Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/hqWXJdixoyBrN6tefJIPGEJ4XNw.roa
File:                     hqWXJdixoyBrN6tefJIPGEJ4XNw.roa (raw, json)
Hash identifier:          jM1EQVCCuIqaZA8YHmIHlFvXnaAVW3MrjR0+9kCFwLU=
Subject key identifier:   86:A5:97:25:D8:B1:A3:20:6B:37:AB:5E:7C:92:0F:18:42:78:5C:DC
Certificate issuer:       /CN=015f2ef6db502994d7b0c8e49cd4a777bdb93572
Certificate serial:       019422FC1811A81263FA22DC70718A237B72
Authority key identifier: 01:5F:2E:F6:DB:50:29:94:D7:B0:C8:E4:9C:D4:A7:77:BD:B9:35:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/hqWXJdixoyBrN6tefJIPGEJ4XNw.roa
Signing time:             Wed 01 Jan 2025 17:48:53 +0000
ROA not before:           Wed 01 Jan 2025 17:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203123
IP address blocks:        185.144.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:18:11:a8:12:63:fa:22:dc:70:71:8a:23:7b:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=015f2ef6db502994d7b0c8e49cd4a777bdb93572
        Validity
            Not Before: Jan  1 17:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=86a59725d8b1a3206b37ab5e7c920f1842785cdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:36:3e:a7:6d:bc:31:97:b4:92:4b:e4:6f:e1:
                    cc:f3:b3:72:6f:2c:10:08:6c:05:8e:fc:be:01:34:
                    ca:f9:f4:14:15:01:bc:58:05:5f:d8:8c:a7:9f:59:
                    f3:ef:63:5e:da:f8:b4:1e:c1:2d:94:c6:92:f3:e2:
                    83:8d:1c:68:43:25:67:52:de:d6:b3:d3:44:5f:4a:
                    b1:a2:d0:75:4f:e4:81:97:7d:65:4f:11:fc:b6:1a:
                    ef:d3:1b:6e:65:33:dd:e0:05:82:60:58:19:1e:af:
                    93:a6:d4:77:e6:5d:d0:18:c2:02:b5:9a:83:2f:3a:
                    e4:eb:b1:d8:3b:e6:36:74:40:82:1c:66:fe:eb:f0:
                    e0:16:e4:24:ce:c8:02:b3:a2:87:b4:55:87:bf:7c:
                    86:02:3a:39:27:15:58:0c:11:88:c9:a5:6b:12:6b:
                    ae:ae:16:84:51:83:9f:6e:2d:f5:9d:c2:f4:08:56:
                    63:31:7e:fd:36:6c:10:e9:90:d7:61:69:21:da:15:
                    83:03:7a:33:21:3e:e1:99:3c:9c:b1:8e:83:ae:54:
                    12:59:78:7d:aa:df:82:25:bf:b9:53:c6:33:7c:e5:
                    95:09:4c:d0:52:dc:b4:e5:91:d7:19:16:9d:24:28:
                    67:b4:04:43:24:60:22:9d:85:3f:13:ff:60:4d:32:
                    fa:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:A5:97:25:D8:B1:A3:20:6B:37:AB:5E:7C:92:0F:18:42:78:5C:DC
            X509v3 Authority Key Identifier:
                keyid:01:5F:2E:F6:DB:50:29:94:D7:B0:C8:E4:9C:D4:A7:77:BD:B9:35:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AV8u9ttQKZTXsMjknNSnd725NXI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/hqWXJdixoyBrN6tefJIPGEJ4XNw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/36720e-ebf2-4b41-8cc2-faff211ea4c6/1/AV8u9ttQKZTXsMjknNSnd725NXI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:ec:10:f0:15:ea:05:ae:b2:23:02:db:61:b2:9b:41:8f:f7:
