Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/2a860c-1005-4423-95bd-3079d588aa99/1/OjoHo3Tazu3i72LRtxL23vbOIK8.roa
File:                     OjoHo3Tazu3i72LRtxL23vbOIK8.roa (raw, json)
Hash identifier:          bvroMcNS5h7zfQ7n0r10HWvfJC5kA2pxkVdW2W9XrIo=
Subject key identifier:   3A:3A:07:A3:74:DA:CE:ED:E2:EF:62:D1:B7:12:F6:DE:F6:CE:20:AF
Certificate issuer:       /CN=d67f1283b630e588cb039ba652b90299d71a8e78
Certificate serial:       018CEF2BE0E47002484F78B699CABC956F6D
Authority key identifier: D6:7F:12:83:B6:30:E5:88:CB:03:9B:A6:52:B9:02:99:D7:1A:8E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1n8Sg7Yw5YjLA5umUrkCmdcajng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/2a860c-1005-4423-95bd-3079d588aa99/1/OjoHo3Tazu3i72LRtxL23vbOIK8.roa
Signing time:             Tue 09 Jan 2024 17:01:19 +0000
ROA not before:           Tue 09 Jan 2024 17:01:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        188.92.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/2a860c-1005-4423-95bd-3079d588aa99/1/1n8Sg7Yw5YjLA5umUrkCmdcajng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/2a860c-1005-4423-95bd-3079d588aa99/1/1n8Sg7Yw5YjLA5umUrkCmdcajng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1n8Sg7Yw5YjLA5umUrkCmdcajng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 22:02:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ef:2b:e0:e4:70:02:48:4f:78:b6:99:ca:bc:95:6f:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d67f1283b630e588cb039ba652b90299d71a8e78
        Validity
            Not Before: Jan  9 17:01:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a3a07a374daceede2ef62d1b712f6def6ce20af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:a1:93:26:bd:b4:7b:27:aa:e0:54:b6:9e:7f:
                    6a:c8:ab:9f:51:14:f4:11:28:69:f9:7d:86:39:b6:
                    8b:0c:fd:eb:ed:48:53:8a:ab:bd:73:fc:e4:e6:28:
                    27:57:6a:e4:0e:77:e4:00:dd:ed:3f:06:fd:2d:38:
                    17:7c:15:25:81:09:a4:4f:d1:dd:f4:8b:59:06:75:
                    2b:b7:92:1f:e9:df:52:3d:1f:36:d4:e5:b9:b0:37:
                    3c:f3:a4:60:c2:0f:91:ca:80:25:56:73:b5:fd:47:
                    47:61:40:6b:ee:71:82:60:80:53:60:06:96:db:ad:
                    43:c3:ca:1f:60:85:58:4e:c8:d1:f0:61:da:61:b8:
                    96:96:82:79:41:d3:0f:77:bb:21:d2:b1:d6:31:c1:
                    a0:b5:a8:9d:fc:86:f9:6d:b3:b9:08:2c:d5:90:23:
                    bc:e4:bd:18:b3:95:7f:8a:68:b6:89:8b:58:ff:fe:
                    7d:b9:75:e3:ed:ad:62:1d:f8:e8:cc:4b:1d:48:4e:
                    89:c8:fb:cc:7f:8f:8d:87:ba:6c:25:7e:12:f0:84:
                    29:a1:30:35:0e:2b:f2:d0:2d:6f:ca:ed:70:c4:05:
                    f3:e0:19:3c:d9:b8:08:e3:37:07:d5:8b:8a:3c:ce:
                    a4:6c:cb:65:ab:00:ef:40:7c:cd:28:70:71:24:57:
                    f1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:3A:07:A3:74:DA:CE:ED:E2:EF:62:D1:B7:12:F6:DE:F6:CE:20:AF
            X509v3 Authority Key Identifier:
                keyid:D6:7F:12:83:B6:30:E5:88:CB:03:9B:A6:52:B9:02:99:D7:1A:8E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1n8Sg7Yw5YjLA5umUrkCmdcajng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2a860c-1005-4423-95bd-3079d588aa99/1/OjoHo3Tazu3i72LRtxL23vbOIK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2a860c-1005-4423-95bd-3079d588aa99/1/1n8Sg7Yw5YjLA5umUrkCmdcajng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.92.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:cc:28:8f:da:18:bf:16:4f:12:35:3e:9c:50:d1:c8:2d:54:
         04:2c:00:80:19:73:eb:1a:da:9e:9e:71:08:55:83:1f:70:d2:
         f7:cc:70:6c:3d:09:ca:57:d9:2c:f2:6e:51:57:fc:1c:5e:19:
         18:7c:21:a5:0f:fa:a1:33:51:00:7a:90:12:75:ca:f1:de:00:
         ee:86:07:c4:79:57:c8:9b:a4:46:e1:eb:db:67:ed:6a:8e:46:
         c1:c5:56:e2:1a:3f:76:45:63:c6:5f:9d:f4:89:91:3f:b5:80:
         82:33:5a:48:06:35:95:bc:0d:0c:5c:39:89:7a:90:0f:d6:fd:
         c1:23:fe:c0:7b:5c:01:77:c4:f1:ff:69:71:3e:39:f9:59:b3:
         7f:a0:9c:78:7d:63:f0:9f:fa:e0:2c:77:8f:2c:f7:e8:a9:68:
         0b:2e:3e:41:21:49:83:6b:6a:e5:33:f4:d1:7c:62:aa:24:aa:
         bf:4c:73:08:29:f1:ed:e0:29:d8:2d:da:51:ed:9e:7e:8d:53:
         4c:6a:20:73:1f:b9:1c:f4:4c:f8:7e:bd:b7:de:76:ff:d9:5b:
         bc:b3:de:2f:ec:97:1b:da:d2:a1:29:c6:07:8f:e3:08:c9:1f:
         2c:5b:c2:81:ae:84:93:97:97:68:3a:0d:5f:bb:64:fc:b7:3b:
         b5:fb:d2:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzvK+DkcAJIT3i2mcq8lW9tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2N2YxMjgzYjYzMGU1ODhjYjAzOWJhNjUyYjkwMjk5ZDcx
YThlNzgwHhcNMjQwMTA5MTcwMTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTNhMDdhMzc0ZGFjZWVkZTJlZjYyZDFiNzEyZjZkZWY2Y2UyMGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKGTJr20eyeq4FS2nn9qyKufURT0
EShp+X2GObaLDP3r7UhTiqu9c/zk5ignV2rkDnfkAN3tPwb9LTgXfBUlgQmkT9Hd
9ItZBnUrt5If6d9SPR821OW5sDc886Rgwg+RyoAlVnO1/UdHYUBr7nGCYIBTYAaW
261Dw8ofYIVYTsjR8GHaYbiWloJ5QdMPd7sh0rHWMcGgtaid/Ib5bbO5CCzVkCO8
5L0Ys5V/imi2iYtY//59uXXj7a1iHfjozEsdSE6JyPvMf4+Nh7psJX4S8IQpoTA1
Divy0C1vyu1wxAXz4Bk82bgI4zcH1YuKPM6kbMtlqwDvQHzNKHBxJFfx6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDo6B6N02s7t4u9i0bcS9t72ziCvMB8GA1UdIwQY
MBaAFNZ/EoO2MOWIywObplK5ApnXGo54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMW44U2c3WXc1WWpMQTV1bVVya0NtZGNham5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yYTg2MGMtMTAwNS00NDIzLTk1YmQt
MzA3OWQ1ODhhYTk5LzEvT2pvSG8zVGF6dTNpNzJMUnR4TDIzdmJPSUs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yYTg2MGMtMTAwNS00NDIzLTk1YmQtMzA3OWQ1ODhhYTk5
LzEvMW44U2c3WXc1WWpMQTV1bVVya0NtZGNham5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvFwZMA0G
CSqGSIb3DQEBCwUAA4IBAQA8zCiP2hi/Fk8SNT6cUNHILVQELACAGXPrGtqennEI
VYMfcNL3zHBsPQnKV9ks8m5RV/wcXhkYfCGlD/qhM1EAepASdcrx3gDuhgfEeVfI
m6RG4evbZ+1qjkbBxVbiGj92RWPGX530iZE/tYCCM1pIBjWVvA0MXDmJepAP1v3B
I/7Ae1wBd8Tx/2lxPjn5WbN/oJx4fWPwn/rgLHePLPfoqWgLLj5BIUmDa2rlM/TR
fGKqJKq/THMIKfHt4CnYLdpR7Z5+jVNMaiBzH7kc9Ez4fr233nb/2Vu8s94v7Jcb
2tKhKcYHj+MIyR8sW8KBroSTl5doOg1fu2T8tzu1+9LS
-----END CERTIFICATE-----