Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/1hWhwV1bkQXOfj3OnDWt5Cct3l8.roa
File:                     1hWhwV1bkQXOfj3OnDWt5Cct3l8.roa (raw, json)
Hash identifier:          FkflQtFXJGqugy6N4yAFxxXdi7OXFFhHDID7LIfhbh8=
Subject key identifier:   D6:15:A1:C1:5D:5B:91:05:CE:7E:3D:CE:9C:35:AD:E4:27:2D:DE:5F
Certificate issuer:       /CN=cd4065967dec092b5fc90152e4a95339ba1d2289
Certificate serial:       018CC86FCB43264D803F5F6FAB3E5EB291D5
Authority key identifier: CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/1hWhwV1bkQXOfj3OnDWt5Cct3l8.roa
Signing time:             Tue 02 Jan 2024 04:30:18 +0000
ROA not before:           Tue 02 Jan 2024 04:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.144.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:04:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:cb:43:26:4d:80:3f:5f:6f:ab:3e:5e:b2:91:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd4065967dec092b5fc90152e4a95339ba1d2289
        Validity
            Not Before: Jan  2 04:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d615a1c15d5b9105ce7e3dce9c35ade4272dde5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:69:89:ef:37:74:d5:dc:84:b5:16:5d:24:f6:
                    6c:d4:95:62:be:51:96:20:98:a3:bd:3d:1d:1e:f9:
                    af:dd:41:7d:d7:a1:ac:d9:4e:ed:43:71:b0:2a:df:
                    89:7b:80:94:50:81:c5:55:2c:1a:35:81:9b:75:aa:
                    7a:1c:90:2c:94:0b:81:cb:7d:b1:f1:e1:b5:53:4d:
                    c6:d8:e6:9b:a9:8f:97:0c:79:93:f5:73:35:0d:08:
                    63:6b:63:3d:2a:6a:bb:49:55:62:8f:d3:c1:30:b8:
                    fc:0e:0b:56:f8:c3:40:35:bc:ae:a9:e4:e7:9f:7f:
                    53:a0:78:a7:1b:ad:4b:9f:18:ab:43:7b:3b:fc:f4:
                    ca:a6:be:80:85:e8:a4:62:c0:16:eb:87:d3:35:82:
                    7b:f3:d3:dd:3d:89:e7:4c:09:bd:db:f6:eb:d3:63:
                    e5:85:48:d1:b7:83:3a:c8:e9:73:c2:ed:14:a4:fa:
                    2f:64:6a:c9:05:aa:a1:c9:64:97:a5:83:1f:39:49:
                    31:6d:9f:03:aa:b0:9d:29:cc:7c:55:ec:7d:62:fa:
                    cf:fd:b6:4f:23:ab:d8:7e:c8:d4:8e:be:16:35:c2:
                    66:c3:95:d0:28:6e:bf:ef:50:21:3b:83:82:ef:95:
                    27:43:9c:b7:db:d7:19:f6:df:a5:30:9c:16:ba:69:
                    28:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:15:A1:C1:5D:5B:91:05:CE:7E:3D:CE:9C:35:AD:E4:27:2D:DE:5F
            X509v3 Authority Key Identifier:
