Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/X6ZYSC-zk_X-vkVmhmsDz5ImQYg.roa
File:                     X6ZYSC-zk_X-vkVmhmsDz5ImQYg.roa (raw, json)
Hash identifier:          ejdwRSw1lilKiCxqAuj8PMfvm39/1GCNMitYFT+EINw=
Subject key identifier:   5F:A6:58:48:2F:B3:93:F5:FE:BE:45:66:86:6B:03:CF:92:26:41:88
Certificate issuer:       /CN=6359a649b036103e80a3ce8f3d1b0138a60581d7
Certificate serial:       019423D6F3CE9EA4837FEE6BA69EF26400E2
Authority key identifier: 63:59:A6:49:B0:36:10:3E:80:A3:CE:8F:3D:1B:01:38:A6:05:81:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/X6ZYSC-zk_X-vkVmhmsDz5ImQYg.roa
Signing time:             Wed 01 Jan 2025 21:47:57 +0000
ROA not before:           Wed 01 Jan 2025 21:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205359
IP address blocks:        85.193.76.0/24 maxlen: 24
                          194.31.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 12:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:f3:ce:9e:a4:83:7f:ee:6b:a6:9e:f2:64:00:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6359a649b036103e80a3ce8f3d1b0138a60581d7
        Validity
            Not Before: Jan  1 21:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5fa658482fb393f5febe4566866b03cf92264188
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2c:e8:bb:a2:e2:71:ea:70:ea:da:ab:1e:7a:
                    76:eb:f1:89:57:e8:f6:50:46:30:46:9f:95:89:f0:
                    21:11:72:f0:84:60:98:3c:65:17:00:2d:b8:4b:25:
                    b0:bd:34:27:e2:0c:1a:cc:93:d4:a5:6a:f3:2d:1a:
                    c4:79:37:4f:e0:b6:c6:9b:32:3a:5e:8e:e4:99:f2:
                    b8:6d:71:16:04:d4:bd:78:ff:d8:06:3c:af:ce:06:
                    34:dc:ea:af:81:9c:3a:5e:25:5e:9d:b7:26:9f:a8:
                    3f:35:57:87:9f:ae:91:ac:fc:a3:22:27:d0:9b:ec:
                    9e:31:cf:30:3f:de:32:70:bd:f0:62:c7:3d:f2:96:
                    78:1c:44:0b:bb:54:34:3a:7d:df:7f:1c:08:4c:df:
                    12:14:f0:81:eb:2d:7c:a8:0a:f2:0d:86:82:ba:89:
                    7a:cd:05:67:ba:20:62:cd:94:89:01:49:e3:42:a6:
                    97:34:e5:20:6c:43:e1:b4:e8:1d:79:c3:78:9d:81:
                    4b:c1:dd:fe:1d:99:f4:52:52:0e:0e:6d:ce:de:4c:
                    9c:91:f2:c8:a1:de:23:76:c6:51:b2:27:25:9e:aa:
                    94:ea:6c:f3:cf:03:bf:06:f1:be:2b:91:04:09:f4:
                    31:e5:a1:f3:22:88:a6:6a:d4:96:8b:c0:5f:23:fa:
                    fa:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:A6:58:48:2F:B3:93:F5:FE:BE:45:66:86:6B:03:CF:92:26:41:88
            X509v3 Authority Key Identifier:
                keyid:63:59:A6:49:B0:36:10:3E:80:A3:CE:8F:3D:1B:01:38:A6:05:81:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/X6ZYSC-zk_X-vkVmhmsDz5ImQYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/4574bc-296d-4a58-aef7-d2bbd949c452/1/Y1mmSbA2ED6Ao86PPRsBOKYFgdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.193.76.0/24
