Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/417ab2-fcb3-405d-a0c8-5325a5200ba9/1/R15_h8RnWLAtbNM4wEJ057X6za8.roa
File:                     R15_h8RnWLAtbNM4wEJ057X6za8.roa (raw, json)
Hash identifier:          W+915Zi687CRZKPQ5U00crOZq/qMs5OMDP75Hi0iKGg=
Subject key identifier:   47:5E:7F:87:C4:67:58:B0:2D:6C:D3:38:C0:42:74:E7:B5:FA:CD:AF
Certificate issuer:       /CN=1cacb77e20b78147d47f8394294f117b5c84ef5e
Certificate serial:       018CC6B7AF574BBFF79834579EE15F762DC9
Authority key identifier: 1C:AC:B7:7E:20:B7:81:47:D4:7F:83:94:29:4F:11:7B:5C:84:EF:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HKy3fiC3gUfUf4OUKU8Re1yE714.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/417ab2-fcb3-405d-a0c8-5325a5200ba9/1/R15_h8RnWLAtbNM4wEJ057X6za8.roa
Signing time:             Mon 01 Jan 2024 20:29:35 +0000
ROA not before:           Mon 01 Jan 2024 20:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211848
IP address blocks:        91.239.117.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/417ab2-fcb3-405d-a0c8-5325a5200ba9/1/HKy3fiC3gUfUf4OUKU8Re1yE714.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/417ab2-fcb3-405d-a0c8-5325a5200ba9/1/HKy3fiC3gUfUf4OUKU8Re1yE714.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HKy3fiC3gUfUf4OUKU8Re1yE714.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 01:03:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:af:57:4b:bf:f7:98:34:57:9e:e1:5f:76:2d:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cacb77e20b78147d47f8394294f117b5c84ef5e
        Validity
            Not Before: Jan  1 20:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=475e7f87c46758b02d6cd338c04274e7b5facdaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:cc:bf:a4:ac:c8:d4:5a:68:22:fd:0a:83:f0:
                    58:6e:61:b3:43:5f:7b:65:95:00:ee:62:dc:fc:b3:
                    c9:d9:59:93:0f:ca:09:c5:17:9a:4a:50:24:e5:76:
                    83:77:24:dd:de:e3:3f:aa:2d:9b:55:2e:59:31:b2:
                    dd:d2:59:04:80:d5:52:2a:1e:0b:f7:62:09:3f:91:
                    1e:0c:ad:7e:96:f5:69:bb:f2:ad:54:fc:5b:fc:a7:
                    22:1a:1d:10:14:bf:d8:ed:c6:26:f4:44:3f:d6:b1:
                    dc:cb:1d:c4:3a:81:41:f5:a0:fd:56:e1:86:90:0c:
                    f7:e3:25:2b:a1:6a:3d:dc:be:9c:51:7d:a5:8c:e1:
                    cc:fd:92:ae:26:03:aa:94:f1:e7:65:a5:07:e6:1e:
                    7c:ef:ca:79:f0:c0:9f:5c:00:22:86:f6:0c:5f:7b:
                    25:d9:4a:4e:5e:cf:af:20:49:50:6f:d3:8d:0f:d8:
                    b2:ce:31:b5:d6:f4:3b:33:63:00:8f:91:f6:79:31:
                    a7:59:b4:13:e3:f0:11:be:4d:af:78:71:e3:61:f7:
                    51:14:87:eb:ad:a7:1c:3c:fb:f2:57:3c:ce:74:d9:
                    51:15:8d:6a:2c:46:b3:df:33:09:60:26:a6:31:1d:
                    28:cb:67:a8:a1:41:bc:4f:d0:8f:e5:59:24:4b:36:
                    07:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:5E:7F:87:C4:67:58:B0:2D:6C:D3:38:C0:42:74:E7:B5:FA:CD:AF
            X509v3 Authority Key Identifier:
                keyid:1C:AC:B7:7E:20:B7:81:47:D4:7F:83:94:29:4F:11:7B:5C:84:EF:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HKy3fiC3gUfUf4OUKU8Re1yE714.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/417ab2-fcb3-405d-a0c8-5325a5200ba9/1/R15_h8RnWLAtbNM4wEJ057X6za8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/417ab2-fcb3-405d-a0c8-5325a5200ba9/1/HKy3fiC3gUfUf4OUKU8Re1yE714.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:00:b4:81:df:27:b0:7f:3f:e2:7c:46:23:b2:60:cb:23:d5:
         34:28:5d:17:2c:8c:c5:2c:da:3c:72:e6:15:ae:1e:68:35:c2:
         e4:25:fa:ed:b5:7f:a3:66:ab:22:38:ba:18:91:ae:ec:3a:da:
         51:2f:32:4a:3c:5e:25:12:de:32:89:5a:33:e6:d4:8e:41:7f:
         14:14:d8:85:40:03:fb:27:28:8e:22:90:00:aa:5f:19:d2:a9:
         ce:22:60:4a:66:4d:c4:bd:5c:3c:a1:05:b8:6e:d0:c6:6d:0e:
         3b:5d:d1:23:ab:d9:80:39:79:0b:f4:77:36:b6:42:a4:2a:1c:
         db:38:5f:6b:72:ba:d2:b2:d5:10:96:e0:bf:06:20:8a:f6:c8:
         cb:9e:42:a4:0b:f3:49:ef:4d:40:9b:a3:98:97:61:d2:ee:d3:
         f6:d6:45:e8:f9:15:82:9b:6b:45:97:0c:7d:ef:12:da:47:55:
         41:96:ef:13:12:4a:b1:eb:2a:c0:f3:28:f6:3d:28:a5:ff:78:
         51:61:45:0f:c8:e9:4f:c6:03:de:b2:1c:91:35:b1:1c:66:3e:
         ed:c1:ab:49:8c:26:23:02:bf:66:37:4b:ca:db:f3:e7:cb:31:
         e8:53:7f:39:05:d1:3e:6b:84:e6:88:3d:76:14:67:1f:c0:f9:
         7e:d0:f5:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt69XS7/3mDRXnuFfdi3JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjYWNiNzdlMjBiNzgxNDdkNDdmODM5NDI5NGYxMTdiNWM4
NGVmNWUwHhcNMjQwMTAxMjAyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzVlN2Y4N2M0Njc1OGIwMmQ2Y2QzMzhjMDQyNzRlN2I1ZmFjZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn8y/pKzI1FpoIv0Kg/BYbmGzQ197
ZZUA7mLc/LPJ2VmTD8oJxReaSlAk5XaDdyTd3uM/qi2bVS5ZMbLd0lkEgNVSKh4L
92IJP5EeDK1+lvVpu/KtVPxb/KciGh0QFL/Y7cYm9EQ/1rHcyx3EOoFB9aD9VuGG
kAz34yUroWo93L6cUX2ljOHM/ZKuJgOqlPHnZaUH5h5878p58MCfXAAihvYMX3sl
2UpOXs+vIElQb9OND9iyzjG11vQ7M2MAj5H2eTGnWbQT4/ARvk2veHHjYfdRFIfr
raccPPvyVzzOdNlRFY1qLEaz3zMJYCamMR0oy2eooUG8T9CP5VkkSzYHywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdef4fEZ1iwLWzTOMBCdOe1+s2vMB8GA1UdIwQY
MBaAFByst34gt4FH1H+DlClPEXtchO9eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEt5M2ZpQzNnVWZVZjRPVUtVOFJlMXlFNzE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy80MTdhYjItZmNiMy00MDVkLWEwYzgt
NTMyNWE1MjAwYmE5LzEvUjE1X2g4Um5XTEF0Yk5NNHdFSjA1N1g2emE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy80MTdhYjItZmNiMy00MDVkLWEwYzgtNTMyNWE1MjAwYmE5
LzEvSEt5M2ZpQzNnVWZVZjRPVUtVOFJlMXlFNzE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+91MA0G
CSqGSIb3DQEBCwUAA4IBAQADALSB3yewfz/ifEYjsmDLI9U0KF0XLIzFLNo8cuYV
rh5oNcLkJfrttX+jZqsiOLoYka7sOtpRLzJKPF4lEt4yiVoz5tSOQX8UFNiFQAP7
JyiOIpAAql8Z0qnOImBKZk3EvVw8oQW4btDGbQ47XdEjq9mAOXkL9Hc2tkKkKhzb
OF9rcrrSstUQluC/BiCK9sjLnkKkC/NJ701Am6OYl2HS7tP21kXo+RWCm2tFlwx9
7xLaR1VBlu8TEkqx6yrA8yj2PSil/3hRYUUPyOlPxgPeshyRNbEcZj7twatJjCYj
Ar9mN0vK2/PnyzHoU385BdE+a4TmiD12FGcfwPl+0PUk
-----END CERTIFICATE-----