Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/DeHazeP3A9wAumTO_Rmx5RqWaqs.roa
File:                     DeHazeP3A9wAumTO_Rmx5RqWaqs.roa (raw, json)
Hash identifier:          0hOPuiiQ+UKk5lNFYgiHmEshvjQhpp/6FLqfnT4DM3I=
Subject key identifier:   0D:E1:DA:CD:E3:F7:03:DC:00:BA:64:CE:FD:19:B1:E5:1A:96:6A:AB
Certificate issuer:       /CN=1c4c26273da2821fce26075aa0a6e2301ec84927
Certificate serial:       019424B3E4DCE1BCB8B7629CAE098A0D1DA8
Authority key identifier: 1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/DeHazeP3A9wAumTO_Rmx5RqWaqs.roa
Signing time:             Thu 02 Jan 2025 01:49:16 +0000
ROA not before:           Thu 02 Jan 2025 01:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     786
IP address blocks:        143.239.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:e4:dc:e1:bc:b8:b7:62:9c:ae:09:8a:0d:1d:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c4c26273da2821fce26075aa0a6e2301ec84927
        Validity
            Not Before: Jan  2 01:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0de1dacde3f703dc00ba64cefd19b1e51a966aab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:22:54:be:c1:65:6a:fd:d4:ba:94:c6:85:e9:
                    da:91:17:89:11:69:5b:bc:74:5f:05:d5:e3:90:43:
                    d1:f1:4b:30:76:4e:81:ca:dc:04:8f:90:ef:f5:f5:
                    22:7b:4d:7d:78:2b:32:84:de:84:31:96:f8:c7:b8:
                    b0:3f:85:09:23:d3:83:78:f1:a2:90:34:03:05:52:
                    3b:0f:f0:41:6a:95:f9:7f:2b:30:e9:0a:6f:81:9c:
                    c6:90:04:e8:04:c5:a8:f0:f0:e7:94:c9:d8:38:85:
                    bb:f9:38:b1:13:8f:08:cc:85:e4:e5:97:44:fe:31:
                    64:1c:e3:70:35:18:40:1d:49:8c:d5:63:ee:46:6b:
                    5f:ae:ca:34:be:50:3b:94:b6:fc:13:25:5c:d5:9d:
                    90:e0:16:5e:51:50:f8:f3:eb:37:d6:bd:7a:e4:3e:
                    c5:8e:7d:9a:de:4d:7c:d4:04:16:7f:64:d9:f2:b1:
                    35:54:ee:1c:6d:81:ca:bc:b0:1f:b1:39:01:c6:84:
                    57:b4:89:ae:be:ba:ef:e8:50:78:a6:f6:60:6a:04:
                    03:64:36:e8:1f:fd:08:88:aa:79:ef:29:b8:7b:ef:
                    6d:bc:4a:26:5e:32:d7:c0:e6:fa:7c:dd:12:50:7f:
                    b3:4a:7d:97:0d:15:89:6f:d6:99:22:d0:b8:c8:64:
                    70:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:E1:DA:CD:E3:F7:03:DC:00:BA:64:CE:FD:19:B1:E5:1A:96:6A:AB
            X509v3 Authority Key Identifier:
