Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/1-cAkiMKkhCBK3XaB2OIp80BtBr8.roa
File:                     1-cAkiMKkhCBK3XaB2OIp80BtBr8.roa (raw, json)
Hash identifier:          Q3aZVuoyBjYxoICNJvnGAVN8NK6bWrTBQefMg2yxJWM=
Subject key identifier:   F9:C0:24:88:C2:A4:84:20:4A:DD:76:81:D8:E2:29:F3:40:6D:06:BF
Certificate issuer:       /CN=aaab6111e004c2a044f168b8d28273cf6744f3a8
Certificate serial:       018CC5DBE612D04B0B8C01521DFDF7B452D6
Authority key identifier: AA:AB:61:11:E0:04:C2:A0:44:F1:68:B8:D2:82:73:CF:67:44:F3:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/1-cAkiMKkhCBK3XaB2OIp80BtBr8.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202766
IP address blocks:        185.44.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 17:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e6:12:d0:4b:0b:8c:01:52:1d:fd:f7:b4:52:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aaab6111e004c2a044f168b8d28273cf6744f3a8
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9c02488c2a484204add7681d8e229f3406d06bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:2e:9a:16:c5:9b:04:a7:11:a6:8e:dd:61:8b:
                    c7:7c:da:e1:bd:2d:34:cf:61:94:04:af:cb:ee:31:
                    d6:02:13:fd:13:48:65:13:6f:09:e5:00:6a:a8:bd:
                    e1:51:9d:16:cd:07:c1:85:02:4d:89:11:72:a1:c7:
                    d0:d1:53:08:92:d9:c6:e0:43:34:13:da:7f:95:c0:
                    51:39:55:12:4e:20:56:c2:1e:ad:92:98:e6:f3:a9:
                    77:71:71:c5:da:72:2d:c3:25:64:d7:0f:60:93:6d:
                    58:b5:d6:2d:74:c0:11:76:45:0d:5b:4a:46:f1:84:
                    a1:94:49:47:bc:35:69:6e:ff:bf:c1:33:fa:af:3b:
                    85:eb:8b:22:15:38:a2:f7:0f:fa:b9:43:21:57:8b:
                    fc:87:17:a9:c5:95:23:d4:2b:49:71:cd:b4:b1:2d:
                    26:19:c6:45:4d:95:4a:63:80:42:85:44:2a:ed:2e:
                    d4:1d:b3:6b:1a:f2:f9:00:eb:b7:e9:1c:b2:a6:df:
                    c9:c2:85:17:df:bc:c7:47:b3:8c:ac:b1:bc:ad:d5:
                    fc:49:e8:e8:e5:8d:40:92:8f:4e:86:90:ea:96:d9:
                    d7:90:64:5f:3e:0f:fd:82:8c:cc:ba:20:de:02:60:
                    b8:10:da:ea:61:00:9f:29:3b:bc:a2:04:06:1c:ba:
                    34:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:C0:24:88:C2:A4:84:20:4A:DD:76:81:D8:E2:29:F3:40:6D:06:BF
            X509v3 Authority Key Identifier:
                keyid:AA:AB:61:11:E0:04:C2:A0:44:F1:68:B8:D2:82:73:CF:67:44:F3:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qqthEeAEwqBE8Wi40oJzz2dE86g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/1-cAkiMKkhCBK3XaB2OIp80BtBr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/f4ad0f-0b30-41ff-a8d9-82ededa7fe7a/1/qqthEeAEwqBE8Wi40oJzz2dE86g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.44.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:bd:41:3e:37:97:d6:42:76:25:36:a0:ce:01:6c:02:dd:75:
