Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/CYiPvrXiDA5WP9aHtlJHSkuRKS0.roa
File:                     CYiPvrXiDA5WP9aHtlJHSkuRKS0.roa (raw, json)
Hash identifier:          Tq1/d6zCRvzGSdLQKeBiPOSU9R+LO/ENCLYwG6r9AJw=
Subject key identifier:   09:88:8F:BE:B5:E2:0C:0E:56:3F:D6:87:B6:52:47:4A:4B:91:29:2D
Certificate issuer:       /CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
Certificate serial:       018CCA2A1FF8A2838AA62F0B54182458F0ED
Authority key identifier: 64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/CYiPvrXiDA5WP9aHtlJHSkuRKS0.roa
Signing time:             Tue 02 Jan 2024 12:33:27 +0000
ROA not before:           Tue 02 Jan 2024 12:33:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209920
IP address blocks:        185.244.17.0/24 maxlen: 24
                          185.244.16.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:1f:f8:a2:83:8a:a6:2f:0b:54:18:24:58:f0:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644cdbae84b26a8484b10c00ebfdfbcb4990c157
        Validity
            Not Before: Jan  2 12:33:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09888fbeb5e20c0e563fd687b652474a4b91292d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:65:6b:e5:60:f0:a9:66:41:bc:dd:01:2b:3e:
                    bf:4d:99:60:c1:a2:ba:00:83:24:61:20:fb:bf:a6:
                    06:0c:72:ff:8a:53:8a:b7:c3:7f:62:30:20:aa:a9:
                    28:eb:d6:09:bc:67:85:9b:b9:da:0c:db:46:6f:07:
                    7e:0c:51:95:73:e1:a6:34:f0:99:1b:57:c6:cb:f7:
                    6a:03:d9:7c:c0:cc:04:e4:31:fa:4a:80:c6:e7:d1:
                    82:4a:c4:23:b7:7b:62:a8:a6:57:94:dc:57:26:c6:
                    39:2f:53:0c:01:94:07:2f:1b:06:c4:b9:9a:60:84:
                    74:8a:92:cc:7e:63:03:67:c6:c3:8a:ee:6e:31:bd:
                    23:d5:9e:b9:0d:e9:b6:4d:be:e0:32:de:8f:4e:2b:
                    20:bc:92:de:ad:0c:37:e7:0e:c0:39:c4:37:dc:39:
                    c2:67:d9:55:08:20:df:a6:98:62:89:77:a0:47:1e:
                    8b:41:0a:44:f7:10:65:85:eb:ca:1e:45:30:f5:43:
                    5c:2e:48:e2:ea:3e:28:60:4b:46:26:bd:4d:5c:92:
                    87:a5:01:f1:4f:57:b7:03:02:94:3a:cc:42:d9:99:
                    ca:a7:93:4f:5e:4c:41:f8:0b:6b:26:b4:fc:91:70:
                    e3:1b:d4:45:16:c7:68:0a:fa:60:75:71:e5:d1:d5:
                    c4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:88:8F:BE:B5:E2:0C:0E:56:3F:D6:87:B6:52:47:4A:4B:91:29:2D
            X509v3 Authority Key Identifier:
