Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1-EH3zz14aNQaNvLk-kA5ObugP0M.roa
File:                     1-EH3zz14aNQaNvLk-kA5ObugP0M.roa (raw, json)
Hash identifier:          AInhS8QzIu5+kTFM1AzSru0PxsCBAqGzcKM2yjycOYo=
Subject key identifier:   F8:41:F7:CF:3D:78:68:D4:1A:36:F2:E4:FA:40:39:39:BB:A0:3F:43
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       01942825A8EE8AB532D88A61275EA81CF602
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1-EH3zz14aNQaNvLk-kA5ObugP0M.roa
Signing time:             Thu 02 Jan 2025 17:52:24 +0000
ROA not before:           Thu 02 Jan 2025 17:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        80.83.80.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 12:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:a8:ee:8a:b5:32:d8:8a:61:27:5e:a8:1c:f6:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 17:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f841f7cf3d7868d41a36f2e4fa403939bba03f43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:40:82:5d:71:5f:8f:58:71:28:64:d3:ed:79:
                    0f:74:f5:44:d7:3d:ff:8d:4a:35:3b:c1:ee:f3:e7:
                    b7:5b:3b:62:86:d1:b3:43:ad:6f:85:0c:f0:3c:c2:
                    b7:31:17:59:10:03:cb:13:68:6b:91:55:91:4d:e6:
                    26:17:4f:fa:98:c7:f4:34:5e:08:52:12:87:84:28:
                    5b:50:77:4e:be:c1:d3:07:fc:b2:c9:cc:d4:f4:47:
                    87:52:01:cf:75:f6:23:d0:1f:22:06:c0:f4:99:8d:
                    4d:67:22:2e:b0:f5:62:f0:e4:08:b5:69:2a:aa:ee:
                    60:de:06:d0:23:55:85:70:86:9c:f4:19:46:0b:e0:
                    85:1a:76:70:43:60:19:b1:ce:ac:1c:64:3d:b3:44:
                    57:cf:3c:bb:8b:f7:69:78:d4:2f:a6:26:e2:4a:87:
                    2c:f4:87:8f:3a:90:6a:af:90:a6:d2:54:2e:8d:42:
                    7c:53:e5:9b:73:92:e8:be:e5:8d:f9:c8:bf:1b:31:
                    8b:8f:f6:6b:b9:3f:84:34:96:b1:54:ad:79:f7:be:
                    d0:09:0d:67:ae:d1:fa:1f:42:e7:dc:d4:25:cb:76:
                    91:ba:da:36:5f:1e:e9:c8:6a:7c:13:17:b9:c7:ec:
                    6b:b9:3a:b0:ad:a2:b6:94:45:b4:d9:f6:b6:14:ae:
                    72:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:41:F7:CF:3D:78:68:D4:1A:36:F2:E4:FA:40:39:39:BB:A0:3F:43
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1-EH3zz14aNQaNvLk-kA5ObugP0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.83.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         41:18:0d:fd:2b:4c:65:a0:05:96:ae:98:2f:41:bb:dd:23:ca:
         fe:ab:6c:9d:95:18:26:a7:f7:ec:9b:a1:df:13:a3:33:eb:cb:
         fa:37:01:29:aa:9f:a9:3d:21:96:be:c3:be:27:b5:1d:a2:4b:
         cc:ec:d9:97:cd:43:64:2b:d1:65:ca:df:93:e5:12:f7:c2:3d:
         02:21:13:be:68:08:87:5a:48:d6:67:0c:05:24:a0:83:48:ac:
         f9:d8:cc:b4:0a:80:04:1e:56:7d:07:2b:37:e2:e1:a2:51:d3:
         5b:cf:43:c4:85:96:84:81:96:fb:e4:05:70:73:a6:56:0d:6b:
         9d:ff:18:6d:e6:7d:d8:a5:47:48:f0:56:ec:af:74:af:fd:40:
         c3:0a:b2:3c:18:76:04:31:d3:cd:40:41:df:fc:36:07:4e:51:
         b5:9f:b1:29:de:74:b8:41:55:fb:b8:50:28:73:36:f0:dc:c8:
         c7:a0:65:1c:65:ff:6b:3e:31:38:b6:59:ab:b2:6b:c3:3c:cd:
         58:9e:14:c8:d3:bd:79:d1:f2:74:c8:8a:3c:5f:52:6d:7c:d4:
         39:f1:ef:21:65:ca:6d:b0:ab:5a:d6:8a:ef:39:1f:b5:d8:b0:
         be:72:91:44:7f:da:01:6c:d1:be:3d:55:7b:c1:a5:31:6c:28:
         20:19:72:b6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQoJajuirUy2IphJ16oHPYCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMTAyMTc1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODQxZjdjZjNkNzg2OGQ0MWEzNmYyZTRmYTQwMzkzOWJiYTAzZjQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsUCCXXFfj1hxKGTT7XkPdPVE1z3/
jUo1O8Hu8+e3WztihtGzQ61vhQzwPMK3MRdZEAPLE2hrkVWRTeYmF0/6mMf0NF4I
UhKHhChbUHdOvsHTB/yyyczU9EeHUgHPdfYj0B8iBsD0mY1NZyIusPVi8OQItWkq
qu5g3gbQI1WFcIac9BlGC+CFGnZwQ2AZsc6sHGQ9s0RXzzy7i/dpeNQvpibiSocs
9IePOpBqr5Cm0lQujUJ8U+Wbc5LovuWN+ci/GzGLj/ZruT+ENJaxVK15977QCQ1n
rtH6H0Ln3NQly3aRuto2Xx7pyGp8Exe5x+xruTqwraK2lEW02fa2FK5yxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPhB9889eGjUGjby5PpAOTm7oD9DMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvMS1FSDN6ejE0YU5RYU52TGsta0E1T2J1Z1AwTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvOGIvM2Q1NjljLTE5MDctNGQyYy1hY2VkLTMzMjQ3YzhlMWMx
Zi8xL3pzV3Y1Mm01UTBiaHpUWXV1Ri1IV3lPeGNuYy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEA1BTUDAN
BgkqhkiG9w0BAQsFAAOCAQEAQRgN/StMZaAFlq6YL0G73SPK/qtsnZUYJqf37Juh
3xOjM+vL+jcBKaqfqT0hlr7Dvie1HaJLzOzZl81DZCvRZcrfk+US98I9AiETvmgI
h1pI1mcMBSSgg0is+djMtAqABB5WfQcrN+LholHTW89DxIWWhIGW++QFcHOmVg1r
nf8YbeZ92KVHSPBW7K90r/1AwwqyPBh2BDHTzUBB3/w2B05RtZ+xKd50uEFV+7hQ
KHM28NzIx6BlHGX/az4xOLZZq7JrwzzNWJ4UyNO9edHydMiKPF9SbXzUOfHvIWXK
bbCrWtaK7zkftdiwvnKRRH/aAWzRvj1Ve8GlMWwoIBlytg==
-----END CERTIFICATE-----