Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/PXcHl394Lz2LuCoP9mPe8uXptVU.roa
File:                     PXcHl394Lz2LuCoP9mPe8uXptVU.roa (raw, json)
Hash identifier:          eMho7HriTNqrB6RBk1+Vl2ymF2pxG1eI9Bm2cPV08RE=
Subject key identifier:   3D:77:07:97:7F:78:2F:3D:8B:B8:2A:0F:F6:63:DE:F2:E5:E9:B5:55
Certificate issuer:       /CN=41fc55ee2488fb9401c4b668abac54110ebb8092
Certificate serial:       018E7EB2696B7FF7B0A637106AE9E09DBC8B
Authority key identifier: 41:FC:55:EE:24:88:FB:94:01:C4:B6:68:AB:AC:54:11:0E:BB:80:92
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/PXcHl394Lz2LuCoP9mPe8uXptVU.roa
Signing time:             Wed 27 Mar 2024 06:56:45 +0000
ROA not before:           Wed 27 Mar 2024 06:56:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198949
IP address blocks:        91.227.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 15:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7e:b2:69:6b:7f:f7:b0:a6:37:10:6a:e9:e0:9d:bc:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41fc55ee2488fb9401c4b668abac54110ebb8092
        Validity
            Not Before: Mar 27 06:56:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3d7707977f782f3d8bb82a0ff663def2e5e9b555
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:20:4a:2c:4a:e4:78:c1:94:77:da:bb:08:b7:
                    56:03:da:15:20:40:d5:63:de:59:63:ca:24:a8:55:
                    63:4b:c1:11:b2:da:dc:c2:7d:57:63:6f:86:d0:1a:
                    27:ab:2d:39:9a:01:44:e5:16:57:02:ba:21:2a:0c:
                    b1:63:4f:56:49:ee:ef:13:ac:2e:69:24:1c:6f:77:
                    63:96:f5:2b:c3:36:8f:cf:d7:ca:93:93:79:46:51:
                    3a:4e:1c:25:67:80:85:56:2c:ea:ea:49:22:64:5d:
                    5b:59:ec:e7:99:26:52:fb:41:d5:28:e7:65:dd:cf:
                    b1:83:57:46:de:48:8c:26:8e:3d:0a:db:7c:2c:a8:
                    98:a4:7e:e1:61:9b:35:f4:8f:91:78:66:e1:17:95:
                    d3:fe:a1:01:f6:da:67:f9:24:7a:dc:4f:c7:b2:cb:
                    0a:a8:26:2e:9a:d1:65:ea:c8:06:a9:29:74:ba:36:
                    56:8f:98:6f:2e:76:89:a6:76:87:f8:39:fe:df:48:
                    33:29:59:37:43:96:5f:77:c6:c7:01:19:39:26:5f:
                    69:bd:68:85:24:6b:82:ac:b9:fa:7d:1a:3a:4c:b6:
                    81:ee:0c:f2:ea:36:6a:98:10:15:29:4d:b4:df:aa:
                    6e:48:88:bf:3d:b7:2b:4f:b0:12:8e:9a:68:b2:8e:
                    ff:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:77:07:97:7F:78:2F:3D:8B:B8:2A:0F:F6:63:DE:F2:E5:E9:B5:55
            X509v3 Authority Key Identifier:
                keyid:41:FC:55:EE:24:88:FB:94:01:C4:B6:68:AB:AC:54:11:0E:BB:80:92

