Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/hwW7rl4dydXPDWLAf8zsSWJhDvg.roa
File:                     hwW7rl4dydXPDWLAf8zsSWJhDvg.roa (raw, json)
Hash identifier:          OrollrL3LXZ0GIs6mD9MqV/PdNZ2gHOaykUK12v4KKs=
Subject key identifier:   87:05:BB:AE:5E:1D:C9:D5:CF:0D:62:C0:7F:CC:EC:49:62:61:0E:F8
Certificate issuer:       /CN=fc282a794b3f7ab4cd6feb6c5fd6b3d256afc461
Certificate serial:       019422FBDC3945DB968D6D4B73A58B0FF900
Authority key identifier: FC:28:2A:79:4B:3F:7A:B4:CD:6F:EB:6C:5F:D6:B3:D2:56:AF:C4:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/hwW7rl4dydXPDWLAf8zsSWJhDvg.roa
Signing time:             Wed 01 Jan 2025 17:48:38 +0000
ROA not before:           Wed 01 Jan 2025 17:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.144.236.0/22 maxlen: 24
                          2a07:4407::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 17:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:dc:39:45:db:96:8d:6d:4b:73:a5:8b:0f:f9:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc282a794b3f7ab4cd6feb6c5fd6b3d256afc461
        Validity
            Not Before: Jan  1 17:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8705bbae5e1dc9d5cf0d62c07fccec4962610ef8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:59:5a:81:12:c0:be:7c:44:24:87:e0:b4:a4:
                    db:dc:1a:2e:3c:c3:ab:99:8c:b3:8c:20:99:41:eb:
                    c6:f4:83:a9:ec:15:eb:a7:f3:ec:7d:6c:8f:6e:90:
                    56:a0:1b:cb:a7:47:4f:12:a2:42:d0:cc:dc:47:1d:
                    a9:2c:72:bb:8f:d0:5d:81:9e:14:3d:5d:b0:db:b9:
                    e1:8f:50:41:7f:0d:c7:c7:af:83:49:58:84:60:c1:
                    0c:5b:44:e9:25:8f:f7:1b:0d:b9:82:57:dc:f1:b4:
                    8c:41:8e:7c:4e:42:c1:2a:f9:88:be:67:e3:9d:e7:
                    40:42:29:a3:32:b5:2f:60:ba:e4:7f:13:e5:c1:4c:
                    f1:6c:4a:79:9d:cf:a0:7e:2d:51:08:32:71:c2:c0:
                    04:f7:4a:ed:4a:1a:ad:c8:e4:2a:99:83:be:33:c2:
                    22:65:18:59:7f:d6:21:92:2a:91:ac:ac:56:f8:bf:
                    f6:dd:83:e3:45:bc:a9:ff:24:45:1a:28:3f:be:59:
                    a2:4d:da:2b:08:1e:b1:e4:4e:f3:01:ac:8d:62:fb:
                    36:67:e1:9d:df:86:df:26:aa:35:96:1b:7c:5d:82:
                    7a:b8:86:00:2a:64:cf:55:58:fa:46:70:9a:b7:85:
                    b0:95:a7:80:8e:8b:b6:36:ed:e5:6e:3a:30:1b:45:
                    1a:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:05:BB:AE:5E:1D:C9:D5:CF:0D:62:C0:7F:CC:EC:49:62:61:0E:F8
            X509v3 Authority Key Identifier:
                keyid:FC:28:2A:79:4B:3F:7A:B4:CD:6F:EB:6C:5F:D6:B3:D2:56:AF:C4:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_CgqeUs_erTNb-tsX9az0lavxGE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/hwW7rl4dydXPDWLAf8zsSWJhDvg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e485e1-a65f-43d4-b572-d3326c59bcd2/1/_CgqeUs_erTNb-tsX9az0lavxGE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.144.236.0/22
