Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/D76WmVw5CmMUsHPLikHd5681Osw.roa
File:                     D76WmVw5CmMUsHPLikHd5681Osw.roa (raw, json)
Hash identifier:          cf+3/dFbYcgwY+cgaXGwBNk41hQDfFv1c//pj0apPCc=
Subject key identifier:   0F:BE:96:99:5C:39:0A:63:14:B0:73:CB:8A:41:DD:E7:AF:35:3A:CC
Certificate issuer:       /CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
Certificate serial:       018CC56E5DCFA61C0FF155062098E8CB0762
Authority key identifier: B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/D76WmVw5CmMUsHPLikHd5681Osw.roa
Signing time:             Mon 01 Jan 2024 14:29:53 +0000
ROA not before:           Mon 01 Jan 2024 14:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        91.241.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5d:cf:a6:1c:0f:f1:55:06:20:98:e8:cb:07:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b3d66297c5cdbd36d86849ddeae7985979f450ca
        Validity
            Not Before: Jan  1 14:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fbe96995c390a6314b073cb8a41dde7af353acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:b9:5f:5f:7a:7b:c6:01:5d:28:1a:9f:0c:90:
                    df:f1:58:79:e9:2f:21:00:af:1b:79:d7:31:6d:65:
                    e7:4b:2c:07:7c:0f:08:76:3a:81:7d:35:97:04:c5:
                    ac:72:d0:3a:1d:c3:1a:62:a4:c5:66:0d:02:ca:99:
                    77:f8:36:ab:da:20:f0:85:92:91:62:50:60:57:15:
                    a6:b5:4b:2a:bc:15:82:4c:a8:50:b7:6f:13:07:d2:
                    13:c2:4e:7a:75:4e:6a:14:e3:ec:67:6d:b2:30:c0:
                    17:0a:89:26:cc:a3:13:94:57:68:b1:ea:ed:1e:34:
                    01:16:eb:b0:b1:fb:35:d8:cf:5d:be:95:ec:c2:4a:
                    21:b6:89:f6:f1:45:af:0d:c5:68:36:3b:b5:cd:c6:
                    d3:30:ac:9d:b2:b8:3c:bf:29:0e:01:f0:24:65:b6:
                    71:27:ec:29:15:d9:63:d6:11:e1:c8:a0:32:92:1c:
                    22:4e:39:51:81:12:c1:9c:6f:76:98:e7:23:e6:f1:
                    ae:59:2c:de:68:6c:ce:fc:cd:6c:6f:9e:2c:10:96:
                    45:ae:67:91:56:77:20:11:92:78:75:6e:b2:d6:9d:
                    c1:6c:08:7d:9e:4e:bf:0c:89:7e:a2:c9:2e:db:a0:
                    5c:89:c1:7a:69:c5:5b:c6:be:b8:ae:5a:61:48:31:
                    85:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:BE:96:99:5C:39:0A:63:14:B0:73:CB:8A:41:DD:E7:AF:35:3A:CC
            X509v3 Authority Key Identifier:
                keyid:B3:D6:62:97:C5:CD:BD:36:D8:68:49:DD:EA:E7:98:59:79:F4:50:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s9Zil8XNvTbYaEnd6ueYWXn0UMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/D76WmVw5CmMUsHPLikHd5681Osw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/92c1cf-5a22-453c-907f-eb1f8715eec0/1/s9Zil8XNvTbYaEnd6ueYWXn0UMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.241.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:48:0c:a8:b1:c0:95:34:a6:b8:d5:23:5d:58:a2:b8:af:20:
         df:4e:54:63:95:84:27:8b:4f:95:d4:f1:c8:fc:78:2f:f3:91:
         37:1d:b6:2d:82:b1:00:7d:0c:b8:f9:01:ff:8b:71:bf:10:ea:
         d8:6f:fd:63:51:8b:72:83:24:e4:bf:55:7c:67:b2:26:60:ff:
         5d:0d:8e:d6:3d:da:46:c4:78:6b:89:4b:43:82:55:4c:ec:ba:
         c5:e1:96:28:42:c0:14:4e:29:4a:da:06:9e:32:d3:a1:ad:2d:
         7d:c4:9f:e5:6a:8f:3d:3d:81:e6:a7:e5:e9:b6:a1:c3:bf:1c:
         2f:cf:90:3a:10:ca:d7:91:ae:b8:77:e6:49:10:01:d1:c8:ff:
         71:03:3b:e2:53:8e:c2:3b:05:73:cf:90:df:20:f0:bd:22:83:
         41:96:90:b6:8a:08:32:73:95:83:4f:8f:32:51:b5:c1:55:c9:
         d5:02:2a:53:c2:62:4e:8d:a4:28:c4:4e:48:17:eb:04:57:1d:
         fb:80:11:0b:72:19:d6:40:29:de:55:8e:d4:e8:1f:a9:29:02:
         34:97:37:2c:26:5c:b2:46:f7:9c:fe:de:e3:84:95:42:81:07:
         72:de:5a:d3:71:1a:04:a0:c9:24:d5:3f:eb:27:11:17:d7:a1:
         01:f0:ae:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbl3PphwP8VUGIJjoywdiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzZDY2Mjk3YzVjZGJkMzZkODY4NDlkZGVhZTc5ODU5Nzlm
NDUwY2EwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmJlOTY5OTVjMzkwYTYzMTRiMDczY2I4YTQxZGRlN2FmMzUzYWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrlfX3p7xgFdKBqfDJDf8Vh56S8h
AK8bedcxbWXnSywHfA8IdjqBfTWXBMWsctA6HcMaYqTFZg0Cypl3+Dar2iDwhZKR
YlBgVxWmtUsqvBWCTKhQt28TB9ITwk56dU5qFOPsZ22yMMAXCokmzKMTlFdosert
HjQBFuuwsfs12M9dvpXswkohton28UWvDcVoNju1zcbTMKydsrg8vykOAfAkZbZx
J+wpFdlj1hHhyKAykhwiTjlRgRLBnG92mOcj5vGuWSzeaGzO/M1sb54sEJZFrmeR
VncgEZJ4dW6y1p3BbAh9nk6/DIl+osku26BcicF6acVbxr64rlphSDGFCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA++lplcOQpjFLBzy4pB3eevNTrMMB8GA1UdIwQY
MBaAFLPWYpfFzb022GhJ3ernmFl59FDKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2Yt
ZWIxZjg3MTVlZWMwLzEvRDc2V21WdzVDbU1Vc0hQTGlrSGQ1NjgxT3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS85MmMxY2YtNWEyMi00NTNjLTkwN2YtZWIxZjg3MTVlZWMw
LzEvczlaaWw4WE52VGJZYUVuZDZ1ZVlXWG4wVU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/EPMA0G
CSqGSIb3DQEBCwUAA4IBAQBUSAyoscCVNKa41SNdWKK4ryDfTlRjlYQni0+V1PHI
/Hgv85E3HbYtgrEAfQy4+QH/i3G/EOrYb/1jUYtygyTkv1V8Z7ImYP9dDY7WPdpG
xHhriUtDglVM7LrF4ZYoQsAUTilK2gaeMtOhrS19xJ/lao89PYHmp+XptqHDvxwv
z5A6EMrXka64d+ZJEAHRyP9xAzviU47COwVzz5DfIPC9IoNBlpC2iggyc5WDT48y
UbXBVcnVAipTwmJOjaQoxE5IF+sEVx37gBELchnWQCneVY7U6B+pKQI0lzcsJlyy
Rvec/t7jhJVCgQdy3lrTcRoEoMkk1T/rJxEX16EB8K7Q
-----END CERTIFICATE-----