Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/P3ASWQ-jVnQAr4MXI1bMNzJpd74.roa
File:                     P3ASWQ-jVnQAr4MXI1bMNzJpd74.roa (raw, json)
Hash identifier:          n0NiU9G/ENmUTyfdsmVSFFjOKeJ35dF8zso+IrjYwZA=
Subject key identifier:   3F:70:12:59:0F:A3:56:74:00:AF:83:17:23:56:CC:37:32:69:77:BE
Certificate issuer:       /CN=59877720c014688494ea6910c83474de13e99802
Certificate serial:       018CC5DC266FAC9E88BCC00C8FF41649144D
Authority key identifier: 59:87:77:20:C0:14:68:84:94:EA:69:10:C8:34:74:DE:13:E9:98:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WYd3IMAUaISU6mkQyDR03hPpmAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/P3ASWQ-jVnQAr4MXI1bMNzJpd74.roa
Signing time:             Mon 01 Jan 2024 16:29:48 +0000
ROA not before:           Mon 01 Jan 2024 16:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50597
IP address blocks:        185.144.15.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/WYd3IMAUaISU6mkQyDR03hPpmAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/WYd3IMAUaISU6mkQyDR03hPpmAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WYd3IMAUaISU6mkQyDR03hPpmAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:26:6f:ac:9e:88:bc:c0:0c:8f:f4:16:49:14:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=59877720c014688494ea6910c83474de13e99802
        Validity
            Not Before: Jan  1 16:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f7012590fa3567400af83172356cc37326977be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:f6:88:4d:28:7c:61:3c:ca:51:9a:bf:af:4f:
                    25:d3:47:cc:88:c4:61:9c:7d:31:22:22:76:92:b3:
                    41:91:b8:59:4f:11:10:80:db:c4:f8:8f:8a:67:5b:
                    51:ca:cf:ba:d3:7e:22:26:fd:0a:53:f1:9e:02:e4:
                    06:f5:82:8d:fc:0e:92:06:d5:37:eb:52:df:a2:e2:
                    fe:be:78:c1:6b:96:c1:a9:a9:85:d1:ac:b7:fb:30:
                    c3:22:1e:3e:bb:44:d5:f8:a4:59:30:21:d6:64:ff:
                    10:4c:4c:75:87:68:03:fb:67:23:01:d4:2d:71:1f:
                    d4:9f:83:fa:5e:3d:50:44:8a:28:cf:57:99:24:1a:
                    4d:84:e5:e6:8b:af:1f:d7:56:f2:6e:ad:12:3a:62:
                    2d:9c:19:ed:f0:03:f1:87:52:a6:34:ae:50:1b:af:
                    f5:82:e7:6d:b8:dd:7e:04:52:2d:1e:54:77:2a:a0:
                    8c:dd:d1:88:f6:19:3d:dc:fb:0d:9e:08:b9:07:4f:
                    e8:15:90:ff:dd:91:c1:af:09:b4:12:3a:c8:9c:0f:
                    dd:40:23:94:9b:70:13:85:30:3f:50:48:b9:5e:33:
                    3e:95:82:7a:dc:ae:78:6c:26:4c:66:3f:d4:52:5e:
                    e6:31:90:c9:ae:9d:a6:8d:b9:d2:48:c1:96:cc:0d:
                    69:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:70:12:59:0F:A3:56:74:00:AF:83:17:23:56:CC:37:32:69:77:BE
            X509v3 Authority Key Identifier:
                keyid:59:87:77:20:C0:14:68:84:94:EA:69:10:C8:34:74:DE:13:E9:98:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WYd3IMAUaISU6mkQyDR03hPpmAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/P3ASWQ-jVnQAr4MXI1bMNzJpd74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/2a0808-7e97-47e0-afbb-74ccd8240bad/1/WYd3IMAUaISU6mkQyDR03hPpmAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:e5:b3:75:40:fb:3f:50:47:83:01:ed:be:c3:b8:b4:3c:6c:
         9c:1a:95:40:89:86:59:3b:7f:ae:d6:48:ae:d4:41:70:cc:1b:
         d5:22:9a:58:87:18:c2:97:6c:20:64:7d:d9:ae:8a:1a:da:e6:
         e1:64:c9:4b:d2:e0:f5:58:46:35:50:4c:d0:03:37:bb:13:52:
         5b:43:be:ad:b4:b0:21:6a:25:1f:38:f8:34:b1:77:31:d2:a3:
         b7:5c:2d:29:77:ee:22:32:47:50:ba:89:85:c3:46:a2:f8:00:
         77:e1:7b:b3:0a:27:25:ff:e4:dc:d1:48:69:f3:96:2a:95:66:
         34:33:3a:4f:34:52:5f:6b:d8:01:d6:ba:8a:25:7c:3d:79:f8:
         1f:7c:b9:18:19:15:e1:20:7f:2c:fb:e5:0a:3e:de:2d:9e:3a:
         af:3b:06:d6:a9:1a:37:90:a4:a0:e0:7e:a9:38:82:b8:b1:4b:
         e4:28:46:fd:92:8f:0e:db:c4:70:25:80:41:bd:22:f4:1f:0b:
         74:91:f8:ea:08:9d:72:23:60:e5:13:29:ef:3f:02:4b:0d:20:
         36:0b:23:2a:96:5c:a1:43:88:16:f7:87:d4:8a:d3:0b:af:4f:
         96:a2:22:dc:ea:89:aa:04:17:ad:cc:3a:0d:49:39:11:6a:9d:
         fb:b8:9d:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CZvrJ6IvMAMj/QWSRRNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5ODc3NzIwYzAxNDY4ODQ5NGVhNjkxMGM4MzQ3NGRlMTNl
OTk4MDIwHhcNMjQwMTAxMTYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjcwMTI1OTBmYTM1Njc0MDBhZjgzMTcyMzU2Y2MzNzMyNjk3N2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAovaITSh8YTzKUZq/r08l00fMiMRh
nH0xIiJ2krNBkbhZTxEQgNvE+I+KZ1tRys+6034iJv0KU/GeAuQG9YKN/A6SBtU3
61LfouL+vnjBa5bBqamF0ay3+zDDIh4+u0TV+KRZMCHWZP8QTEx1h2gD+2cjAdQt
cR/Un4P6Xj1QRIooz1eZJBpNhOXmi68f11bybq0SOmItnBnt8APxh1KmNK5QG6/1
gudtuN1+BFItHlR3KqCM3dGI9hk93PsNngi5B0/oFZD/3ZHBrwm0EjrInA/dQCOU
m3AThTA/UEi5XjM+lYJ63K54bCZMZj/UUl7mMZDJrp2mjbnSSMGWzA1pqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD9wElkPo1Z0AK+DFyNWzDcyaXe+MB8GA1UdIwQY
MBaAFFmHdyDAFGiElOppEMg0dN4T6ZgCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1lkM0lNQVVhSVNVNm1rUXlEUjAzaFBwbUFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy8yYTA4MDgtN2U5Ny00N2UwLWFmYmIt
NzRjY2Q4MjQwYmFkLzEvUDNBU1dRLWpWblFBcjRNWEkxYk1OekpwZDc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy8yYTA4MDgtN2U5Ny00N2UwLWFmYmItNzRjY2Q4MjQwYmFk
LzEvV1lkM0lNQVVhSVNVNm1rUXlEUjAzaFBwbUFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZAPMA0G
CSqGSIb3DQEBCwUAA4IBAQAX5bN1QPs/UEeDAe2+w7i0PGycGpVAiYZZO3+u1kiu
1EFwzBvVIppYhxjCl2wgZH3Zrooa2ubhZMlL0uD1WEY1UEzQAze7E1JbQ76ttLAh
aiUfOPg0sXcx0qO3XC0pd+4iMkdQuomFw0ai+AB34XuzCicl/+Tc0Uhp85YqlWY0
MzpPNFJfa9gB1rqKJXw9efgffLkYGRXhIH8s++UKPt4tnjqvOwbWqRo3kKSg4H6p
OIK4sUvkKEb9ko8O28RwJYBBvSL0Hwt0kfjqCJ1yI2DlEynvPwJLDSA2CyMqllyh
Q4gW94fUitMLr0+WoiLc6omqBBetzDoNSTkRap37uJ12
-----END CERTIFICATE-----