                IPv6:
                  2a07:4407::/32

    Signature Algorithm: sha256WithRSAEncryption
         6e:cd:a7:c9:cb:a4:da:9b:5d:47:3c:fe:99:f0:6a:0f:1d:fa:
         f9:44:ca:d2:31:ae:14:7c:33:3b:aa:f3:3f:f1:b8:dc:5c:ef:
         8b:61:d4:29:fc:60:02:17:fa:15:a6:7a:af:ec:83:ea:d2:47:
         b4:59:bd:7b:c5:c5:82:cb:10:c0:d8:5e:50:3e:b2:3d:b5:20:
         76:c0:a0:df:36:32:cd:66:4d:34:f9:1a:4c:0a:38:48:cd:1d:
         db:b9:88:f6:76:16:e7:23:b5:c2:34:d7:76:9e:16:32:4a:e9:
         99:56:28:f6:05:79:49:e9:82:9e:8c:59:59:2c:60:ef:c4:bb:
         bb:5c:41:96:c1:af:83:1c:53:be:29:3f:46:7e:40:0d:67:85:
         a1:f6:f4:30:7c:eb:6f:6f:05:15:26:7e:d5:d9:f5:88:ea:34:
         b6:53:0c:0a:bf:47:1b:71:97:c5:2c:54:b3:3a:6d:42:10:b4:
         93:4f:34:73:18:45:e1:f7:bb:1a:a9:17:01:1d:a4:a6:24:70:
         d8:d6:2d:d7:e8:28:41:46:94:20:34:97:da:a4:94:25:2c:4a:
         43:dc:1e:c0:3b:ca:20:18:bd:f9:ce:40:fb:e7:02:53:24:71:
         57:ac:7c:f3:be:66:05:b6:ab:44:b6:96:ad:1d:2a:92:ef:4e:
         28:76:de:a5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+9w5RduWjW1Lc6WLD/kAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjMjgyYTc5NGIzZjdhYjRjZDZmZWI2YzVmZDZiM2QyNTZh
ZmM0NjEwHhcNMjUwMTAxMTc0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzA1YmJhZTVlMWRjOWQ1Y2YwZDYyYzA3ZmNjZWM0OTYyNjEwZWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1lagRLAvnxEJIfgtKTb3BouPMOr
mYyzjCCZQevG9IOp7BXrp/PsfWyPbpBWoBvLp0dPEqJC0MzcRx2pLHK7j9BdgZ4U
PV2w27nhj1BBfw3Hx6+DSViEYMEMW0TpJY/3Gw25glfc8bSMQY58TkLBKvmIvmfj
nedAQimjMrUvYLrkfxPlwUzxbEp5nc+gfi1RCDJxwsAE90rtShqtyOQqmYO+M8Ii
ZRhZf9YhkiqRrKxW+L/23YPjRbyp/yRFGig/vlmiTdorCB6x5E7zAayNYvs2Z+Gd
34bfJqo1lht8XYJ6uIYAKmTPVVj6RnCat4WwlaeAjou2Nu3lbjowG0UaFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIcFu65eHcnVzw1iwH/M7EliYQ74MB8GA1UdIwQY
MBaAFPwoKnlLP3q0zW/rbF/Ws9JWr8RhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0NncWVVc19lclROYi10c1g5YXowbGF2eEdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lNDg1ZTEtYTY1Zi00M2Q0LWI1NzIt
ZDMzMjZjNTliY2QyLzEvaHdXN3JsNGR5ZFhQRFdMQWY4enNTV0poRHZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lNDg1ZTEtYTY1Zi00M2Q0LWI1NzItZDMzMjZjNTliY2Qy
LzEvX0NncWVVc19lclROYi10c1g5YXowbGF2eEdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZDsMA0E
AgACMAcDBQAqB0QHMA0GCSqGSIb3DQEBCwUAA4IBAQBuzafJy6Tam11HPP6Z8GoP
Hfr5RMrSMa4UfDM7qvM/8bjcXO+LYdQp/GACF/oVpnqv7IPq0ke0Wb17xcWCyxDA
2F5QPrI9tSB2wKDfNjLNZk00+RpMCjhIzR3buYj2dhbnI7XCNNd2nhYySumZVij2
BXlJ6YKejFlZLGDvxLu7XEGWwa+DHFO+KT9GfkANZ4Wh9vQwfOtvbwUVJn7V2fWI
6jS2UwwKv0cbcZfFLFSzOm1CELSTTzRzGEXh97saqRcBHaSmJHDY1i3X6ChBRpQg
NJfapJQlLEpD3B7AO8ogGL35zkD75wJTJHFXrHzzvmYFtqtEtpatHSqS704odt6l
-----END CERTIFICATE-----