                  194.31.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:6f:2d:46:44:1f:6f:93:71:2c:2c:aa:f5:7b:6e:a3:fa:7e:
         71:83:92:cc:6e:b9:86:3a:90:f7:eb:5b:ef:74:a4:19:d9:c9:
         f7:8a:5b:e8:84:e2:a7:5c:d7:aa:fc:a8:8d:a3:21:91:fd:30:
         ea:3d:71:06:e0:f4:fc:c4:b7:cf:25:93:42:7b:3e:46:38:97:
         2d:05:90:0a:34:0c:ae:02:ac:ff:ca:51:e4:1f:6b:e8:b6:b3:
         89:e0:27:f2:09:96:f1:62:92:7b:ca:e0:bc:52:46:de:60:a3:
         e9:af:51:d1:2d:94:63:5b:69:1c:6a:d8:61:14:e1:1e:44:6d:
         d8:d6:a4:c6:4a:fa:4e:3a:50:87:06:9e:86:f7:a1:b6:48:74:
         d0:28:4b:4c:a5:90:27:99:1e:24:0c:bb:7f:bb:28:f0:62:de:
         40:6b:09:91:7f:d6:87:45:87:f0:03:62:1f:cd:8f:97:9a:7d:
         0c:1b:ef:84:4e:a3:76:78:1e:58:45:7c:25:7b:f7:75:d1:01:
         74:63:d4:14:35:5e:b3:37:4f:9e:bd:61:c3:0b:65:ba:3d:c3:
         66:73:36:c7:26:9b:e5:91:39:21:aa:79:57:9d:0d:4e:9f:0e:
         53:ba:5e:20:6d:28:f3:79:2b:50:8f:13:d8:71:d4:81:8c:7a:
         67:ad:8b:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1vPOnqSDf+5rpp7yZADiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNTlhNjQ5YjAzNjEwM2U4MGEzY2U4ZjNkMWIwMTM4YTYw
NTgxZDcwHhcNMjUwMTAxMjE0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmE2NTg0ODJmYjM5M2Y1ZmViZTQ1NjY4NjZiMDNjZjkyMjY0MTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuyzou6Licepw6tqrHnp26/GJV+j2
UEYwRp+VifAhEXLwhGCYPGUXAC24SyWwvTQn4gwazJPUpWrzLRrEeTdP4LbGmzI6
Xo7kmfK4bXEWBNS9eP/YBjyvzgY03OqvgZw6XiVenbcmn6g/NVeHn66RrPyjIifQ
m+yeMc8wP94ycL3wYsc98pZ4HEQLu1Q0On3ffxwITN8SFPCB6y18qAryDYaCuol6
zQVnuiBizZSJAUnjQqaXNOUgbEPhtOgdecN4nYFLwd3+HZn0UlIODm3O3kyckfLI
od4jdsZRsiclnqqU6mzzzwO/BvG+K5EECfQx5aHzIoimatSWi8BfI/r6/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF+mWEgvs5P1/r5FZoZrA8+SJkGIMB8GA1UdIwQY
MBaAFGNZpkmwNhA+gKPOjz0bATimBYHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTFtbVNiQTJFRDZBbzg2UFBSc0JPS1lGZ2RjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi80NTc0YmMtMjk2ZC00YTU4LWFlZjct
ZDJiYmQ5NDljNDUyLzEvWDZaWVNDLXprX1gtdmtWbWhtc0R6NUltUVlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi80NTc0YmMtMjk2ZC00YTU4LWFlZjctZDJiYmQ5NDljNDUy
LzEvWTFtbVNiQTJFRDZBbzg2UFBSc0JPS1lGZ2RjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVcFMAwQA
wh9jMA0GCSqGSIb3DQEBCwUAA4IBAQAcby1GRB9vk3EsLKr1e26j+n5xg5LMbrmG
OpD361vvdKQZ2cn3ilvohOKnXNeq/KiNoyGR/TDqPXEG4PT8xLfPJZNCez5GOJct
BZAKNAyuAqz/ylHkH2votrOJ4CfyCZbxYpJ7yuC8UkbeYKPpr1HRLZRjW2kcathh
FOEeRG3Y1qTGSvpOOlCHBp6G96G2SHTQKEtMpZAnmR4kDLt/uyjwYt5AawmRf9aH
RYfwA2IfzY+Xmn0MG++ETqN2eB5YRXwle/d10QF0Y9QUNV6zN0+evWHDC2W6PcNm
czbHJpvlkTkhqnlXnQ1Onw5Tul4gbSjzeStQjxPYcdSBjHpnrYvX
-----END CERTIFICATE-----