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QfxV7iSI-5QBxLZoq6xUEQ67gJI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/PXcHl394Lz2LuCoP9mPe8uXptVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/aa3661-deb3-45a4-8693-3881a8b827ac/1/QfxV7iSI-5QBxLZoq6xUEQ67gJI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.227.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:86:b9:81:4b:d5:e8:3f:d0:4a:65:bc:ba:a5:c4:fd:0b:6d:
         8c:b6:ef:82:aa:ff:26:70:e9:f0:ab:81:72:87:e0:2b:5d:82:
         b5:bd:4d:14:a8:04:7d:81:39:0a:b9:f6:59:5c:75:03:47:13:
         00:30:a0:7c:62:47:52:01:ef:8e:6e:6e:15:0f:13:05:e9:09:
         56:81:5d:f6:85:d3:08:6a:97:6d:ad:de:6b:b6:b1:c0:fe:ed:
         62:2b:28:a6:ff:f7:03:80:2d:b1:25:3d:6a:04:26:1d:5a:02:
         29:2d:0a:86:b8:cf:84:b0:4f:ed:ac:cd:83:19:0f:9a:db:5c:
         0e:23:0b:7b:22:35:19:9f:4d:2d:4a:16:75:dd:fb:0c:41:8f:
         23:de:61:0d:b9:c2:a5:ff:90:7f:78:a3:59:2b:23:4f:41:ba:
         af:2c:0f:4b:0d:c0:ec:0b:f1:c5:7d:b0:96:ee:78:f3:e1:35:
         db:51:0f:45:cd:60:eb:d8:72:65:11:bc:4d:9d:12:7b:fd:a2:
         84:86:f9:9c:fd:8d:c3:d0:f2:ab:e8:ab:70:d8:18:b8:79:90:
         5f:b4:a1:e7:d6:5d:37:77:8e:ea:0e:34:64:3a:4b:c4:79:29:
         21:68:e5:4a:7c:1c:f6:05:0e:0d:5a:0b:ff:80:10:b2:24:f2:
         23:ee:18:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5+smlrf/ewpjcQaungnbyLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZmM1NWVlMjQ4OGZiOTQwMWM0YjY2OGFiYWM1NDExMGVi
YjgwOTIwHhcNMjQwMzI3MDY1NjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDc3MDc5NzdmNzgyZjNkOGJiODJhMGZmNjYzZGVmMmU1ZTliNTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCBKLErkeMGUd9q7CLdWA9oVIEDV
Y95ZY8okqFVjS8ERstrcwn1XY2+G0Bonqy05mgFE5RZXArohKgyxY09WSe7vE6wu
aSQcb3djlvUrwzaPz9fKk5N5RlE6ThwlZ4CFVizq6kkiZF1bWeznmSZS+0HVKOdl
3c+xg1dG3kiMJo49Ctt8LKiYpH7hYZs19I+ReGbhF5XT/qEB9tpn+SR63E/HsssK
qCYumtFl6sgGqSl0ujZWj5hvLnaJpnaH+Dn+30gzKVk3Q5Zfd8bHARk5Jl9pvWiF
JGuCrLn6fRo6TLaB7gzy6jZqmBAVKU2036puSIi/PbcrT7ASjpposo7/VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD13B5d/eC89i7gqD/Zj3vLl6bVVMB8GA1UdIwQY
MBaAFEH8Ve4kiPuUAcS2aKusVBEOu4CSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWZ4VjdpU0ktNVFCeExab3E2eFVFUTY3Z0pJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9hYTM2NjEtZGViMy00NWE0LTg2OTMt
Mzg4MWE4YjgyN2FjLzEvUFhjSGwzOTRMejJMdUNvUDltUGU4dVhwdFZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9hYTM2NjEtZGViMy00NWE0LTg2OTMtMzg4MWE4YjgyN2Fj
LzEvUWZ4VjdpU0ktNVFCeExab3E2eFVFUTY3Z0pJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+O7MA0G
CSqGSIb3DQEBCwUAA4IBAQAFhrmBS9XoP9BKZby6pcT9C22Mtu+Cqv8mcOnwq4Fy
h+ArXYK1vU0UqAR9gTkKufZZXHUDRxMAMKB8YkdSAe+Obm4VDxMF6QlWgV32hdMI
apdtrd5rtrHA/u1iKyim//cDgC2xJT1qBCYdWgIpLQqGuM+EsE/trM2DGQ+a21wO
Iwt7IjUZn00tShZ13fsMQY8j3mENucKl/5B/eKNZKyNPQbqvLA9LDcDsC/HFfbCW
7njz4TXbUQ9FzWDr2HJlEbxNnRJ7/aKEhvmc/Y3D0PKr6Ktw2Bi4eZBftKHn1l03
d47qDjRkOkvEeSkhaOVKfBz2BQ4NWgv/gBCyJPIj7hgC
-----END CERTIFICATE-----