Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/44BWUn_LoA7x7LR0BNij05qpVUY.roa
File:                     44BWUn_LoA7x7LR0BNij05qpVUY.roa (raw, json)
Hash identifier:          yQRqy7g0u0OaZHsk4abiUf9hUH1pynK9N2fGwUGyVVc=
Subject key identifier:   E3:80:56:52:7F:CB:A0:0E:F1:EC:B4:74:04:D8:A3:D3:9A:A9:55:46
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       0191C8AB6BBCD2F5D956BBCF100CC3B659D7
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/44BWUn_LoA7x7LR0BNij05qpVUY.roa
Signing time:             Fri 06 Sep 2024 18:49:22 +0000
ROA not before:           Fri 06 Sep 2024 18:49:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35278
IP address blocks:        45.142.44.0/24 maxlen: 24
                          80.64.24.0/24 maxlen: 24
                          185.218.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c8:ab:6b:bc:d2:f5:d9:56:bb:cf:10:0c:c3:b6:59:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Sep  6 18:49:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e38056527fcba00ef1ecb47404d8a3d39aa95546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:82:84:e3:68:e1:e5:83:70:fd:5b:8b:89:13:
                    d7:ff:bc:93:f1:79:9d:e3:4b:db:ac:7e:66:02:46:
                    00:35:c3:6c:00:a0:84:22:67:cc:5b:90:33:bc:b7:
                    95:55:e9:97:b0:b3:11:81:5b:9d:b7:00:57:da:ce:
                    90:f9:2d:f2:76:d4:b0:ae:db:80:8c:79:9b:97:e0:
                    6b:a5:a7:d1:38:12:f9:79:0b:92:fb:0f:5d:92:62:
                    68:4f:29:97:9a:7a:1a:df:22:d9:5f:27:ba:fb:fa:
                    fa:48:4c:dc:4d:de:2a:95:a6:f9:28:d8:9b:7c:3c:
                    53:b1:6b:a7:23:13:93:7c:59:f4:84:c4:90:fa:4d:
                    57:60:bb:4b:40:91:77:93:f8:5e:ca:8f:82:c2:03:
                    1e:fd:3d:3f:2a:55:2d:b2:51:fe:02:fd:54:9d:95:
                    b9:e8:85:d2:0e:97:3f:16:89:6f:86:a4:a4:8b:30:
                    a3:dd:72:ba:4e:0d:22:36:95:b6:a0:fb:49:ba:63:
                    d7:cb:e9:1e:62:a8:f7:1b:33:78:ae:3f:e7:c4:58:
                    30:b1:bd:74:4a:4b:b1:c9:a4:b9:7d:0b:0a:4b:1e:
                    61:6a:5b:ef:2f:fe:e6:08:13:1c:93:d0:52:4d:2b:
                    82:96:80:63:0c:c5:7d:a9:31:df:6b:3c:cc:6d:b4:
                    5c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:80:56:52:7F:CB:A0:0E:F1:EC:B4:74:04:D8:A3:D3:9A:A9:55:46
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/44BWUn_LoA7x7LR0BNij05qpVUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.44.0/24
                  80.64.24.0/24
                  185.218.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:8a:4e:f7:90:8c:b5:09:59:44:89:81:5b:8b:48:17:b3:32:
         84:e5:d1:d2:a6:ee:9e:dc:5b:f0:b1:63:45:f6:cf:88:bd:b9:
         bd:ec:c6:58:2d:a1:3c:63:7f:c1:24:90:cb:a3:93:87:02:99:
         4f:74:00:e9:1d:20:b0:8f:88:69:39:ce:e5:f4:22:8a:41:a7:
         89:ca:4c:5d:4d:a3:05:d6:68:5a:47:b2:06:ce:8a:f1:1b:de:
         82:15:02:39:dd:1a:bd:ef:b3:ec:0a:ff:e4:5b:99:f4:d5:3f:
         5d:1c:c0:b6:f5:7b:3a:12:c9:9c:2e:ee:05:f6:31:9a:1e:3e:
         d0:28:c8:a9:71:0e:77:98:e4:6e:90:a2:c8:66:08:ba:0c:43:
         f4:08:fe:19:e5:50:69:5c:f0:e5:ed:86:5b:e0:13:96:90:60:
         f4:9b:7b:af:ca:7e:85:33:18:78:dc:f5:be:20:ae:cc:a4:67:
         5c:4a:58:7a:d3:10:44:e6:ee:b0:a3:f7:2e:44:5f:f2:03:fc:
         73:34:8a:84:ce:a4:0f:99:dc:b3:d3:5e:63:d5:ca:86:9e:ae:
         e4:8f:dc:cf:4f:39:84:d0:fb:fd:cb:02:ed:fe:11:50:a9:75:
         e2:23:54:e9:21:26:60:f4:1e:90:f3:1b:6d:f7:a6:cf:e0:e9:
         75:69:81:3b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZHIq2u80vXZVrvPEAzDtlnXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwOTA2MTg0OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzgwNTY1MjdmY2JhMDBlZjFlY2I0NzQwNGQ4YTNkMzlhYTk1NTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiYKE42jh5YNw/VuLiRPX/7yT8Xmd
40vbrH5mAkYANcNsAKCEImfMW5AzvLeVVemXsLMRgVudtwBX2s6Q+S3ydtSwrtuA
jHmbl+BrpafROBL5eQuS+w9dkmJoTymXmnoa3yLZXye6+/r6SEzcTd4qlab5KNib
fDxTsWunIxOTfFn0hMSQ+k1XYLtLQJF3k/heyo+CwgMe/T0/KlUtslH+Av1UnZW5
6IXSDpc/FolvhqSkizCj3XK6Tg0iNpW2oPtJumPXy+keYqj3GzN4rj/nxFgwsb10
SkuxyaS5fQsKSx5halvvL/7mCBMck9BSTSuCloBjDMV9qTHfazzMbbRczQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOOAVlJ/y6AO8ey0dATYo9OaqVVGMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvNDRCV1VuX0xvQTd4N0xSMEJOaWowNXFwVlVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALY4sAwQA
UEAYAwQAudoAMA0GCSqGSIb3DQEBCwUAA4IBAQBaik73kIy1CVlEiYFbi0gXszKE
5dHSpu6e3FvwsWNF9s+Ivbm97MZYLaE8Y3/BJJDLo5OHAplPdADpHSCwj4hpOc7l
9CKKQaeJykxdTaMF1mhaR7IGzorxG96CFQI53Rq977PsCv/kW5n01T9dHMC29Xs6
EsmcLu4F9jGaHj7QKMipcQ53mORukKLIZgi6DEP0CP4Z5VBpXPDl7YZb4BOWkGD0
m3uvyn6FMxh43PW+IK7MpGdcSlh60xBE5u6wo/cuRF/yA/xzNIqEzqQPmdyz015j
1cqGnq7kj9zPTzmE0Pv9ywLt/hFQqXXiI1TpISZg9B6Q8xtt96bP4Ol1aYE7
-----END CERTIFICATE-----