Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/44_CYiRYI2lQ3UbvPmPWdwL5kyg.roa
File:                     44_CYiRYI2lQ3UbvPmPWdwL5kyg.roa (raw, json)
Hash identifier:          bn7Oh3qAZ1KcLo2g6nutb3s75+yP2S4gRskYXsEhWcw=
Subject key identifier:   E3:8F:C2:62:24:58:23:69:50:DD:46:EF:3E:63:D6:77:02:F9:93:28
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       018CC64B559D966A7BF412B000C9615FBAB7
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/44_CYiRYI2lQ3UbvPmPWdwL5kyg.roa
Signing time:             Mon 01 Jan 2024 18:31:15 +0000
ROA not before:           Mon 01 Jan 2024 18:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50779
IP address blocks:        85.31.220.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:55:9d:96:6a:7b:f4:12:b0:00:c9:61:5f:ba:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 18:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e38fc2622458236950dd46ef3e63d67702f99328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:8c:ab:75:04:f0:fc:81:ca:f3:79:a7:d7:4c:
                    60:7c:c6:3e:78:37:67:4f:24:77:cf:84:ea:a1:82:
                    28:da:d5:e8:36:68:f0:8c:a0:81:ec:ef:be:9f:23:
                    f5:20:8f:c6:3b:f4:0b:6b:33:a9:23:d7:3d:fd:e7:
                    05:32:ab:c1:44:4d:7d:94:7a:bd:6f:af:74:a0:43:
                    4d:68:f0:c6:36:2a:e1:0a:4d:6e:b5:14:ed:d2:57:
                    01:fd:b2:d9:ae:f1:b6:9e:96:f5:75:6f:7b:ad:3d:
                    3c:b1:90:b6:e8:2f:fb:73:9d:3b:21:6b:2d:ba:80:
                    77:2a:3c:f4:22:16:30:48:23:fa:0e:0d:0e:2e:5d:
                    3b:32:96:f5:38:ce:16:d0:2a:7e:e4:48:a8:ce:60:
                    49:fc:54:61:94:53:d9:27:7d:34:f9:fc:a6:9c:c4:
                    cb:91:ef:48:94:d5:18:78:0e:ee:e7:89:27:b4:63:
                    52:14:cf:3a:37:fe:96:80:a7:0b:86:f5:ec:d4:6f:
                    f4:9c:64:ef:6f:29:05:8f:07:35:f7:c5:78:2c:85:
                    5c:de:a3:1d:8c:71:2e:f4:9a:7e:ed:d9:47:6f:43:
                    2a:1e:30:0c:39:26:af:80:00:39:ff:1d:60:16:89:
                    e5:dd:4a:6e:8c:25:e7:e4:3e:fd:43:73:af:33:22:
                    97:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:8F:C2:62:24:58:23:69:50:DD:46:EF:3E:63:D6:77:02:F9:93:28
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/44_CYiRYI2lQ3UbvPmPWdwL5kyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:7a:df:71:60:e4:3b:2c:01:1d:08:81:fe:49:56:22:08:fe:
         70:7a:2a:26:57:ae:57:a7:dc:d0:df:25:bd:12:3e:06:c0:71:
         0c:8b:41:52:f5:35:59:4f:44:8d:86:7b:51:fa:13:55:d5:8a:
         ef:6d:3d:5c:29:ed:1f:56:c9:cd:89:8d:66:47:45:61:10:4e:
         f7:79:93:2b:42:17:68:79:f9:48:85:3e:a2:5e:09:d6:ed:a0:
         41:8c:6e:89:45:07:44:86:e3:54:74:dd:bb:a7:d3:f4:14:f1:
         0f:99:f7:ff:5f:2f:12:d5:88:82:ca:99:40:15:d1:9c:ef:4f:
         ce:27:ae:ed:ab:85:d7:e9:00:9e:12:4b:c6:b1:98:37:be:86:
         0b:25:f3:8a:45:2e:c9:91:36:4b:28:dd:c6:00:24:f7:76:fe:
         d8:3d:fa:7d:40:19:cb:4f:f0:1b:ee:91:6c:fb:67:1d:7e:75:
         44:6a:a4:3b:ab:4a:a8:70:0c:70:8e:7e:68:77:95:cf:b4:c9:
         d8:3c:cd:e0:ca:c8:e9:32:8b:ba:f1:fd:8e:23:1d:44:9f:3f:
         bf:ab:62:f1:d5:14:51:d7:2c:14:0e:31:d6:54:8b:6f:7d:02:
         3d:4c:af:5d:4e:1d:fe:d7:31:4b:ae:23:6c:c6:d8:dd:8e:2b:
         0c:2e:4a:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS1Wdlmp79BKwAMlhX7q3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjQwMTAxMTgzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzhmYzI2MjI0NTgyMzY5NTBkZDQ2ZWYzZTYzZDY3NzAyZjk5MzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYyrdQTw/IHK83mn10xgfMY+eDdn
TyR3z4TqoYIo2tXoNmjwjKCB7O++nyP1II/GO/QLazOpI9c9/ecFMqvBRE19lHq9
b690oENNaPDGNirhCk1utRTt0lcB/bLZrvG2npb1dW97rT08sZC26C/7c507IWst
uoB3Kjz0IhYwSCP6Dg0OLl07Mpb1OM4W0Cp+5EiozmBJ/FRhlFPZJ300+fymnMTL
ke9IlNUYeA7u54kntGNSFM86N/6WgKcLhvXs1G/0nGTvbykFjwc198V4LIVc3qMd
jHEu9Jp+7dlHb0MqHjAMOSavgAA5/x1gFonl3UpujCXn5D79Q3OvMyKXfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOPwmIkWCNpUN1G7z5j1ncC+ZMoMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvNDRfQ1lpUllJMmxRM1VidlBtUFdkd0w1a3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVR/cMA0G
CSqGSIb3DQEBCwUAA4IBAQCoet9xYOQ7LAEdCIH+SVYiCP5weiomV65Xp9zQ3yW9
Ej4GwHEMi0FS9TVZT0SNhntR+hNV1YrvbT1cKe0fVsnNiY1mR0VhEE73eZMrQhdo
eflIhT6iXgnW7aBBjG6JRQdEhuNUdN27p9P0FPEPmff/Xy8S1YiCyplAFdGc70/O
J67tq4XX6QCeEkvGsZg3voYLJfOKRS7JkTZLKN3GACT3dv7YPfp9QBnLT/Ab7pFs
+2cdfnVEaqQ7q0qocAxwjn5od5XPtMnYPM3gysjpMou68f2OIx1Enz+/q2Lx1RRR
1ywUDjHWVItvfQI9TK9dTh3+1zFLriNsxtjdjisMLkq9
-----END CERTIFICATE-----