Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/6SjcBlpYYqKzh4UxlmVPENHZySs.roa
File:                     6SjcBlpYYqKzh4UxlmVPENHZySs.roa (raw, json)
Hash identifier:          K/x+89ke9yxbT8AYAb4vAEKeOrp+acmX6M9xo4ET0is=
Subject key identifier:   E9:28:DC:06:5A:58:62:A2:B3:87:85:31:96:65:4F:10:D1:D9:C9:2B
Certificate issuer:       /CN=cff374657f57078f3ca2c71109d35927c2248681
Certificate serial:       018CC9BCD235C26A207BBBB60A8120BA791C
Authority key identifier: CF:F3:74:65:7F:57:07:8F:3C:A2:C7:11:09:D3:59:27:C2:24:86:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/6SjcBlpYYqKzh4UxlmVPENHZySs.roa
Signing time:             Tue 02 Jan 2024 10:34:04 +0000
ROA not before:           Tue 02 Jan 2024 10:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57422
IP address blocks:        176.100.4.0/23 maxlen: 23
                          176.100.0.0/23 maxlen: 23
                          176.100.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/z_N0ZX9XB488oscRCdNZJ8IkhoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/z_N0ZX9XB488oscRCdNZJ8IkhoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 14:49:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d2:35:c2:6a:20:7b:bb:b6:0a:81:20:ba:79:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cff374657f57078f3ca2c71109d35927c2248681
        Validity
            Not Before: Jan  2 10:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e928dc065a5862a2b387853196654f10d1d9c92b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9f:80:f6:a3:5f:f9:85:f0:58:b3:33:58:1d:
                    bc:2d:8e:f4:e5:5a:40:06:f1:aa:8f:f0:35:ff:cb:
                    9a:89:9d:fd:92:f9:7e:e1:ce:54:57:85:c9:94:36:
                    5c:f4:a3:2a:ee:f6:49:09:7a:6a:0a:d2:65:35:b5:
                    ea:9b:cb:3b:9a:30:e6:de:ca:d2:be:ea:d3:2c:93:
                    5f:a1:0f:5e:07:d6:4c:2e:76:a5:d3:09:68:8c:fe:
                    27:08:e6:38:40:ec:7b:2e:8b:e8:7c:96:2f:47:b8:
                    8e:2b:d0:75:7e:8b:72:f2:17:f9:97:11:a9:5d:e5:
                    34:87:87:f4:e1:ce:dc:4e:56:3b:3b:74:ae:33:0c:
                    07:72:13:b4:cf:c0:a9:21:20:85:62:b2:86:0a:47:
                    21:8c:09:24:b0:70:2f:03:f0:f4:77:ff:84:00:e9:
                    ba:e3:73:16:b3:6d:82:cf:d2:b8:1a:f2:4b:c0:14:
                    73:56:25:0d:ce:73:64:c6:7f:3c:ba:d7:09:bd:ac:
                    b7:98:e2:4c:39:1e:a4:9a:2b:d8:8d:38:31:f8:05:
                    1f:46:e2:95:bf:46:d7:c6:1d:53:ca:cf:50:1e:30:
                    5c:3f:b0:b7:3a:4c:09:69:53:36:d1:72:b2:71:56:
                    89:40:07:ec:8a:8c:78:a1:52:da:a6:05:ba:e8:a2:
                    f7:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:28:DC:06:5A:58:62:A2:B3:87:85:31:96:65:4F:10:D1:D9:C9:2B
            X509v3 Authority Key Identifier:
                keyid:CF:F3:74:65:7F:57:07:8F:3C:A2:C7:11:09:D3:59:27:C2:24:86:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z_N0ZX9XB488oscRCdNZJ8IkhoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/6SjcBlpYYqKzh4UxlmVPENHZySs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/cd2146-7fbe-4e5d-93ba-3ea2ebfe8707/1/z_N0ZX9XB488oscRCdNZJ8IkhoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.100.0.0/23
                  176.100.4.0/23
                  176.100.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:4b:99:5b:2e:cc:97:4a:8f:8e:10:d5:84:12:7f:50:43:60:
         56:51:fa:50:d0:b1:aa:0c:76:f3:4a:99:ac:5f:ac:eb:6a:b3:
         6d:b4:d6:cc:5a:95:08:56:b1:a0:a5:d2:9b:e1:86:c3:5c:c1:
         9d:96:e6:a0:f3:c4:20:10:30:67:7d:c2:41:b9:0a:6e:15:2f:
         08:09:1c:b2:ef:fa:6c:8f:4c:9f:60:52:23:9c:01:58:4e:7d:
         e0:27:da:c5:cb:9f:dd:0b:1b:76:11:1c:1f:bb:d8:c8:b2:22:
         ec:19:25:46:d7:ff:71:c6:50:0c:22:90:09:d9:74:80:7b:a0:
         9f:49:e2:82:c2:cb:78:30:e9:d2:4e:04:6a:52:c4:bb:73:9b:
         4f:b9:63:b2:1a:9c:0a:ed:c0:f8:39:1c:5d:db:73:30:43:7e:
         25:b2:2d:30:2d:6b:4a:54:58:70:49:6e:18:6a:c9:1f:04:20:
         87:6c:a4:cd:ed:a8:22:b6:d5:4e:2c:bf:00:4a:af:4e:b0:02:
         91:ea:88:8c:a0:9c:fd:89:ae:d3:b5:c6:81:fd:5a:42:87:b9:
         06:d4:cb:98:58:d4:45:9e:98:ba:aa:4e:24:53:40:f9:91:7a:
         53:5b:58:f7:f4:ea:28:32:1a:84:34:9e:0c:2a:64:5e:f1:90:
         5e:cd:ab:d4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvNI1wmoge7u2CoEgunkcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmZjM3NDY1N2Y1NzA3OGYzY2EyYzcxMTA5ZDM1OTI3YzIy
NDg2ODEwHhcNMjQwMTAyMTAzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTI4ZGMwNjVhNTg2MmEyYjM4Nzg1MzE5NjY1NGYxMGQxZDljOTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAip+A9qNf+YXwWLMzWB28LY705VpA
BvGqj/A1/8uaiZ39kvl+4c5UV4XJlDZc9KMq7vZJCXpqCtJlNbXqm8s7mjDm3srS
vurTLJNfoQ9eB9ZMLnal0wlojP4nCOY4QOx7LovofJYvR7iOK9B1foty8hf5lxGp
XeU0h4f04c7cTlY7O3SuMwwHchO0z8CpISCFYrKGCkchjAkksHAvA/D0d/+EAOm6
43MWs22Cz9K4GvJLwBRzViUNznNkxn88utcJvay3mOJMOR6kmivYjTgx+AUfRuKV
v0bXxh1Tys9QHjBcP7C3OkwJaVM20XKycVaJQAfsiox4oVLapgW66KL3XQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOko3AZaWGKis4eFMZZlTxDR2ckrMB8GA1UdIwQY
MBaAFM/zdGV/VwePPKLHEQnTWSfCJIaBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvel9OMFpYOVhCNDg4b3NjUkNkTlpKOElraG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jZDIxNDYtN2ZiZS00ZTVkLTkzYmEt
M2VhMmViZmU4NzA3LzEvNlNqY0JscFlZcUt6aDRVeGxtVlBFTkhaeVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jZDIxNDYtN2ZiZS00ZTVkLTkzYmEtM2VhMmViZmU4NzA3
LzEvel9OMFpYOVhCNDg4b3NjUkNkTlpKOElraG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBsGQAAwQB
sGQEAwQAsGQHMA0GCSqGSIb3DQEBCwUAA4IBAQA2S5lbLsyXSo+OENWEEn9QQ2BW
UfpQ0LGqDHbzSpmsX6zrarNttNbMWpUIVrGgpdKb4YbDXMGdluag88QgEDBnfcJB
uQpuFS8ICRyy7/psj0yfYFIjnAFYTn3gJ9rFy5/dCxt2ERwfu9jIsiLsGSVG1/9x
xlAMIpAJ2XSAe6CfSeKCwst4MOnSTgRqUsS7c5tPuWOyGpwK7cD4ORxd23MwQ34l
si0wLWtKVFhwSW4YaskfBCCHbKTN7agittVOLL8ASq9OsAKR6oiMoJz9ia7TtcaB
/VpCh7kG1MuYWNRFnpi6qk4kU0D5kXpTW1j39OooMhqENJ4MKmRe8ZBezavU
-----END CERTIFICATE-----