Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/hUTRfaJp_ub_gLlnhdzKIuHUszM.roa
File:                     hUTRfaJp_ub_gLlnhdzKIuHUszM.roa (raw, json)
Hash identifier:          l/zeVlrmf4oapuXFKYAdzdUfRzG2kwrE4nguzAiymz4=
Subject key identifier:   85:44:D1:7D:A2:69:FE:E6:FF:80:B9:67:85:DC:CA:22:E1:D4:B3:33
Certificate issuer:       /CN=44fc887c977393575de6257e75fa99cde2037c6c
Certificate serial:       018CF85887F080435250E0D4326A3EC6A18E
Authority key identifier: 44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/hUTRfaJp_ub_gLlnhdzKIuHUszM.roa
Signing time:             Thu 11 Jan 2024 11:46:40 +0000
ROA not before:           Thu 11 Jan 2024 11:46:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.85.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:f8:58:87:f0:80:43:52:50:e0:d4:32:6a:3e:c6:a1:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44fc887c977393575de6257e75fa99cde2037c6c
        Validity
            Not Before: Jan 11 11:46:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8544d17da269fee6ff80b96785dcca22e1d4b333
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:bf:32:78:fd:fb:80:7b:1b:a9:43:32:2a:9e:
                    60:59:84:dd:92:ca:46:16:e1:c9:aa:9b:29:ab:7a:
                    07:ec:c7:5d:06:cb:96:6e:0d:c7:0c:8a:3c:5f:c0:
                    65:60:73:b9:01:f6:29:24:3c:b7:b3:4a:0e:50:a1:
                    72:c3:11:36:f5:0a:bd:6b:39:ce:a6:ba:cd:16:a3:
                    22:e5:5f:ce:eb:08:14:4e:8a:34:5c:8e:e2:4e:03:
                    5c:3b:72:5d:e0:e1:48:55:70:91:f6:b7:f5:c5:e8:
                    c4:cd:ae:29:a6:05:91:9a:58:fa:a5:fa:ac:e9:f6:
                    f2:46:72:c5:49:4e:34:66:06:e9:74:bb:8b:6c:40:
                    11:7a:eb:c1:38:bc:c4:84:97:cd:95:79:ac:98:f9:
                    ab:b1:74:dd:00:bd:83:63:6c:d4:4c:74:79:17:62:
                    d3:7c:47:ec:b9:f2:fc:6c:77:67:c8:f0:72:24:d1:
                    a1:97:c0:1b:fb:68:ce:83:43:27:6b:0c:cf:8e:b8:
                    02:89:da:48:25:d4:fd:b1:24:50:ad:b5:20:83:8c:
                    31:1e:15:19:81:ba:96:d4:65:2f:81:6b:d3:68:ee:
                    2d:20:5f:02:b4:f9:5c:58:26:63:aa:16:e0:8a:a2:
                    3b:ae:da:7e:1e:81:f4:b3:8e:eb:dd:75:4b:d7:c0:
                    45:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:44:D1:7D:A2:69:FE:E6:FF:80:B9:67:85:DC:CA:22:E1:D4:B3:33
            X509v3 Authority Key Identifier:
                keyid:44:FC:88:7C:97:73:93:57:5D:E6:25:7E:75:FA:99:CD:E2:03:7C:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RPyIfJdzk1dd5iV-dfqZzeIDfGw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/hUTRfaJp_ub_gLlnhdzKIuHUszM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/f07c66-473d-435a-b693-c369c1d4c337/1/RPyIfJdzk1dd5iV-dfqZzeIDfGw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:fc:87:4a:d5:a2:fb:d2:4c:7a:17:cb:5a:06:e7:0c:b6:1e:
         da:6e:49:a0:be:ac:ba:69:8e:a6:94:40:17:06:a7:88:5d:38:
         5c:6b:ac:73:cb:75:d5:69:a1:89:4c:f4:47:12:b7:36:c7:58:
         39:44:d9:ce:a1:50:99:53:96:7f:4e:cf:de:9e:29:39:d6:dc:
         2f:a5:21:3d:ac:87:31:ae:b9:ab:a7:b5:2f:ef:87:a2:22:94:
         e5:7e:b9:5f:68:0f:d7:77:51:d7:73:4a:11:76:af:1d:13:2b:
         5b:c0:02:04:59:06:b4:d1:c9:5f:00:4f:b2:4d:4a:c5:42:39:
         74:6d:68:ca:5e:3c:2d:3f:c9:0c:1b:61:be:1c:66:1f:99:8f:
         23:e7:70:ea:8d:d9:ad:69:15:f1:1a:81:40:4e:97:da:f4:0e:
         3b:67:ce:29:b2:98:37:ee:c1:dc:91:c2:8e:fc:26:ef:c3:7e:
         3c:7f:ce:b2:d0:d8:c7:4f:9d:30:37:02:dc:e5:94:0e:aa:b6:
         97:01:4f:f9:24:f5:db:74:ce:f6:aa:a5:05:e9:66:9c:8b:86:
         8b:08:5e:a6:79:d3:32:64:cf:cf:66:4f:f3:a3:ce:f3:33:72:
         4d:ed:af:ce:5d:fb:21:e0:41:e3:e4:09:0c:61:87:3c:01:a5:
         c1:30:d1:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYz4WIfwgENSUODUMmo+xqGOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0ZmM4ODdjOTc3MzkzNTc1ZGU2MjU3ZTc1ZmE5OWNkZTIw
MzdjNmMwHhcNMjQwMTExMTE0NjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTQ0ZDE3ZGEyNjlmZWU2ZmY4MGI5Njc4NWRjY2EyMmUxZDRiMzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA178yeP37gHsbqUMyKp5gWYTdkspG
FuHJqpspq3oH7MddBsuWbg3HDIo8X8BlYHO5AfYpJDy3s0oOUKFywxE29Qq9aznO
prrNFqMi5V/O6wgUToo0XI7iTgNcO3Jd4OFIVXCR9rf1xejEza4ppgWRmlj6pfqs
6fbyRnLFSU40ZgbpdLuLbEAReuvBOLzEhJfNlXmsmPmrsXTdAL2DY2zUTHR5F2LT
fEfsufL8bHdnyPByJNGhl8Ab+2jOg0MnawzPjrgCidpIJdT9sSRQrbUgg4wxHhUZ
gbqW1GUvgWvTaO4tIF8CtPlcWCZjqhbgiqI7rtp+HoH0s47r3XVL18BFMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVE0X2iaf7m/4C5Z4XcyiLh1LMzMB8GA1UdIwQY
MBaAFET8iHyXc5NXXeYlfnX6mc3iA3xsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMt
YzM2OWMxZDRjMzM3LzEvaFVUUmZhSnBfdWJfZ0xsbmhkektJdUhVc3pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9mMDdjNjYtNDczZC00MzVhLWI2OTMtYzM2OWMxZDRjMzM3
LzEvUlB5SWZKZHprMWRkNWlWLWRmcVp6ZUlEZkd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVUOMA0G
CSqGSIb3DQEBCwUAA4IBAQBM/IdK1aL70kx6F8taBucMth7abkmgvqy6aY6mlEAX
BqeIXThca6xzy3XVaaGJTPRHErc2x1g5RNnOoVCZU5Z/Ts/enik51twvpSE9rIcx
rrmrp7Uv74eiIpTlfrlfaA/Xd1HXc0oRdq8dEytbwAIEWQa00clfAE+yTUrFQjl0
bWjKXjwtP8kMG2G+HGYfmY8j53DqjdmtaRXxGoFATpfa9A47Z84pspg37sHckcKO
/Cbvw348f86y0NjHT50wNwLc5ZQOqraXAU/5JPXbdM72qqUF6Waci4aLCF6medMy
ZM/PZk/zo87zM3JN7a/OXfsh4EHj5AkMYYc8AaXBMNFw
-----END CERTIFICATE-----