Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/es6VLfm2TIdYuPHBH9ijk3V2lUY.roa
File:                     es6VLfm2TIdYuPHBH9ijk3V2lUY.roa (raw, json)
Hash identifier:          2DgOSyOPsNn7NyqgWF83JIWh6Xi7k8uN59XaH25SGdQ=
Subject key identifier:   7A:CE:95:2D:F9:B6:4C:87:58:B8:F1:C1:1F:D8:A3:93:75:76:95:46
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       018EDDDB185E1C474D313C4460F18DB227E5
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/es6VLfm2TIdYuPHBH9ijk3V2lUY.roa
Signing time:             Sun 14 Apr 2024 18:25:07 +0000
ROA not before:           Sun 14 Apr 2024 18:25:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        85.237.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:dd:db:18:5e:1c:47:4d:31:3c:44:60:f1:8d:b2:27:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Apr 14 18:25:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7ace952df9b64c8758b8f1c11fd8a39375769546
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7c:b2:5e:b8:1b:2f:c5:26:01:dd:57:55:b2:
                    69:e5:55:87:7a:f1:85:e8:92:c5:62:3a:3f:13:e6:
                    85:82:f8:b6:95:a8:34:91:51:02:93:5c:e0:09:19:
                    b0:d1:8e:9d:0d:0e:db:4e:7b:bc:97:9e:2f:c4:1b:
                    ad:e3:62:29:95:4f:ef:d4:eb:42:e6:be:13:d2:eb:
                    dc:f7:9b:a6:06:0f:c4:7a:6a:b1:14:c1:63:97:ac:
                    42:b2:3f:b3:eb:28:7d:db:d6:d0:43:8b:39:28:77:
                    a9:fb:ef:36:d6:22:ac:93:1a:f7:9b:2d:55:7f:c0:
                    ea:c8:99:34:31:58:5f:c5:60:03:36:8d:32:3d:9b:
                    dc:37:8c:db:8f:a7:80:d1:9c:9d:a8:a5:e4:46:76:
                    0f:42:5d:12:c5:d9:c4:0b:23:30:5f:30:00:88:93:
                    55:85:4a:cb:fe:bf:b1:f5:61:c0:04:64:30:28:97:
                    c8:a2:78:f2:67:a4:1e:be:fc:09:53:56:8f:53:3e:
                    2d:38:24:c9:d2:aa:04:52:14:ad:2a:d3:91:47:10:
                    0e:74:0f:73:cf:af:22:49:f7:45:78:e7:30:95:b0:
                    10:f5:9e:47:12:f8:0f:31:1b:4f:1f:44:49:dd:e7:
                    8a:44:17:6b:c0:ee:ca:d9:3a:03:0b:61:20:e4:71:
                    c5:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:CE:95:2D:F9:B6:4C:87:58:B8:F1:C1:1F:D8:A3:93:75:76:95:46
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/es6VLfm2TIdYuPHBH9ijk3V2lUY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:fd:ed:50:4e:b8:26:f7:f3:0f:a5:98:0d:47:d3:12:4f:cc:
         64:f0:91:ae:28:57:16:69:2e:1a:d3:b1:34:18:a4:8f:a1:45:
         b5:35:cd:4f:e6:d0:7d:73:92:f4:a1:99:8c:47:1e:20:29:d6:
         68:d1:42:7c:dc:d9:a9:c3:d3:12:9a:54:90:49:e3:5f:72:bc:
         cb:fa:a8:11:75:33:b7:92:35:38:4c:42:4e:65:3a:55:83:88:
         fa:b0:9c:5d:42:90:fb:79:28:47:41:3b:2d:f8:57:ea:0c:4b:
         a6:c1:82:91:7f:e0:fc:c1:94:9a:49:05:58:a6:22:15:d2:41:
         c4:ad:f3:54:71:1f:fb:bb:d2:a3:e3:80:d8:b1:1b:24:9a:27:
         ac:71:e6:0f:d0:5b:fb:66:b9:0e:a9:92:39:4b:e7:14:6d:e2:
         83:34:01:35:bd:3c:5e:42:4e:ee:3b:cf:bb:c2:0e:15:ee:c9:
         be:31:40:48:1e:f9:4d:54:9f:ee:1a:87:dd:35:53:c9:bd:33:
         c7:aa:89:dc:35:87:91:4d:bf:1c:d3:d5:57:91:f1:1e:c8:e8:
         6d:9c:42:d3:ed:fb:73:f4:ec:d1:f8:f4:16:28:90:ce:f4:8b:
         a1:35:8b:3b:63:17:77:3a:ef:fd:8e:bc:ff:74:57:f6:c2:21:
         38:7f:eb:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7d2xheHEdNMTxEYPGNsiflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjQwNDE0MTgyNTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWNlOTUyZGY5YjY0Yzg3NThiOGYxYzExZmQ4YTM5Mzc1NzY5NTQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3yyXrgbL8UmAd1XVbJp5VWHevGF
6JLFYjo/E+aFgvi2lag0kVECk1zgCRmw0Y6dDQ7bTnu8l54vxBut42IplU/v1OtC
5r4T0uvc95umBg/EemqxFMFjl6xCsj+z6yh929bQQ4s5KHep++821iKskxr3my1V
f8DqyJk0MVhfxWADNo0yPZvcN4zbj6eA0ZydqKXkRnYPQl0SxdnECyMwXzAAiJNV
hUrL/r+x9WHABGQwKJfIonjyZ6QevvwJU1aPUz4tOCTJ0qoEUhStKtORRxAOdA9z
z68iSfdFeOcwlbAQ9Z5HEvgPMRtPH0RJ3eeKRBdrwO7K2ToDC2Eg5HHFiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrOlS35tkyHWLjxwR/Yo5N1dpVGMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvZXM2VkxmbTJUSWRZdVBIQkg5aWprM1YybFVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe1QMA0G
CSqGSIb3DQEBCwUAA4IBAQBs/e1QTrgm9/MPpZgNR9MST8xk8JGuKFcWaS4a07E0
GKSPoUW1Nc1P5tB9c5L0oZmMRx4gKdZo0UJ83Nmpw9MSmlSQSeNfcrzL+qgRdTO3
kjU4TEJOZTpVg4j6sJxdQpD7eShHQTst+FfqDEumwYKRf+D8wZSaSQVYpiIV0kHE
rfNUcR/7u9Kj44DYsRskmiesceYP0Fv7ZrkOqZI5S+cUbeKDNAE1vTxeQk7uO8+7
wg4V7sm+MUBIHvlNVJ/uGofdNVPJvTPHqoncNYeRTb8c09VXkfEeyOhtnELT7ftz
9OzR+PQWKJDO9IuhNYs7Yxd3Ou/9jrz/dFf2wiE4f+sD
-----END CERTIFICATE-----