Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/ecb5d4-b448-42e4-b4a3-9b65890e2eae/1/eLIOoLbIZ5VEorwVRLIXBP2jzmI.roa
File:                     eLIOoLbIZ5VEorwVRLIXBP2jzmI.roa (raw, json)
Hash identifier:          9vtoVwukWX7avTy9sievX08C/LpWY+eq9UabJZJzjRA=
Subject key identifier:   78:B2:0E:A0:B6:C8:67:95:44:A2:BC:15:44:B2:17:04:FD:A3:CE:62
Certificate issuer:       /CN=e2e1ef8511b7562bf3dc3c0b04093b337bce0391
Certificate serial:       018CC26D4DF7CCF4A54F879347D99EAC6E8C
Authority key identifier: E2:E1:EF:85:11:B7:56:2B:F3:DC:3C:0B:04:09:3B:33:7B:CE:03:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4uHvhRG3Vivz3DwLBAk7M3vOA5E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/ecb5d4-b448-42e4-b4a3-9b65890e2eae/1/eLIOoLbIZ5VEorwVRLIXBP2jzmI.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        185.209.80.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/ecb5d4-b448-42e4-b4a3-9b65890e2eae/1/4uHvhRG3Vivz3DwLBAk7M3vOA5E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/ecb5d4-b448-42e4-b4a3-9b65890e2eae/1/4uHvhRG3Vivz3DwLBAk7M3vOA5E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4uHvhRG3Vivz3DwLBAk7M3vOA5E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4d:f7:cc:f4:a5:4f:87:93:47:d9:9e:ac:6e:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2e1ef8511b7562bf3dc3c0b04093b337bce0391
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78b20ea0b6c8679544a2bc1544b21704fda3ce62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2e:88:ea:70:b9:b3:62:d8:4f:89:ca:44:df:
                    aa:75:45:66:40:62:53:74:32:94:67:bf:32:09:ab:
                    99:4b:a6:7e:6c:e9:1a:37:f7:d8:da:e1:f4:23:28:
                    9b:98:da:fa:10:82:7c:da:66:6a:4e:ee:5c:52:90:
                    88:d0:a5:cc:8f:d7:be:9d:fc:19:bc:94:60:cc:12:
                    cd:cb:b4:15:27:87:1c:6e:82:19:90:a0:c3:d7:82:
                    51:2d:d1:d6:80:cf:ef:97:e0:b2:ee:53:ba:81:2a:
                    6e:0f:42:52:85:ea:c7:5e:de:df:ff:5a:d7:19:4d:
                    0a:d0:3a:8b:56:50:2c:fa:c1:8a:31:bb:f2:85:a6:
                    76:1f:32:38:ba:5b:5a:b6:bb:c6:c9:52:49:58:6c:
                    47:ad:63:70:f5:d9:ab:a1:6c:6d:77:2a:f5:06:5c:
                    0b:fd:42:16:7f:69:f4:41:99:cd:81:e1:1d:ee:79:
                    ef:44:41:52:7c:d4:7a:c2:b3:32:a5:72:91:1c:98:
                    2e:01:6c:03:66:5c:b4:30:bf:c4:84:c2:f8:45:a2:
                    9e:d6:67:2b:1c:57:60:f6:9e:26:8c:11:ae:0e:92:
                    43:cd:a9:1c:8f:2d:9a:b3:68:5b:de:7d:c5:e7:65:
                    88:17:6b:b7:75:03:6a:ed:f2:92:f2:fb:7e:61:d9:
                    8c:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B2:0E:A0:B6:C8:67:95:44:A2:BC:15:44:B2:17:04:FD:A3:CE:62
            X509v3 Authority Key Identifier:
                keyid:E2:E1:EF:85:11:B7:56:2B:F3:DC:3C:0B:04:09:3B:33:7B:CE:03:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4uHvhRG3Vivz3DwLBAk7M3vOA5E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecb5d4-b448-42e4-b4a3-9b65890e2eae/1/eLIOoLbIZ5VEorwVRLIXBP2jzmI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/ecb5d4-b448-42e4-b4a3-9b65890e2eae/1/4uHvhRG3Vivz3DwLBAk7M3vOA5E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.209.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:56:f5:df:71:de:98:de:dd:91:c5:8b:c4:21:fa:2e:9f:fc:
         99:9b:09:96:25:b4:c6:d4:89:cf:e1:47:f6:82:6b:7c:77:f2:
         04:14:57:02:7a:e2:df:43:2e:47:0c:74:4c:9d:5b:39:a4:1a:
         d5:9a:55:27:21:b0:da:a1:2c:f4:36:96:6a:16:43:11:64:73:
         15:55:fc:1a:8e:bf:4d:28:7a:92:ba:79:a2:03:3a:48:9c:a9:
         3d:d1:8a:6f:6c:62:47:8b:c9:a8:1f:d8:9c:a6:bd:84:30:16:
         0c:07:32:80:bb:7f:d5:77:a4:a3:7a:64:85:51:e4:a1:64:ad:
         d4:b2:b0:5f:e5:95:5f:01:79:87:0d:9f:d4:76:5f:91:72:bb:
         f1:69:58:ee:53:f0:50:dd:98:ff:10:90:66:74:0f:68:f7:53:
         4e:54:ed:b9:1e:7a:f3:13:1b:ed:bb:93:e5:24:9c:32:71:56:
         1e:df:b5:6a:96:d6:6b:79:33:91:1b:1b:da:9d:b2:bb:9a:5e:
         71:b7:25:f0:0f:73:2d:01:fc:99:9a:41:21:9b:bb:9a:d8:b4:
         9d:0b:4d:2e:65:d5:96:9e:ed:d4:f4:13:28:16:56:67:3d:8e:
         d8:f6:e6:af:f0:1e:9d:cd:fe:50:77:36:1c:79:a5:a1:97:d0:
         86:40:8b:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU33zPSlT4eTR9merG6MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZTFlZjg1MTFiNzU2MmJmM2RjM2MwYjA0MDkzYjMzN2Jj
ZTAzOTEwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGIyMGVhMGI2Yzg2Nzk1NDRhMmJjMTU0NGIyMTcwNGZkYTNjZTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgS6I6nC5s2LYT4nKRN+qdUVmQGJT
dDKUZ78yCauZS6Z+bOkaN/fY2uH0IyibmNr6EIJ82mZqTu5cUpCI0KXMj9e+nfwZ
vJRgzBLNy7QVJ4ccboIZkKDD14JRLdHWgM/vl+Cy7lO6gSpuD0JSherHXt7f/1rX
GU0K0DqLVlAs+sGKMbvyhaZ2HzI4ultatrvGyVJJWGxHrWNw9dmroWxtdyr1BlwL
/UIWf2n0QZnNgeEd7nnvREFSfNR6wrMypXKRHJguAWwDZly0ML/EhML4RaKe1mcr
HFdg9p4mjBGuDpJDzakcjy2as2hb3n3F52WIF2u3dQNq7fKS8vt+YdmMXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiyDqC2yGeVRKK8FUSyFwT9o85iMB8GA1UdIwQY
MBaAFOLh74URt1Yr89w8CwQJOzN7zgORMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHVIdmhSRzNWaXZ6M0R3TEJBazdNM3ZPQTVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9lY2I1ZDQtYjQ0OC00MmU0LWI0YTMt
OWI2NTg5MGUyZWFlLzEvZUxJT29MYklaNVZFb3J3VlJMSVhCUDJqem1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9lY2I1ZDQtYjQ0OC00MmU0LWI0YTMtOWI2NTg5MGUyZWFl
LzEvNHVIdmhSRzNWaXZ6M0R3TEJBazdNM3ZPQTVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudFQMA0G
CSqGSIb3DQEBCwUAA4IBAQCWVvXfcd6Y3t2RxYvEIfoun/yZmwmWJbTG1InP4Uf2
gmt8d/IEFFcCeuLfQy5HDHRMnVs5pBrVmlUnIbDaoSz0NpZqFkMRZHMVVfwajr9N
KHqSunmiAzpInKk90YpvbGJHi8moH9icpr2EMBYMBzKAu3/Vd6SjemSFUeShZK3U
srBf5ZVfAXmHDZ/Udl+RcrvxaVjuU/BQ3Zj/EJBmdA9o91NOVO25HnrzExvtu5Pl
JJwycVYe37VqltZreTORGxvanbK7ml5xtyXwD3MtAfyZmkEhm7ua2LSdC00uZdWW
nu3U9BMoFlZnPY7Y9uav8B6dzf5QdzYceaWhl9CGQIso
-----END CERTIFICATE-----