         4c:0f:d1:60:d9:e5:f1:cd:6f:a0:70:30:5b:7c:28:9e:a1:bd:
         95:b2:83:7f:b0:78:c6:67:cc:47:da:0b:5e:4d:68:8c:09:c4:
         df:55:7f:6f:a5:a9:98:bf:b2:5a:78:3c:67:06:5b:d3:8f:4c:
         1d:14:9e:13:ca:1f:aa:04:05:6e:05:ed:eb:e9:b6:71:9c:80:
         01:7a:5c:22:01:e5:d6:a6:f5:89:4a:af:3b:d8:c2:5c:42:27:
         d9:a9:90:21:ce:1a:0f:00:bd:aa:62:b3:ac:a1:17:35:9d:04:
         60:2e:c1:29:7e:b0:6e:a7:96:d9:3b:86:41:89:17:56:94:ad:
         54:c9:f3:27:15:52:b8:d0:96:ff:a9:24:4b:d4:2f:0d:cf:bf:
         22:40:a7:49:0a:82:c5:80:00:eb:fb:1a:8d:46:10:54:de:9f:
         32:d6:8e:4a:c6:1c:42:59:fd:79:6a:11:e3:2f:65:fe:10:5e:
         58:1a:e6:b6:cc:07:1d:f5:40:ba:11:00:3b:42:6c:61:0c:a5:
         43:de:7e:14:04:be:3c:63:66:95:d8:6d:c4:ab:cc:ea:cb:38:
         31:cb:fb:0a:f1:97:d9:1e:e1:11:c2:95:4d:78:2b:0e:88:e9:
         b7:51:27:70
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzF2+YS0EsLjAFSHf33tFLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYWI2MTExZTAwNGMyYTA0NGYxNjhiOGQyODI3M2NmNjc0
NGYzYTgwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWMwMjQ4OGMyYTQ4NDIwNGFkZDc2ODFkOGUyMjlmMzQwNmQwNmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvS6aFsWbBKcRpo7dYYvHfNrhvS00
z2GUBK/L7jHWAhP9E0hlE28J5QBqqL3hUZ0WzQfBhQJNiRFyocfQ0VMIktnG4EM0
E9p/lcBROVUSTiBWwh6tkpjm86l3cXHF2nItwyVk1w9gk21YtdYtdMARdkUNW0pG
8YShlElHvDVpbv+/wTP6rzuF64siFTii9w/6uUMhV4v8hxepxZUj1CtJcc20sS0m
GcZFTZVKY4BChUQq7S7UHbNrGvL5AOu36Ryypt/JwoUX37zHR7OMrLG8rdX8Sejo
5Y1Ako9OhpDqltnXkGRfPg/9gozMuiDeAmC4ENrqYQCfKTu8ogQGHLo0XwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPnAJIjCpIQgSt12gdjiKfNAbQa/MB8GA1UdIwQY
MBaAFKqrYRHgBMKgRPFouNKCc89nRPOoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXF0aEVlQUV3cUJFOFdpNDBvSnp6MmRFODZnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9mNGFkMGYtMGIzMC00MWZmLWE4ZDkt
ODJlZGVkYTdmZTdhLzEvMS1jQWtpTUtraENCSzNYYUIyT0lwODBCdEJyOC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOTQvZjRhZDBmLTBiMzAtNDFmZi1hOGQ5LTgyZWRlZGE3ZmU3
YS8xL3FxdGhFZUFFd3FCRThXaTQwb0p6ejJkRTg2Zy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALksPzAN
BgkqhkiG9w0BAQsFAAOCAQEAfL1BPjeX1kJ2JTagzgFsAt11TA/RYNnl8c1voHAw
W3wonqG9lbKDf7B4xmfMR9oLXk1ojAnE31V/b6WpmL+yWng8ZwZb049MHRSeE8of
qgQFbgXt6+m2cZyAAXpcIgHl1qb1iUqvO9jCXEIn2amQIc4aDwC9qmKzrKEXNZ0E
YC7BKX6wbqeW2TuGQYkXVpStVMnzJxVSuNCW/6kkS9QvDc+/IkCnSQqCxYAA6/sa
jUYQVN6fMtaOSsYcQln9eWoR4y9l/hBeWBrmtswHHfVAuhEAO0JsYQylQ95+FAS+
PGNmldhtxKvM6ss4Mcv7CvGX2R7hEcKVTXgrDojpt1EncA==
-----END CERTIFICATE-----