                keyid:CD:40:65:96:7D:EC:09:2B:5F:C9:01:52:E4:A9:53:39:BA:1D:22:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zUBlln3sCStfyQFS5KlTObodIok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/1hWhwV1bkQXOfj3OnDWt5Cct3l8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/944f2a-f673-42bf-9e3d-edcef7451ef4/1/zUBlln3sCStfyQFS5KlTObodIok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:8b:6f:1d:17:dc:29:86:a4:88:c7:30:37:60:50:2d:8c:9b:
         76:4b:2c:d3:f1:f0:e5:83:93:3b:58:1c:e3:78:03:3e:3e:71:
         9c:b4:ae:12:a2:2c:d1:7d:4d:69:aa:e6:90:2f:cf:02:01:f4:
         60:b8:4f:ea:ec:94:59:24:52:ed:ab:f3:ed:82:10:51:c5:90:
         05:49:90:0a:7d:74:4a:95:99:f8:25:ab:80:5d:e7:0e:64:8b:
         dc:db:f7:8a:3d:c7:cf:a9:11:6f:18:06:69:30:f5:cc:53:0e:
         de:0b:3b:81:fd:65:9b:fe:04:92:c1:6a:37:11:a6:09:90:1a:
         de:28:b7:ff:60:48:4c:c4:b0:48:76:e0:43:1a:63:87:21:4c:
         96:48:aa:bc:2d:dc:c4:71:57:e9:96:c5:04:4c:51:ce:c0:e8:
         3d:f6:5b:28:3d:15:4f:35:4c:e2:d2:41:0c:b6:13:5f:b5:ad:
         bd:10:8d:0f:b5:5c:47:7a:b0:70:5f:8e:1a:96:65:f7:75:10:
         b3:fe:0f:3e:cf:a7:b1:7f:ed:2a:5d:c7:0a:ae:7d:89:82:8f:
         d6:19:cd:a0:e0:0b:89:fa:7b:d6:e8:bf:e2:63:53:18:cc:83:
         c2:64:14:cd:72:af:bb:7b:c4:08:4c:c0:a5:7e:3d:4f:6d:6d:
         b9:97:4a:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb8tDJk2AP19vqz5espHVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNDA2NTk2N2RlYzA5MmI1ZmM5MDE1MmU0YTk1MzM5YmEx
ZDIyODkwHhcNMjQwMTAyMDQzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjE1YTFjMTVkNWI5MTA1Y2U3ZTNkY2U5YzM1YWRlNDI3MmRkZTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2mJ7zd01dyEtRZdJPZs1JVivlGW
IJijvT0dHvmv3UF916Gs2U7tQ3GwKt+Je4CUUIHFVSwaNYGbdap6HJAslAuBy32x
8eG1U03G2OabqY+XDHmT9XM1DQhja2M9Kmq7SVVij9PBMLj8DgtW+MNANbyuqeTn
n39ToHinG61LnxirQ3s7/PTKpr6AheikYsAW64fTNYJ789PdPYnnTAm92/br02Pl
hUjRt4M6yOlzwu0UpPovZGrJBaqhyWSXpYMfOUkxbZ8DqrCdKcx8Vex9YvrP/bZP
I6vYfsjUjr4WNcJmw5XQKG6/71AhO4OC75UnQ5y329cZ9t+lMJwWumkoVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNYVocFdW5EFzn49zpw1reQnLd5fMB8GA1UdIwQY
MBaAFM1AZZZ97AkrX8kBUuSpUzm6HSKJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2Qt
ZWRjZWY3NDUxZWY0LzEvMWhXaHdWMWJrUVhPZmozT25EV3Q1Q2N0M2w4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS85NDRmMmEtZjY3My00MmJmLTllM2QtZWRjZWY3NDUxZWY0
LzEvelVCbGxuM3NDU3RmeVFGUzVLbFRPYm9kSW9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZAMMA0G
CSqGSIb3DQEBCwUAA4IBAQCoi28dF9wphqSIxzA3YFAtjJt2SyzT8fDlg5M7WBzj
eAM+PnGctK4SoizRfU1pquaQL88CAfRguE/q7JRZJFLtq/PtghBRxZAFSZAKfXRK
lZn4JauAXecOZIvc2/eKPcfPqRFvGAZpMPXMUw7eCzuB/WWb/gSSwWo3EaYJkBre
KLf/YEhMxLBIduBDGmOHIUyWSKq8LdzEcVfplsUETFHOwOg99lsoPRVPNUzi0kEM
thNfta29EI0PtVxHerBwX44almX3dRCz/g8+z6exf+0qXccKrn2Jgo/WGc2g4AuJ
+nvW6L/iY1MYzIPCZBTNcq+7e8QITMClfj1PbW25l0oG
-----END CERTIFICATE-----