Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/0015d3-1b21-4e55-850b-674328d52bd7/1/kq3fns1dqTylHLr-JW8UX9_g1M0.roa
File:                     kq3fns1dqTylHLr-JW8UX9_g1M0.roa (raw, json)
Hash identifier:          2lI06J6YYUNuzmBBfO6YRvKCubFITWbJgXI9G2YMCtc=
Subject key identifier:   92:AD:DF:9E:CD:5D:A9:3C:A5:1C:BA:FE:25:6F:14:5F:DF:E0:D4:CD
Certificate issuer:       /CN=582ac3589fc539ab852690f85d9f3f7f234ec39b
Certificate serial:       018CCA998F925F4DF807FC51353C61DA4154
Authority key identifier: 58:2A:C3:58:9F:C5:39:AB:85:26:90:F8:5D:9F:3F:7F:23:4E:C3:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WCrDWJ_FOauFJpD4XZ8_fyNOw5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/0015d3-1b21-4e55-850b-674328d52bd7/1/kq3fns1dqTylHLr-JW8UX9_g1M0.roa
Signing time:             Tue 02 Jan 2024 14:35:10 +0000
ROA not before:           Tue 02 Jan 2024 14:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28952
IP address blocks:        91.191.69.0/24 maxlen: 24
                          91.191.80.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/0015d3-1b21-4e55-850b-674328d52bd7/1/WCrDWJ_FOauFJpD4XZ8_fyNOw5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/0015d3-1b21-4e55-850b-674328d52bd7/1/WCrDWJ_FOauFJpD4XZ8_fyNOw5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WCrDWJ_FOauFJpD4XZ8_fyNOw5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:02:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:8f:92:5f:4d:f8:07:fc:51:35:3c:61:da:41:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=582ac3589fc539ab852690f85d9f3f7f234ec39b
        Validity
            Not Before: Jan  2 14:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=92addf9ecd5da93ca51cbafe256f145fdfe0d4cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4f:33:0b:15:91:17:07:a0:84:5d:a3:c2:55:
                    5e:1e:d8:a7:08:38:4e:c5:1b:c0:17:9b:cf:eb:68:
                    03:0d:5d:59:af:2e:99:03:4b:f4:98:9a:03:60:65:
                    a5:15:4a:2b:9d:5d:d3:b7:02:63:af:5c:7d:15:96:
                    0b:e5:86:97:f0:6a:08:01:3d:26:9e:0c:cc:62:75:
                    16:ef:cc:c7:a5:6f:52:fd:34:7f:7c:d1:ac:c0:a3:
                    72:59:db:29:6c:57:9d:5c:11:26:ff:d9:ec:a0:94:
                    da:b8:43:b9:ef:34:ed:47:83:a7:e7:db:ec:54:04:
                    a3:0f:46:8a:22:fd:6e:94:91:55:5b:93:58:9c:41:
                    d9:7e:e2:93:2c:c0:c5:dc:a8:52:7a:6b:32:a9:a7:
                    75:de:7f:ed:7b:26:21:bf:df:a4:f0:4c:1e:03:59:
                    13:61:b6:cb:2a:00:c0:ba:fd:f5:b4:f0:c4:c0:14:
                    6a:36:9f:00:b6:68:bf:8d:64:20:9e:8d:ab:2a:6c:
                    64:52:ce:93:49:8c:96:6f:7f:f3:43:4d:61:3e:9a:
                    d9:5e:29:91:e8:8f:7e:67:8d:45:86:56:de:0c:6a:
                    53:bb:23:c5:3b:41:14:81:a9:d6:46:68:4d:f6:a4:
                    a6:03:e4:7b:04:f5:e7:b5:43:14:aa:a5:f9:11:fc:
                    21:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:AD:DF:9E:CD:5D:A9:3C:A5:1C:BA:FE:25:6F:14:5F:DF:E0:D4:CD
            X509v3 Authority Key Identifier:
                keyid:58:2A:C3:58:9F:C5:39:AB:85:26:90:F8:5D:9F:3F:7F:23:4E:C3:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WCrDWJ_FOauFJpD4XZ8_fyNOw5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0015d3-1b21-4e55-850b-674328d52bd7/1/kq3fns1dqTylHLr-JW8UX9_g1M0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/0015d3-1b21-4e55-850b-674328d52bd7/1/WCrDWJ_FOauFJpD4XZ8_fyNOw5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.191.69.0/24
                  91.191.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7f:13:18:78:cb:a2:f4:be:39:4a:a7:06:ee:20:ab:f7:a7:87:
         1f:ce:0a:ca:7c:71:51:2b:0d:bb:3a:37:a7:79:6e:38:f7:d8:
         9b:13:63:c6:1d:9d:a8:97:85:06:0e:96:9e:19:90:7e:fa:81:
         15:0e:39:ad:54:a6:90:61:62:6c:8c:32:8b:fb:87:af:ef:fa:
         a2:7c:8b:8b:ca:7f:ac:5e:37:fe:99:bb:a9:98:94:99:03:4a:
         12:b8:80:d3:c1:73:11:00:d7:ee:35:ca:d5:c3:e7:53:c5:27:
         be:1f:49:0d:88:c1:07:cc:7c:ee:e2:2d:99:59:64:dc:18:7e:
         48:42:97:d5:d1:e4:90:32:0f:5d:5f:6b:65:15:14:67:82:49:
         bd:89:18:60:38:e0:eb:99:43:3e:59:b5:5b:69:2a:17:1a:8a:
         e8:29:42:85:ce:b7:91:13:4e:15:31:62:36:e9:d2:89:8e:39:
         c5:26:73:5f:39:e5:0a:72:06:6f:d8:9e:dc:af:0d:0e:c1:4f:
         09:06:ce:1a:fe:76:f5:55:03:31:5a:34:8a:e9:3b:52:66:07:
         c3:d8:ec:18:ac:8d:a7:61:fd:86:6b:01:d5:08:1b:76:2f:ef:
         0e:a6:09:2f:3f:88:36:8b:f3:46:fd:ea:5a:93:b2:14:00:cf:
         15:16:d0:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKmY+SX034B/xRNTxh2kFUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MmFjMzU4OWZjNTM5YWI4NTI2OTBmODVkOWYzZjdmMjM0
ZWMzOWIwHhcNMjQwMTAyMTQzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmFkZGY5ZWNkNWRhOTNjYTUxY2JhZmUyNTZmMTQ1ZmRmZTBkNGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE8zCxWRFweghF2jwlVeHtinCDhO
xRvAF5vP62gDDV1Zry6ZA0v0mJoDYGWlFUornV3TtwJjr1x9FZYL5YaX8GoIAT0m
ngzMYnUW78zHpW9S/TR/fNGswKNyWdspbFedXBEm/9nsoJTauEO57zTtR4On59vs
VASjD0aKIv1ulJFVW5NYnEHZfuKTLMDF3KhSemsyqad13n/teyYhv9+k8EweA1kT
YbbLKgDAuv31tPDEwBRqNp8Atmi/jWQgno2rKmxkUs6TSYyWb3/zQ01hPprZXimR
6I9+Z41FhlbeDGpTuyPFO0EUganWRmhN9qSmA+R7BPXntUMUqqX5EfwhvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJKt357NXak8pRy6/iVvFF/f4NTNMB8GA1UdIwQY
MBaAFFgqw1ifxTmrhSaQ+F2fP38jTsObMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0NyRFdKX0ZPYXVGSnBENFhaOF9meU5PdzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8wMDE1ZDMtMWIyMS00ZTU1LTg1MGIt
Njc0MzI4ZDUyYmQ3LzEva3EzZm5zMWRxVHlsSExyLUpXOFVYOV9nMU0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8wMDE1ZDMtMWIyMS00ZTU1LTg1MGItNjc0MzI4ZDUyYmQ3
LzEvV0NyRFdKX0ZPYXVGSnBENFhaOF9meU5PdzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAW79FAwQC
W79QMA0GCSqGSIb3DQEBCwUAA4IBAQB/Exh4y6L0vjlKpwbuIKv3p4cfzgrKfHFR
Kw27OjeneW4499ibE2PGHZ2ol4UGDpaeGZB++oEVDjmtVKaQYWJsjDKL+4ev7/qi
fIuLyn+sXjf+mbupmJSZA0oSuIDTwXMRANfuNcrVw+dTxSe+H0kNiMEHzHzu4i2Z
WWTcGH5IQpfV0eSQMg9dX2tlFRRngkm9iRhgOODrmUM+WbVbaSoXGoroKUKFzreR
E04VMWI26dKJjjnFJnNfOeUKcgZv2J7crw0OwU8JBs4a/nb1VQMxWjSK6TtSZgfD
2OwYrI2nYf2GawHVCBt2L+8OpgkvP4g2i/NG/epak7IUAM8VFtBO
-----END CERTIFICATE-----