Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/DQNOpuW7alFuKYD5j_JSqk7IFU4.roa
File:                     DQNOpuW7alFuKYD5j_JSqk7IFU4.roa (raw, json)
Hash identifier:          6C44NWHlW6U81Do2ghWHYPG/47r2oKsBxUUtRI3liYs=
Subject key identifier:   0D:03:4E:A6:E5:BB:6A:51:6E:29:80:F9:8F:F2:52:AA:4E:C8:15:4E
Certificate issuer:       /CN=f62654658f672aacf37133b5c71cf4b11c1869da
Certificate serial:       01964E9ED0B776EDC9409A6381CFCA07DF0C
Authority key identifier: F6:26:54:65:8F:67:2A:AC:F3:71:33:B5:C7:1C:F4:B1:1C:18:69:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9iZUZY9nKqzzcTO1xxz0sRwYado.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/DQNOpuW7alFuKYD5j_JSqk7IFU4.roa
Signing time:             Sat 19 Apr 2025 15:15:52 +0000
ROA not before:           Sat 19 Apr 2025 15:15:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29534
IP address blocks:        195.140.244.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/9iZUZY9nKqzzcTO1xxz0sRwYado.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/9iZUZY9nKqzzcTO1xxz0sRwYado.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9iZUZY9nKqzzcTO1xxz0sRwYado.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:4e:9e:d0:b7:76:ed:c9:40:9a:63:81:cf:ca:07:df:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f62654658f672aacf37133b5c71cf4b11c1869da
        Validity
            Not Before: Apr 19 15:15:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d034ea6e5bb6a516e2980f98ff252aa4ec8154e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:47:3a:9e:50:7a:8f:3a:f1:8d:20:a6:01:42:
                    b0:7a:2a:61:68:70:f1:e1:a1:20:0a:12:7a:8e:61:
                    f7:ac:1d:e5:6b:c5:38:fd:fd:7c:14:0e:51:00:ff:
                    46:5d:0c:97:34:52:ff:0e:bc:04:29:65:c1:fc:55:
                    5b:da:b9:62:53:05:41:b4:01:e9:a7:bf:34:ba:54:
                    42:e9:18:d0:f6:33:ae:3e:f9:49:fd:de:75:cf:45:
                    1f:13:5f:99:99:7d:71:dd:3a:53:ec:9a:52:39:5c:
                    92:d8:b9:7d:05:65:34:d8:76:f6:50:db:d4:72:82:
                    4a:29:bb:82:a4:28:c1:1f:3d:ff:09:3a:5e:40:ea:
                    46:8e:e3:ae:2c:e0:5e:08:93:20:9d:82:50:d8:8b:
                    92:2a:c9:74:60:67:06:59:80:53:a0:b9:bd:a7:84:
                    7f:95:d0:d4:d4:ad:db:33:38:5b:e5:93:f1:ad:79:
                    6e:28:20:8b:8b:50:1f:1c:7f:50:6a:5e:5a:f3:51:
                    40:bf:98:ca:de:9e:da:61:16:12:18:70:5f:d0:fd:
                    77:88:28:a5:17:80:a4:92:72:01:fe:ea:43:ee:60:
                    10:54:0b:8b:90:da:39:73:5e:fd:68:e5:8d:5e:b3:
                    fb:15:91:80:26:c7:b7:66:b4:ca:8d:1e:2b:c9:cc:
                    8d:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:03:4E:A6:E5:BB:6A:51:6E:29:80:F9:8F:F2:52:AA:4E:C8:15:4E
            X509v3 Authority Key Identifier:
                keyid:F6:26:54:65:8F:67:2A:AC:F3:71:33:B5:C7:1C:F4:B1:1C:18:69:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9iZUZY9nKqzzcTO1xxz0sRwYado.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/DQNOpuW7alFuKYD5j_JSqk7IFU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/a68e26-92e5-4f49-adb8-664778845b16/1/9iZUZY9nKqzzcTO1xxz0sRwYado.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.140.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:b6:3c:73:41:c3:da:3e:b4:df:f1:0a:2e:72:77:93:23:2e:
         68:99:cd:72:91:00:8b:64:9d:94:de:68:df:1b:70:b4:72:03:
         6e:5f:ec:b2:d5:80:3d:aa:75:a7:7d:55:f9:72:e4:6a:91:bb:
         2c:f6:45:fb:9c:cb:85:50:ab:f1:fa:23:77:d3:97:09:2f:a6:
         9e:7b:5a:74:8f:58:54:b2:df:cf:17:66:61:03:ee:6c:13:e4:
         1b:68:04:e7:76:dd:3e:12:2e:8e:23:55:de:72:2d:26:b6:5d:
         dc:f0:8a:79:e7:a4:93:b6:df:97:86:dd:0e:2d:64:7a:8d:06:
         67:90:44:b7:42:6f:f8:a8:68:18:0e:83:40:91:18:6f:1f:a4:
         5a:42:b6:98:83:6f:2a:89:d2:26:ca:82:a1:e6:99:ad:b2:e5:
         e4:eb:52:4d:bd:09:33:04:17:51:73:52:e0:81:32:86:6f:72:
         ec:0e:b6:16:77:14:9e:45:bc:12:71:1f:0f:20:aa:e8:8f:6c:
         7e:d0:a3:c4:42:af:9b:d1:e3:68:7c:fc:3e:e3:22:72:8f:f3:
         da:b1:a6:f4:94:14:cd:d9:03:2d:93:80:a5:c8:f0:ba:f0:cf:
         11:fa:a7:ae:2d:52:24:fa:3f:6e:30:ee:28:5b:d7:fa:74:4e:
         be:da:e7:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZOntC3du3JQJpjgc/KB98MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2MjY1NDY1OGY2NzJhYWNmMzcxMzNiNWM3MWNmNGIxMWMx
ODY5ZGEwHhcNMjUwNDE5MTUxNTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDAzNGVhNmU1YmI2YTUxNmUyOTgwZjk4ZmYyNTJhYTRlYzgxNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsEc6nlB6jzrxjSCmAUKweiphaHDx
4aEgChJ6jmH3rB3la8U4/f18FA5RAP9GXQyXNFL/DrwEKWXB/FVb2rliUwVBtAHp
p780ulRC6RjQ9jOuPvlJ/d51z0UfE1+ZmX1x3TpT7JpSOVyS2Ll9BWU02Hb2UNvU
coJKKbuCpCjBHz3/CTpeQOpGjuOuLOBeCJMgnYJQ2IuSKsl0YGcGWYBToLm9p4R/
ldDU1K3bMzhb5ZPxrXluKCCLi1AfHH9Qal5a81FAv5jK3p7aYRYSGHBf0P13iCil
F4CkknIB/upD7mAQVAuLkNo5c179aOWNXrP7FZGAJse3ZrTKjR4rycyNKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA0DTqblu2pRbimA+Y/yUqpOyBVOMB8GA1UdIwQY
MBaAFPYmVGWPZyqs83Eztccc9LEcGGnaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWlaVVpZOW5LcXp6Y1RPMXh4ejBzUndZYWRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9hNjhlMjYtOTJlNS00ZjQ5LWFkYjgt
NjY0Nzc4ODQ1YjE2LzEvRFFOT3B1VzdhbEZ1S1lENWpfSlNxazdJRlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9hNjhlMjYtOTJlNS00ZjQ5LWFkYjgtNjY0Nzc4ODQ1YjE2
LzEvOWlaVVpZOW5LcXp6Y1RPMXh4ejBzUndZYWRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw4z0MA0G
CSqGSIb3DQEBCwUAA4IBAQBktjxzQcPaPrTf8QoucneTIy5omc1ykQCLZJ2U3mjf
G3C0cgNuX+yy1YA9qnWnfVX5cuRqkbss9kX7nMuFUKvx+iN305cJL6aee1p0j1hU
st/PF2ZhA+5sE+QbaATndt0+Ei6OI1Xeci0mtl3c8Ip556STtt+Xht0OLWR6jQZn
kES3Qm/4qGgYDoNAkRhvH6RaQraYg28qidImyoKh5pmtsuXk61JNvQkzBBdRc1Lg
gTKGb3LsDrYWdxSeRbwScR8PIKroj2x+0KPEQq+b0eNofPw+4yJyj/Pasab0lBTN
2QMtk4ClyPC68M8R+qeuLVIk+j9uMO4oW9f6dE6+2uf8
-----END CERTIFICATE-----