Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/OZOU13jxcHSCna7NVq8NZj7z7Z4.roa
File:                     OZOU13jxcHSCna7NVq8NZj7z7Z4.roa (raw, json)
Hash identifier:          OxTt22B22xpUgD98Fu864uaTHI8JlLlmqte20gDmtEk=
Subject key identifier:   39:93:94:D7:78:F1:70:74:82:9D:AE:CD:56:AF:0D:66:3E:F3:ED:9E
Certificate issuer:       /CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
Certificate serial:       018E76A937526D79A90B05611BA1CD21583E
Authority key identifier: 23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/OZOU13jxcHSCna7NVq8NZj7z7Z4.roa
Signing time:             Mon 25 Mar 2024 17:29:44 +0000
ROA not before:           Mon 25 Mar 2024 17:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15083
IP address blocks:        45.15.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:76:a9:37:52:6d:79:a9:0b:05:61:1b:a1:cd:21:58:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23329cb3abe4e940cfc62a20e2a6e2c28fc28329
        Validity
            Not Before: Mar 25 17:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=399394d778f17074829daecd56af0d663ef3ed9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:a0:31:4f:97:f9:7a:e2:a3:c0:6c:0a:ad:40:
                    3e:88:0c:2b:6e:10:f2:18:95:8b:86:93:ff:0b:97:
                    e2:31:48:61:0d:0d:6a:c7:bc:db:73:a0:a7:eb:70:
                    8e:72:a4:e3:9b:5c:b5:ff:90:f2:78:ce:c2:9e:22:
                    92:3d:98:09:bd:77:3d:15:e3:4b:a2:dc:2f:cc:43:
                    5e:da:9a:c8:6e:bc:35:9c:67:7d:b1:51:be:5b:a4:
                    92:dd:62:92:b0:5c:01:91:6d:45:c0:52:c9:96:b5:
                    81:06:a1:c0:4b:10:86:b5:d1:2f:3e:fb:f4:39:54:
                    23:4c:e9:6f:8d:e2:26:5a:01:ec:c1:c6:47:d0:57:
                    2a:9d:e8:01:ea:d5:fd:5a:a2:7a:03:56:a8:f3:0d:
                    86:bf:5c:50:75:98:55:78:d4:49:9e:ed:57:97:9f:
                    1f:49:00:c1:70:5b:ea:06:78:33:a2:62:91:7a:7d:
                    63:67:e3:58:d7:6e:08:a1:b0:b4:cf:98:30:02:ce:
                    2f:ea:6f:ff:67:38:b1:31:b2:5b:e8:3c:38:e3:d4:
                    80:a1:37:3e:ef:c2:aa:69:e9:94:a6:8d:b7:43:01:
                    c4:b0:7c:b9:c7:8e:43:d3:6b:43:77:81:dc:4d:66:
                    a6:c1:9a:7b:85:7a:b1:e0:10:15:af:78:4c:be:4c:
                    c2:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:93:94:D7:78:F1:70:74:82:9D:AE:CD:56:AF:0D:66:3E:F3:ED:9E
            X509v3 Authority Key Identifier:
                keyid:23:32:9C:B3:AB:E4:E9:40:CF:C6:2A:20:E2:A6:E2:C2:8F:C2:83:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzKcs6vk6UDPxiog4qbiwo_Cgyk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/OZOU13jxcHSCna7NVq8NZj7z7Z4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/dd394b-6bc4-4e47-b012-518f2c8f846b/1/IzKcs6vk6UDPxiog4qbiwo_Cgyk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:8f:80:ff:39:33:6b:ae:a3:70:60:93:2a:63:88:f9:98:d1:
         7d:ff:80:1e:b7:81:c9:51:db:50:77:62:61:f8:55:58:a1:22:
         77:ef:0b:15:bf:21:49:75:87:fd:35:54:32:a6:dc:64:69:a3:
         42:8c:2f:77:cd:7f:f8:ed:9e:2b:43:11:12:bf:d7:b6:33:35:
         79:fb:af:33:00:f8:b7:5d:be:db:aa:36:1e:60:ee:f5:69:3c:
         ec:bb:f4:2f:7f:5b:35:75:22:bd:84:45:09:39:98:c1:51:10:
         c3:7c:62:a0:f8:74:7f:32:ef:30:99:5e:24:97:7e:d6:db:7f:
         9c:e2:48:d7:1f:e7:23:69:07:c1:81:11:0d:b0:b8:81:fa:5a:
         6a:cf:c0:84:34:bf:1d:ac:7b:a9:91:58:ad:2c:3c:1e:11:68:
         fe:ab:0d:ca:c9:46:e6:58:23:49:e0:af:d2:85:37:b3:6e:0c:
         e6:02:e7:2c:e7:7e:d8:f8:91:6d:78:1f:bb:ac:58:e2:1e:d8:
         ed:84:77:54:0b:c6:3c:33:d9:cf:89:66:03:eb:9d:2a:40:7c:
         de:25:61:13:5f:85:44:3a:71:c5:27:cc:21:eb:1b:33:fd:ca:
         9c:af:f3:d0:e7:51:3a:e8:03:20:ae:87:02:77:8f:3a:f4:ef:
         36:53:19:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY52qTdSbXmpCwVhG6HNIVg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzI5Y2IzYWJlNGU5NDBjZmM2MmEyMGUyYTZlMmMyOGZj
MjgzMjkwHhcNMjQwMzI1MTcyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTkzOTRkNzc4ZjE3MDc0ODI5ZGFlY2Q1NmFmMGQ2NjNlZjNlZDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg6AxT5f5euKjwGwKrUA+iAwrbhDy
GJWLhpP/C5fiMUhhDQ1qx7zbc6Cn63COcqTjm1y1/5DyeM7CniKSPZgJvXc9FeNL
otwvzENe2prIbrw1nGd9sVG+W6SS3WKSsFwBkW1FwFLJlrWBBqHASxCGtdEvPvv0
OVQjTOlvjeImWgHswcZH0FcqnegB6tX9WqJ6A1ao8w2Gv1xQdZhVeNRJnu1Xl58f
SQDBcFvqBngzomKRen1jZ+NY124IobC0z5gwAs4v6m//ZzixMbJb6Dw449SAoTc+
78KqaemUpo23QwHEsHy5x45D02tDd4HcTWamwZp7hXqx4BAVr3hMvkzCuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDmTlNd48XB0gp2uzVavDWY+8+2eMB8GA1UdIwQY
MBaAFCMynLOr5OlAz8YqIOKm4sKPwoMpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTIt
NTE4ZjJjOGY4NDZiLzEvT1pPVTEzanhjSFNDbmE3TlZxOE5aajd6N1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS9kZDM5NGItNmJjNC00ZTQ3LWIwMTItNTE4ZjJjOGY4NDZi
LzEvSXpLY3M2dms2VURQeGlvZzRxYml3b19DZ3lrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ8pMA0G
CSqGSIb3DQEBCwUAA4IBAQBMj4D/OTNrrqNwYJMqY4j5mNF9/4Aet4HJUdtQd2Jh
+FVYoSJ37wsVvyFJdYf9NVQyptxkaaNCjC93zX/47Z4rQxESv9e2MzV5+68zAPi3
Xb7bqjYeYO71aTzsu/Qvf1s1dSK9hEUJOZjBURDDfGKg+HR/Mu8wmV4kl37W23+c
4kjXH+cjaQfBgRENsLiB+lpqz8CENL8drHupkVitLDweEWj+qw3KyUbmWCNJ4K/S
hTezbgzmAucs537Y+JFteB+7rFjiHtjthHdUC8Y8M9nPiWYD650qQHzeJWETX4VE
OnHFJ8wh6xsz/cqcr/PQ51E66AMgrocCd4869O82UxmI
-----END CERTIFICATE-----