Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/IxgmJijszzL0pVYkFc2u4HLqoA4.roa
File:                     IxgmJijszzL0pVYkFc2u4HLqoA4.roa (raw, json)
Hash identifier:          puZd6d94O/ocxVX671QXVpie/4zq5lpHVCTisZcbsXM=
Subject key identifier:   23:18:26:26:28:EC:CF:32:F4:A5:56:24:15:CD:AE:E0:72:EA:A0:0E
Certificate issuer:       /CN=e909ee3d618974da0cbd805a2da80410a4989881
Certificate serial:       018CC64B549A4BBA3E8120484070A34B0159
Authority key identifier: E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/IxgmJijszzL0pVYkFc2u4HLqoA4.roa
Signing time:             Mon 01 Jan 2024 18:31:14 +0000
ROA not before:           Mon 01 Jan 2024 18:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35334
IP address blocks:        85.31.210.0/24 maxlen: 24
                          85.31.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:54:9a:4b:ba:3e:81:20:48:40:70:a3:4b:01:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e909ee3d618974da0cbd805a2da80410a4989881
        Validity
            Not Before: Jan  1 18:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2318262628eccf32f4a5562415cdaee072eaa00e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:f7:35:c5:c3:73:08:50:ad:43:6c:b1:54:62:
                    12:62:23:d2:9e:e9:d7:5b:9e:f4:c3:be:38:61:a9:
                    fa:4d:16:f4:2d:52:5e:49:70:c1:b1:23:cb:7d:79:
                    a0:bf:10:28:8e:3d:90:26:a7:db:cf:64:8d:32:70:
                    82:12:6b:14:e1:8c:a3:fd:80:4c:96:05:67:4c:f8:
                    ae:ad:e7:00:71:8e:ab:b9:66:0e:64:37:3a:0c:95:
                    e5:5f:91:ca:f6:08:be:c0:fa:e9:b7:8e:dd:78:72:
                    9e:49:32:65:b6:78:79:4c:3a:2d:f1:d8:68:2a:cc:
                    dc:2f:c7:36:2e:c0:1a:52:c4:28:10:7b:42:a0:54:
                    98:9d:b3:4a:18:90:85:9c:02:2a:62:7c:bd:e5:68:
                    94:18:54:6a:62:e5:60:cd:15:d0:31:5f:9b:bc:9e:
                    a8:74:1f:0e:32:06:8d:bb:e6:40:8c:ce:aa:c7:d0:
                    43:1d:b6:26:53:7c:01:58:06:53:5f:9d:27:b7:76:
                    84:fd:92:74:c6:dd:4b:7a:52:fd:ee:b2:76:ae:35:
                    32:d9:ad:87:5a:0f:0e:ef:2b:97:85:5e:d2:ee:b2:
                    71:44:87:a2:ea:49:c2:d4:22:f0:1c:de:bc:14:bb:
                    c4:8b:98:1a:ad:f8:d4:c6:45:1d:f3:15:a4:5c:a9:
                    c1:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:18:26:26:28:EC:CF:32:F4:A5:56:24:15:CD:AE:E0:72:EA:A0:0E
            X509v3 Authority Key Identifier:
                keyid:E9:09:EE:3D:61:89:74:DA:0C:BD:80:5A:2D:A8:04:10:A4:98:98:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6QnuPWGJdNoMvYBaLagEEKSYmIE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/IxgmJijszzL0pVYkFc2u4HLqoA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/2b5f5f-bb96-4b31-8a6a-dd115f9e3301/1/6QnuPWGJdNoMvYBaLagEEKSYmIE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.31.210.0/24
