Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/eec030dlACi48vqB9H4-xfb12S0.roa
File:                     eec030dlACi48vqB9H4-xfb12S0.roa (raw, json)
Hash identifier:          CU5TvrLHWMIhcuAdVXr085YU0xbls5HXvUSf+489I7M=
Subject key identifier:   79:E7:34:DF:47:65:00:28:B8:F2:FA:81:F4:7E:3E:C5:F6:F5:D9:2D
Certificate issuer:       /CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
Certificate serial:       018CC4934A8457459AD54EC1C92401F8B006
Authority key identifier: 4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/eec030dlACi48vqB9H4-xfb12S0.roa
Signing time:             Mon 01 Jan 2024 10:30:36 +0000
ROA not before:           Mon 01 Jan 2024 10:30:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.180.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4a:84:57:45:9a:d5:4e:c1:c9:24:01:f8:b0:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4acfac8645a3c6f10042dc4a74d700d9d06af17a
        Validity
            Not Before: Jan  1 10:30:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79e734df47650028b8f2fa81f47e3ec5f6f5d92d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:48:a7:9d:1c:0c:e4:85:88:ed:ab:9b:dd:27:
                    9a:de:09:6b:cf:d2:a7:58:4f:07:49:15:77:b8:d4:
                    1f:b7:d7:7b:05:b5:69:47:4b:5f:b7:7d:a5:56:66:
                    ea:6e:bb:00:ed:5b:79:2d:f0:ce:55:8d:18:23:20:
                    47:2f:0d:cf:47:ae:d4:aa:40:2d:74:c3:42:f3:d3:
                    7c:71:e8:6c:b8:61:4b:4d:56:a6:b5:10:56:b7:82:
                    c5:7d:2c:ab:22:af:1e:6d:51:d1:32:4c:98:35:4a:
                    0f:29:d0:8b:b9:43:04:39:8e:0a:41:d8:fe:13:f7:
                    e6:18:63:0d:22:3c:72:e3:25:74:50:74:91:04:62:
                    ec:54:5c:96:4d:db:91:9e:18:23:69:8b:fc:42:35:
                    35:ee:86:48:97:04:f4:f0:0f:06:fa:3f:bb:3a:6e:
                    b4:49:f5:de:f7:e3:c4:c4:95:73:02:42:46:60:53:
                    89:30:18:6e:67:f7:98:a2:ff:b7:e3:09:45:45:11:
                    94:ee:3b:6d:fe:bf:08:65:be:74:4c:b1:fc:49:85:
                    27:de:70:63:6d:d1:d0:86:fa:98:3d:8e:94:5d:3c:
                    e4:89:5c:c0:5a:5e:98:45:bb:39:9c:f8:d6:d0:f6:
                    28:0f:18:81:55:cf:d6:97:e6:1d:fd:0f:94:88:13:
                    96:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:E7:34:DF:47:65:00:28:B8:F2:FA:81:F4:7E:3E:C5:F6:F5:D9:2D
            X509v3 Authority Key Identifier:
                keyid:4A:CF:AC:86:45:A3:C6:F1:00:42:DC:4A:74:D7:00:D9:D0:6A:F1:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/eec030dlACi48vqB9H4-xfb12S0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/2c17cb-4742-44cf-891f-7bf8277d8a2f/1/Ss-shkWjxvEAQtxKdNcA2dBq8Xo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:13:e1:f4:92:d5:56:6e:9e:39:3c:75:c6:5b:db:c5:37:d2:
         cd:18:87:2c:1e:78:63:06:91:2f:84:38:19:dc:e8:97:57:9b:
         f2:06:28:7b:a0:db:58:3a:76:5e:f5:72:5b:c1:02:f4:6d:5b:
         a3:4c:2b:f3:b6:30:71:ab:d1:5f:10:98:ed:6f:3c:1e:fa:e6:
         d6:f4:b7:35:d5:3e:4a:92:f2:33:16:91:07:c7:0a:e5:a3:6e:
         54:95:fd:6a:d1:ab:8b:ae:5d:4a:1e:75:cf:f8:19:b0:8f:61:
         61:b9:2c:67:85:0b:67:59:0e:3f:a0:b8:27:a2:7d:8c:95:ac:
         e0:7d:89:e9:94:61:2f:65:d8:de:4c:22:12:00:0d:90:c0:f2:
         bf:b0:f3:a6:c5:ed:a5:a2:58:3d:3a:9d:17:2d:9a:2b:48:0a:
         d2:03:28:68:b8:c7:55:41:2e:ce:7b:24:9f:e0:54:1a:b0:a3:
         2f:ff:38:c4:11:f0:b7:a9:41:68:d6:b6:dc:1a:e7:df:31:80:
         89:30:90:52:99:ab:f8:08:75:3a:a8:5c:c4:76:df:8a:00:d2:
         fe:54:58:93:bb:9b:40:60:24:9d:e2:ac:d5:a7:4a:1f:c9:ec:
         a2:1b:9a:4a:23:79:62:b6:7d:61:4f:3e:a5:64:93:5b:5d:71:
         ca:ac:3d:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk0qEV0Wa1U7BySQB+LAGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhY2ZhYzg2NDVhM2M2ZjEwMDQyZGM0YTc0ZDcwMGQ5ZDA2
YWYxN2EwHhcNMjQwMTAxMTAzMDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWU3MzRkZjQ3NjUwMDI4YjhmMmZhODFmNDdlM2VjNWY2ZjVkOTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0innRwM5IWI7aub3Sea3glrz9Kn
WE8HSRV3uNQft9d7BbVpR0tft32lVmbqbrsA7Vt5LfDOVY0YIyBHLw3PR67UqkAt
dMNC89N8cehsuGFLTVamtRBWt4LFfSyrIq8ebVHRMkyYNUoPKdCLuUMEOY4KQdj+
E/fmGGMNIjxy4yV0UHSRBGLsVFyWTduRnhgjaYv8QjU17oZIlwT08A8G+j+7Om60
SfXe9+PExJVzAkJGYFOJMBhuZ/eYov+34wlFRRGU7jtt/r8IZb50TLH8SYUn3nBj
bdHQhvqYPY6UXTzkiVzAWl6YRbs5nPjW0PYoDxiBVc/Wl+Yd/Q+UiBOWPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHnnNN9HZQAouPL6gfR+PsX29dktMB8GA1UdIwQY
MBaAFErPrIZFo8bxAELcSnTXANnQavF6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYt
N2JmODI3N2Q4YTJmLzEvZWVjMDMwZGxBQ2k0OHZxQjlINC14ZmIxMlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi8yYzE3Y2ItNDc0Mi00NGNmLTg5MWYtN2JmODI3N2Q4YTJm
LzEvU3Mtc2hrV2p4dkVBUXR4S2ROY0EyZEJxOFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubSOMA0G
CSqGSIb3DQEBCwUAA4IBAQBHE+H0ktVWbp45PHXGW9vFN9LNGIcsHnhjBpEvhDgZ
3OiXV5vyBih7oNtYOnZe9XJbwQL0bVujTCvztjBxq9FfEJjtbzwe+ubW9Lc11T5K
kvIzFpEHxwrlo25Ulf1q0auLrl1KHnXP+Bmwj2FhuSxnhQtnWQ4/oLgnon2Mlazg
fYnplGEvZdjeTCISAA2QwPK/sPOmxe2lolg9Op0XLZorSArSAyhouMdVQS7OeySf
4FQasKMv/zjEEfC3qUFo1rbcGuffMYCJMJBSmav4CHU6qFzEdt+KANL+VFiTu5tA
YCSd4qzVp0ofyeyiG5pKI3litn1hTz6lZJNbXXHKrD2T
-----END CERTIFICATE-----