                keyid:1C:4C:26:27:3D:A2:82:1F:CE:26:07:5A:A0:A6:E2:30:1E:C8:49:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HEwmJz2igh_OJgdaoKbiMB7ISSc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/DeHazeP3A9wAumTO_Rmx5RqWaqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/545cce-af11-4ef7-9a5d-d35b430af26d/1/HEwmJz2igh_OJgdaoKbiMB7ISSc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  143.239.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         88:57:25:7a:bc:69:2e:46:39:3a:ba:29:c6:01:fc:bb:f2:7f:
         ad:cb:9e:92:22:e9:ca:e1:e4:d3:55:aa:03:c5:ac:4d:92:29:
         21:73:2d:e1:5b:f2:7c:25:6d:f5:de:72:9c:f8:40:52:25:73:
         12:41:e5:af:aa:82:f2:5a:2c:4e:bd:17:e2:19:de:72:ed:da:
         d5:8b:7f:b4:7d:24:9e:4d:2c:4c:a1:08:53:ba:c9:f2:9d:85:
         f6:9d:28:a9:a5:74:b2:94:3e:37:59:21:52:62:a9:fa:a4:ec:
         f1:4b:21:cb:26:bc:12:7f:99:ca:04:4c:4b:f4:b5:f8:10:e7:
         41:c0:2c:e1:94:46:4f:42:84:40:d5:de:2f:82:ed:60:c9:0f:
         80:62:47:aa:3e:f3:c7:57:57:63:39:ad:42:b7:34:be:6a:34:
         c2:58:74:fa:2d:3f:9c:b2:11:46:7e:3a:da:6a:f3:33:2d:57:
         7d:15:77:a9:0e:0f:52:cf:26:25:fd:f5:41:fe:25:94:e4:ed:
         6c:34:47:59:2f:86:c4:ca:29:48:65:f8:2e:22:7d:92:2d:cc:
         e1:62:9f:be:f5:b5:07:e7:b6:9f:0d:c2:9c:77:07:38:6e:b5:
         ce:cc:a3:9b:75:39:68:2d:b4:90:62:fd:71:22:0a:db:ea:ee:
         1c:34:ec:4a
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQks+Tc4by4t2KcrgmKDR2oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjNGMyNjI3M2RhMjgyMWZjZTI2MDc1YWEwYTZlMjMwMWVj
ODQ5MjcwHhcNMjUwMTAyMDE0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGUxZGFjZGUzZjcwM2RjMDBiYTY0Y2VmZDE5YjFlNTFhOTY2YWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCJUvsFlav3UupTGhenakReJEWlb
vHRfBdXjkEPR8Uswdk6BytwEj5Dv9fUie019eCsyhN6EMZb4x7iwP4UJI9ODePGi
kDQDBVI7D/BBapX5fysw6QpvgZzGkAToBMWo8PDnlMnYOIW7+TixE48IzIXk5ZdE
/jFkHONwNRhAHUmM1WPuRmtfrso0vlA7lLb8EyVc1Z2Q4BZeUVD48+s31r165D7F
jn2a3k181AQWf2TZ8rE1VO4cbYHKvLAfsTkBxoRXtImuvrrv6FB4pvZgagQDZDbo
H/0IiKp57ym4e+9tvEomXjLXwOb6fN0SUH+zSn2XDRWJb9aZItC4yGRw6wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFA3h2s3j9wPcALpkzv0ZseUalmqrMB8GA1UdIwQY
MBaAFBxMJic9ooIfziYHWqCm4jAeyEknMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQt
ZDM1YjQzMGFmMjZkLzEvRGVIYXplUDNBOXdBdW1UT19SbXg1UnFXYXFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS81NDVjY2UtYWYxMS00ZWY3LTlhNWQtZDM1YjQzMGFmMjZk
LzEvSEV3bUp6MmlnaF9PSmdkYW9LYmlNQjdJU1NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAj+8wDQYJ
KoZIhvcNAQELBQADggEBAIhXJXq8aS5GOTq6KcYB/Lvyf63LnpIi6crh5NNVqgPF
rE2SKSFzLeFb8nwlbfXecpz4QFIlcxJB5a+qgvJaLE69F+IZ3nLt2tWLf7R9JJ5N
LEyhCFO6yfKdhfadKKmldLKUPjdZIVJiqfqk7PFLIcsmvBJ/mcoETEv0tfgQ50HA
LOGURk9ChEDV3i+C7WDJD4BiR6o+88dXV2M5rUK3NL5qNMJYdPotP5yyEUZ+Otpq
8zMtV30Vd6kOD1LPJiX99UH+JZTk7Ww0R1kvhsTKKUhl+C4ifZItzOFin771tQfn
tp8Nwpx3Bzhutc7Mo5t1OWgttJBi/XEiCtvq7hw07Eo=
-----END CERTIFICATE-----