                  85.31.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:3a:e1:84:2e:f6:06:14:05:f4:f5:e2:fe:9c:94:51:e0:ce:
         d5:4a:c9:d2:07:6d:eb:55:ce:76:c3:e8:23:72:62:57:4a:27:
         da:d4:9c:ae:1d:48:21:42:f1:91:cc:c0:53:da:c3:14:a2:2c:
         6e:e9:ba:fe:82:01:99:71:9d:ad:2e:e5:ab:46:2c:ba:ed:1d:
         e6:f9:07:7d:ae:5d:33:67:51:fd:89:2b:01:2f:d3:25:02:00:
         fd:c9:cd:39:02:c5:06:54:90:b4:ef:c2:ba:0b:d4:91:a3:a4:
         d5:43:cb:a9:b7:c0:39:22:ca:fe:a9:0b:4e:f9:05:43:08:38:
         57:1c:28:46:a6:ab:1c:85:71:d4:d5:a1:e8:e9:f1:d8:01:c0:
         ff:d9:ed:4f:7d:e2:55:00:cf:b0:b6:1a:1f:49:71:44:8a:ac:
         3a:11:5a:49:5e:c0:1a:19:6e:20:9b:32:b0:17:21:e3:9c:c0:
         c3:1a:9b:72:03:9c:61:b9:7b:f0:79:7e:2a:f6:34:e6:23:a3:
         f2:b3:68:2a:c7:ef:ba:04:25:3e:31:67:ad:e4:00:aa:d0:70:
         40:40:a4:9f:67:b2:86:1b:67:e9:ec:9e:25:8f:9b:35:9b:25:
         44:f1:b1:f0:69:69:17:24:a8:80:9d:49:38:5f:9a:03:2b:bf:
         58:58:5d:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS1SaS7o+gSBIQHCjSwFZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5MDllZTNkNjE4OTc0ZGEwY2JkODA1YTJkYTgwNDEwYTQ5
ODk4ODEwHhcNMjQwMTAxMTgzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzE4MjYyNjI4ZWNjZjMyZjRhNTU2MjQxNWNkYWVlMDcyZWFhMDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/c1xcNzCFCtQ2yxVGISYiPSnunX
W570w744Yan6TRb0LVJeSXDBsSPLfXmgvxAojj2QJqfbz2SNMnCCEmsU4Yyj/YBM
lgVnTPiurecAcY6ruWYOZDc6DJXlX5HK9gi+wPrpt47deHKeSTJltnh5TDot8dho
KszcL8c2LsAaUsQoEHtCoFSYnbNKGJCFnAIqYny95WiUGFRqYuVgzRXQMV+bvJ6o
dB8OMgaNu+ZAjM6qx9BDHbYmU3wBWAZTX50nt3aE/ZJ0xt1LelL97rJ2rjUy2a2H
Wg8O7yuXhV7S7rJxRIei6knC1CLwHN68FLvEi5garfjUxkUd8xWkXKnBmwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCMYJiYo7M8y9KVWJBXNruBy6qAOMB8GA1UdIwQY
MBaAFOkJ7j1hiXTaDL2AWi2oBBCkmJiBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEt
ZGQxMTVmOWUzMzAxLzEvSXhnbUppanN6ekwwcFZZa0ZjMnU0SExxb0E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8yYjVmNWYtYmI5Ni00YjMxLThhNmEtZGQxMTVmOWUzMzAx
LzEvNlFudVBXR0pkTm9NdllCYUxhZ0VFS1NZbUlFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVR/SAwQA
VR/eMA0GCSqGSIb3DQEBCwUAA4IBAQAcOuGELvYGFAX09eL+nJRR4M7VSsnSB23r
Vc52w+gjcmJXSifa1JyuHUghQvGRzMBT2sMUoixu6br+ggGZcZ2tLuWrRiy67R3m
+Qd9rl0zZ1H9iSsBL9MlAgD9yc05AsUGVJC078K6C9SRo6TVQ8upt8A5Isr+qQtO
+QVDCDhXHChGpqschXHU1aHo6fHYAcD/2e1PfeJVAM+wthofSXFEiqw6EVpJXsAa
GW4gmzKwFyHjnMDDGptyA5xhuXvweX4q9jTmI6Pys2gqx++6BCU+MWet5ACq0HBA
QKSfZ7KGG2fp7J4lj5s1myVE8bHwaWkXJKiAnUk4X5oDK79YWF1M
-----END CERTIFICATE-----