b:
         ab:33:a4:f2:b3:79:df:06:3e:0a:10:f3:66:9b:de:93:bf:fe:
         c3:db:37:e1:e7:1f:7b:4c:1b:1b:6a:a7:80:17:8e:1d:5d:fa:
         15:a4:67:37:5c:94:1d:04:31:e3:e4:fa:f0:72:71:78:80:eb:
         c7:e0:9d:fa:31:f6:ed:a6:38:c4:e7:d5:37:1f:c9:fd:99:fc:
         ce:42:78:eb:54:07:5b:67:4f:3f:6c:a6:c6:79:cc:d4:c3:b4:
         a9:99:4a:ed:aa:9f:70:33:1c:16:11:35:9e:46:5b:fe:30:cf:
         40:02:51:90
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ1cISbBuHZ6d9nthFTFIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwMTAxMjIzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjE4OGNmZjJiZDIzZjVmZmQ2Mzc3MmYxZTIxMGIwMGRhODliYzNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktaDY0oeHiF2GORkqUUMwexpMO/J
skN/7DTGeYaJNIp8hbT1fkNayaFjvzCAVO+SWVvGmgnI5j9bM4Kvw7imOnHt+K/P
U2nH0rnmlCc1UjZmDApjEH6mcbfZDBBakIPQd+cl3TjlgGhop3rKISe6VJ3cSLr2
xwEOTDsC2+LP9D6efFbtARAzngU2nb8dD/dj6VKJswq5xN6otUCX1RzLxm3O0eKI
VlYddTqwDrvd8qGr6fF9W3gl1+UKvyeXSiyE2s6G5KA3VRYWa5udiPQ8rpIOH/0U
r1Nx54QBMcv4veu2WtKDBz9yhlkSWaQBQ10tDU0yURxI7i9kCchYrkep1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKIYjP8r0j9f/WN3Lx4hCwDaibw/MB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvb2hpTV95dlNQMV85WTNjdkhpRUxBTnFKdkQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwkWgMA0G
CSqGSIb3DQEBCwUAA4IBAQAu/wWRGug5J9CuZV8Ovp/wezNgk34BYO2UpTtYcd1Y
8lckoS2mSUe00gZnk984HmMzGRIReuTVOHXjqxEF+4UH+mxgjvuuplpI346os2to
EGIShFfOhv0+h9mMFJKNFhs6Y9csIOdSVBXb9J4vnXn0a616wpH1t9yD3qNlBbjN
PDSxV3xm0tZfK20NM00LjmurM6Tys3nfBj4KEPNmm96Tv/7D2zfh5x97TBsbaqeA
F44dXfoVpGc3XJQdBDHj5PrwcnF4gOvH4J36MfbtpjjE59U3H8n9mfzOQnjrVAdb
Z08/bKbGeczUw7SpmUrtqp9wMxwWETWeRlv+MM9AAlGQ
-----END CERTIFICATE-----