Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/b8a9e7-9450-436c-bf90-8e90466bad38/1/D7mucRvSmVl5Mip-HbvrhYgOXA8.roa
File:                     D7mucRvSmVl5Mip-HbvrhYgOXA8.roa (raw, json)
Hash identifier:          XB8SNCKgCB4SyzwYqUPew/0H8EtN9270D6CJ2i0DJiA=
Subject key identifier:   0F:B9:AE:71:1B:D2:99:59:79:32:2A:7E:1D:BB:EB:85:88:0E:5C:0F
Certificate issuer:       /CN=54a14be619755eeeeb91fe2f62a1d4ee07861496
Certificate serial:       018CC492F37996CB151722BF9594BEAFAB4D
Authority key identifier: 54:A1:4B:E6:19:75:5E:EE:EB:91:FE:2F:62:A1:D4:EE:07:86:14:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VKFL5hl1Xu7rkf4vYqHU7geGFJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/b8a9e7-9450-436c-bf90-8e90466bad38/1/D7mucRvSmVl5Mip-HbvrhYgOXA8.roa
Signing time:             Mon 01 Jan 2024 10:30:14 +0000
ROA not before:           Mon 01 Jan 2024 10:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48167
IP address blocks:        91.209.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/b8a9e7-9450-436c-bf90-8e90466bad38/1/VKFL5hl1Xu7rkf4vYqHU7geGFJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/b8a9e7-9450-436c-bf90-8e90466bad38/1/VKFL5hl1Xu7rkf4vYqHU7geGFJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VKFL5hl1Xu7rkf4vYqHU7geGFJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:f3:79:96:cb:15:17:22:bf:95:94:be:af:ab:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=54a14be619755eeeeb91fe2f62a1d4ee07861496
        Validity
            Not Before: Jan  1 10:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fb9ae711bd2995979322a7e1dbbeb85880e5c0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:8c:06:d5:89:04:0f:09:00:98:4c:1c:42:be:
                    49:9d:2f:3d:5e:94:92:55:c0:6c:f9:4a:75:9a:7a:
                    e6:ce:90:e2:03:8a:a4:1e:a7:61:37:78:52:9a:19:
                    33:f5:1b:2f:3b:b0:d0:b8:a0:33:27:d4:2c:43:0a:
                    f0:35:26:4e:21:2d:23:0f:90:72:9b:58:05:a3:40:
                    f4:89:96:f1:70:20:e3:fe:8b:5b:2a:98:32:eb:93:
                    85:e6:fa:a3:9a:48:96:33:df:1e:01:26:b4:c6:fa:
                    43:8b:89:a4:04:0e:34:c0:92:bc:2b:fa:f2:b7:28:
                    94:1d:0f:0e:f3:8f:34:d1:04:a6:60:23:54:84:f4:
                    97:2d:e8:17:d2:bc:30:df:79:0b:df:69:db:51:de:
                    af:ce:66:7c:8a:1a:86:ac:51:84:61:57:e5:f5:2d:
                    2a:3d:e0:fa:6d:01:47:59:55:e9:da:1f:40:cf:73:
                    9f:21:59:a9:c6:9d:17:46:7f:77:31:2e:38:3c:18:
                    73:f4:54:99:f5:af:ed:1a:11:38:54:f7:35:68:52:
                    71:15:5a:fc:b6:93:69:20:5a:be:0f:5d:7f:fa:ea:
                    63:30:fc:00:57:ca:cd:fc:67:83:24:a2:6f:cf:77:
                    b9:d8:f9:57:3a:db:71:31:07:8c:dc:58:ac:5a:ca:
                    08:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:B9:AE:71:1B:D2:99:59:79:32:2A:7E:1D:BB:EB:85:88:0E:5C:0F
            X509v3 Authority Key Identifier:
                keyid:54:A1:4B:E6:19:75:5E:EE:EB:91:FE:2F:62:A1:D4:EE:07:86:14:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VKFL5hl1Xu7rkf4vYqHU7geGFJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/b8a9e7-9450-436c-bf90-8e90466bad38/1/D7mucRvSmVl5Mip-HbvrhYgOXA8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/b8a9e7-9450-436c-bf90-8e90466bad38/1/VKFL5hl1Xu7rkf4vYqHU7geGFJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:f2:a6:99:f0:34:a8:2b:36:67:e0:66:27:6f:44:f7:9b:26:
         39:a6:2b:ff:e4:b2:10:5d:ef:3f:be:7f:cd:b7:5a:83:31:37:
         72:c7:0c:01:d7:b5:45:e5:c7:d9:af:1e:f9:a9:e6:6b:83:fd:
         f3:db:18:cf:c7:83:95:26:2a:14:1b:27:59:77:0f:bc:20:f5:
         0d:8f:5d:00:a3:d0:50:67:6c:5e:6f:46:21:22:93:d3:fe:a8:
         fb:70:bc:ca:4a:e4:f3:53:7f:38:01:f0:7c:aa:00:4e:43:73:
         ca:66:bf:85:ab:8c:44:59:a6:26:d4:f6:31:e1:df:89:4f:93:
         dc:66:f6:f1:04:97:9d:4c:e4:05:79:c1:f1:3c:ac:71:3c:be:
         09:50:0b:41:7a:1a:ff:90:ad:22:71:c4:50:6b:c2:41:2d:b0:
         d7:32:c2:5d:61:44:a8:e2:75:f8:7c:73:c6:f5:a9:ea:9a:26:
         21:ea:9b:04:e4:dc:8f:28:39:9b:ec:37:a3:6b:28:01:8e:26:
         81:e9:a9:b3:52:e0:da:c7:c7:fc:8e:06:ac:c5:43:26:ee:fe:
         34:ea:fb:ef:c1:8a:72:02:4d:32:41:f3:e6:f8:ce:b5:02:62:
         8f:47:29:0e:89:98:84:ae:6c:7c:48:65:9d:66:7a:71:e7:b4:
         97:57:ac:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkvN5lssVFyK/lZS+r6tNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0YTE0YmU2MTk3NTVlZWVlYjkxZmUyZjYyYTFkNGVlMDc4
NjE0OTYwHhcNMjQwMTAxMTAzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmI5YWU3MTFiZDI5OTU5NzkzMjJhN2UxZGJiZWI4NTg4MGU1YzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YwG1YkEDwkAmEwcQr5JnS89XpSS
VcBs+Up1mnrmzpDiA4qkHqdhN3hSmhkz9RsvO7DQuKAzJ9QsQwrwNSZOIS0jD5By
m1gFo0D0iZbxcCDj/otbKpgy65OF5vqjmkiWM98eASa0xvpDi4mkBA40wJK8K/ry
tyiUHQ8O84800QSmYCNUhPSXLegX0rww33kL32nbUd6vzmZ8ihqGrFGEYVfl9S0q
PeD6bQFHWVXp2h9Az3OfIVmpxp0XRn93MS44PBhz9FSZ9a/tGhE4VPc1aFJxFVr8
tpNpIFq+D11/+upjMPwAV8rN/GeDJKJvz3e52PlXOttxMQeM3FisWsoIlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA+5rnEb0plZeTIqfh2764WIDlwPMB8GA1UdIwQY
MBaAFFShS+YZdV7u65H+L2Kh1O4HhhSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVktGTDVobDFYdTdya2Y0dllxSFU3Z2VHRkpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy9iOGE5ZTctOTQ1MC00MzZjLWJmOTAt
OGU5MDQ2NmJhZDM4LzEvRDdtdWNSdlNtVmw1TWlwLUhidnJoWWdPWEE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy9iOGE5ZTctOTQ1MC00MzZjLWJmOTAtOGU5MDQ2NmJhZDM4
LzEvVktGTDVobDFYdTdya2Y0dllxSFU3Z2VHRkpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9EtMA0G
CSqGSIb3DQEBCwUAA4IBAQBh8qaZ8DSoKzZn4GYnb0T3myY5piv/5LIQXe8/vn/N
t1qDMTdyxwwB17VF5cfZrx75qeZrg/3z2xjPx4OVJioUGydZdw+8IPUNj10Ao9BQ
Z2xeb0YhIpPT/qj7cLzKSuTzU384AfB8qgBOQ3PKZr+Fq4xEWaYm1PYx4d+JT5Pc
ZvbxBJedTOQFecHxPKxxPL4JUAtBehr/kK0iccRQa8JBLbDXMsJdYUSo4nX4fHPG
9anqmiYh6psE5NyPKDmb7DejaygBjiaB6amzUuDax8f8jgasxUMm7v406vvvwYpy
Ak0yQfPm+M61AmKPRykOiZiErmx8SGWdZnpx57SXV6xI
-----END CERTIFICATE-----