         19:46:9f:26:80:8d:91:6d:fb:ca:08:b3:c5:f6:c4:be:83:83:
         47:ff:6e:9f:4a:19:1b:28:ca:d5:01:2e:58:ad:89:22:ec:13:
         9d:e4:55:ab:ba:4c:11:86:b6:50:5e:4c:be:12:dc:21:a1:12:
         51:14:3d:71:90:e2:c8:36:57:24:8b:c8:b0:8c:4f:d7:2c:d2:
         16:90:c8:5c:0c:1c:86:ea:dc:d9:26:0b:52:84:74:23:7e:6e:
         c2:06:35:e6:d0:22:04:9b:b2:8d:92:79:aa:77:7f:b0:98:74:
         d9:55:06:25:1f:a2:62:b9:24:21:f0:a8:64:af:af:8c:29:39:
         ea:c9:25:26:0c:e1:ca:19:00:e4:69:c9:55:6d:dd:b3:a8:0e:
         01:e0:1f:24:fa:72:28:5e:30:28:39:e2:51:f6:71:8b:bb:49:
         7b:04:1f:05:cc:59:5f:5e:9c:39:39:55:74:1e:7f:33:34:d1:
         e5:c5:b3:80:04:c6:b0:2d:8d:b7:7b:b0:38:b6:dd:b3:52:ee:
         3a:f6:f2:73:8d:97:dc:0a:78:30:08:6c:90:12:00:64:4f:ff:
         7b:1a:0f:2d:b5:fc:f9:d8:d4:34:cb:00:ff:b9:d8:17:7b:6b:
         c7:d9:5d:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/BgRqBJj+iLccHGKI3tyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNWYyZWY2ZGI1MDI5OTRkN2IwYzhlNDljZDRhNzc3YmRi
OTM1NzIwHhcNMjUwMTAxMTc0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmE1OTcyNWQ4YjFhMzIwNmIzN2FiNWU3YzkyMGYxODQyNzg1Y2RjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtDY+p228MZe0kkvkb+HM87NybywQ
CGwFjvy+ATTK+fQUFQG8WAVf2Iynn1nz72Ne2vi0HsEtlMaS8+KDjRxoQyVnUt7W
s9NEX0qxotB1T+SBl31lTxH8thrv0xtuZTPd4AWCYFgZHq+TptR35l3QGMICtZqD
Lzrk67HYO+Y2dECCHGb+6/DgFuQkzsgCs6KHtFWHv3yGAjo5JxVYDBGIyaVrEmuu
rhaEUYOfbi31ncL0CFZjMX79NmwQ6ZDXYWkh2hWDA3ozIT7hmTycsY6DrlQSWXh9
qt+CJb+5U8YzfOWVCUzQUty05ZHXGRadJChntARDJGAinYU/E/9gTTL6LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIallyXYsaMgazerXnySDxhCeFzcMB8GA1UdIwQY
MBaAFAFfLvbbUCmU17DI5JzUp3e9uTVyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVY4dTl0dFFLWlRYc01qa25OU25kNzI1TlhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8zNjcyMGUtZWJmMi00YjQxLThjYzIt
ZmFmZjIxMWVhNGM2LzEvaHFXWEpkaXhveUJyTjZ0ZWZKSVBHRUo0WE53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8zNjcyMGUtZWJmMi00YjQxLThjYzItZmFmZjIxMWVhNGM2
LzEvQVY4dTl0dFFLWlRYc01qa25OU25kNzI1TlhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZAIMA0G
CSqGSIb3DQEBCwUAA4IBAQAy7BDwFeoFrrIjAtthsptBj/cZRp8mgI2RbfvKCLPF
9sS+g4NH/26fShkbKMrVAS5YrYki7BOd5FWrukwRhrZQXky+EtwhoRJRFD1xkOLI
Nlcki8iwjE/XLNIWkMhcDByG6tzZJgtShHQjfm7CBjXm0CIEm7KNknmqd3+wmHTZ
VQYlH6JiuSQh8Khkr6+MKTnqySUmDOHKGQDkaclVbd2zqA4B4B8k+nIoXjAoOeJR
9nGLu0l7BB8FzFlfXpw5OVV0Hn8zNNHlxbOABMawLY23e7A4tt2zUu469vJzjZfc
CngwCGyQEgBkT/97Gg8ttfz52NQ0ywD/udgXe2vH2V3Y
-----END CERTIFICATE-----