                keyid:64:4C:DB:AE:84:B2:6A:84:84:B1:0C:00:EB:FD:FB:CB:49:90:C1:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZEzbroSyaoSEsQwA6_37y0mQwVc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/CYiPvrXiDA5WP9aHtlJHSkuRKS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/d73ac9-3d65-4e2d-8bbf-e034f65e7f60/1/ZEzbroSyaoSEsQwA6_37y0mQwVc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.244.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:18:c7:09:95:ac:42:ed:99:ce:bf:e8:f8:89:4c:a0:a0:92:
         5b:5d:ae:f4:fb:b1:4a:88:2b:2b:6b:70:fb:01:31:4b:05:c0:
         02:a9:36:b9:71:8e:eb:ca:f0:0a:9a:e2:f0:13:ab:04:61:2d:
         f5:ce:f8:93:de:42:9b:17:b7:bf:c3:98:58:2f:b6:b2:5f:e1:
         fe:2e:c3:a7:1a:8c:b6:c5:31:28:4e:c9:90:47:16:62:4e:2b:
         52:06:7c:de:b8:e9:78:f2:0d:c8:7b:26:90:bc:4f:88:d6:1a:
         56:e3:5e:5e:fe:6b:f7:38:9c:85:f8:78:90:93:65:c2:0d:22:
         19:ab:ee:bc:6e:2d:64:a2:a7:01:6d:82:64:bc:61:72:8f:98:
         9d:d4:ef:d1:1d:e4:9d:cd:65:4f:0b:08:3e:d8:81:28:bd:82:
         bd:36:f6:2b:2d:6e:df:71:9b:b1:93:b6:c3:69:f0:ef:41:51:
         2f:a6:c2:f8:6a:be:72:16:8f:d7:d7:e1:d8:35:b3:d1:6d:f8:
         84:1d:b7:ca:fe:6d:2f:77:bb:bf:3c:84:98:e5:78:1c:92:19:
         88:1a:90:ca:2f:11:6f:1e:0e:70:bc:cb:0f:b0:98:72:34:f0:
         48:62:bb:5f:4b:d8:27:67:5a:3b:14:d8:87:58:71:3c:45:41:
         63:db:8e:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKh/4ooOKpi8LVBgkWPDtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGNkYmFlODRiMjZhODQ4NGIxMGMwMGViZmRmYmNiNDk5
MGMxNTcwHhcNMjQwMTAyMTIzMzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTg4OGZiZWI1ZTIwYzBlNTYzZmQ2ODdiNjUyNDc0YTRiOTEyOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomVr5WDwqWZBvN0BKz6/TZlgwaK6
AIMkYSD7v6YGDHL/ilOKt8N/YjAgqqko69YJvGeFm7naDNtGbwd+DFGVc+GmNPCZ
G1fGy/dqA9l8wMwE5DH6SoDG59GCSsQjt3tiqKZXlNxXJsY5L1MMAZQHLxsGxLma
YIR0ipLMfmMDZ8bDiu5uMb0j1Z65Dem2Tb7gMt6PTisgvJLerQw35w7AOcQ33DnC
Z9lVCCDfpphiiXegRx6LQQpE9xBlhevKHkUw9UNcLkji6j4oYEtGJr1NXJKHpQHx
T1e3AwKUOsxC2ZnKp5NPXkxB+AtrJrT8kXDjG9RFFsdoCvpgdXHl0dXEFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAmIj7614gwOVj/Wh7ZSR0pLkSktMB8GA1UdIwQY
MBaAFGRM266EsmqEhLEMAOv9+8tJkMFXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYt
ZTAzNGY2NWU3ZjYwLzEvQ1lpUHZyWGlEQTVXUDlhSHRsSkhTa3VSS1MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9kNzNhYzktM2Q2NS00ZTJkLThiYmYtZTAzNGY2NWU3ZjYw
LzEvWkV6YnJvU3lhb1NFc1F3QTZfMzd5MG1Rd1ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBufQQMA0G
CSqGSIb3DQEBCwUAA4IBAQBPGMcJlaxC7ZnOv+j4iUygoJJbXa70+7FKiCsra3D7
ATFLBcACqTa5cY7ryvAKmuLwE6sEYS31zviT3kKbF7e/w5hYL7ayX+H+LsOnGoy2
xTEoTsmQRxZiTitSBnzeuOl48g3IeyaQvE+I1hpW415e/mv3OJyF+HiQk2XCDSIZ
q+68bi1koqcBbYJkvGFyj5id1O/RHeSdzWVPCwg+2IEovYK9NvYrLW7fcZuxk7bD
afDvQVEvpsL4ar5yFo/X1+HYNbPRbfiEHbfK/m0vd7u/PISY5XgckhmIGpDKLxFv
Hg5wvMsPsJhyNPBIYrtfS9gnZ1o7FNiHWHE8RUFj244U
-----END CERTIFICATE-----