Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/b6CQFUCGRAqqgQC3aRo4uSovF9U.roa
File:                     b6CQFUCGRAqqgQC3aRo4uSovF9U.roa (raw, json)
Hash identifier:          nS6zVPecfIttJUAmdGapnd97bbk5sJL/+DzuOFY4es4=
Subject key identifier:   6F:A0:90:15:40:86:44:0A:AA:81:00:B7:69:1A:38:B9:2A:2F:17:D5
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       0195B9BA9D9A59799BB5849B661D993B805B
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/b6CQFUCGRAqqgQC3aRo4uSovF9U.roa
Signing time:             Fri 21 Mar 2025 17:22:49 +0000
ROA not before:           Fri 21 Mar 2025 17:22:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211327
IP address blocks:        80.96.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b9:ba:9d:9a:59:79:9b:b5:84:9b:66:1d:99:3b:80:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Mar 21 17:22:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fa090154086440aaa8100b7691a38b92a2f17d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:3a:73:43:ba:6a:15:39:86:c1:4d:e2:d7:24:
                    f0:c4:e6:7c:60:24:0d:be:9c:d5:57:19:ad:d9:26:
                    10:5e:67:e7:ec:67:59:86:17:34:c4:4c:b9:84:33:
                    c6:59:7a:c4:1d:7d:51:f1:63:88:45:db:72:a9:fd:
                    5f:51:db:c8:2a:21:5f:4f:a6:32:db:0b:66:26:d6:
                    af:33:fb:c6:a3:ca:87:db:89:36:4a:49:60:64:a4:
                    29:6d:61:b5:0e:85:63:85:5c:d2:26:8c:7b:62:cf:
                    3a:f5:f1:4d:89:0a:98:48:27:36:ab:a1:c1:01:62:
                    9b:47:a9:13:05:b9:00:b7:a9:1d:13:6d:43:7a:2f:
                    b3:68:48:e8:77:b9:1c:ec:9d:10:90:9c:39:6f:a3:
                    61:b8:30:2e:17:a5:e8:55:bf:f4:65:73:72:0a:f6:
                    62:f1:dc:61:8b:c5:06:88:80:22:99:93:a8:50:a5:
                    39:1f:46:59:10:c6:03:9f:22:28:ab:fc:48:16:bc:
                    c7:10:70:c8:f7:7d:a1:5e:3b:c8:22:88:5b:29:eb:
                    63:4a:29:dd:01:19:36:3a:5e:e6:41:02:d5:53:84:
                    13:5d:28:5a:18:21:10:7b:a6:4d:de:7b:56:9c:33:
                    c6:59:64:71:89:08:42:b6:86:66:bd:75:9d:ed:27:
                    20:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:A0:90:15:40:86:44:0A:AA:81:00:B7:69:1A:38:B9:2A:2F:17:D5
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/b6CQFUCGRAqqgQC3aRo4uSovF9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.96.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:ab:0e:e5:9b:f6:20:6a:c9:cc:2e:f0:60:40:da:bc:00:52:
         96:52:3c:f6:10:7f:aa:e2:b3:d8:a3:e4:0f:6b:e0:66:d1:63:
         eb:51:78:df:a8:5a:99:7a:6c:c4:05:49:61:e2:5b:12:87:2e:
         c7:47:f9:88:ca:e6:48:de:99:17:69:c0:0f:5b:cc:5c:5c:06:
         7c:a4:09:ee:c2:b4:78:31:3a:c7:b8:cf:4d:1e:96:6e:9b:e6:
         68:43:3c:38:c5:4d:01:c3:77:48:0e:8c:72:af:af:75:9c:ba:
         31:13:46:7c:2c:af:77:23:eb:53:72:18:c3:e8:a7:e7:42:13:
         ca:cf:27:a8:79:0e:58:a9:e9:fd:29:7d:ca:bb:1f:fe:e4:4f:
         65:d1:0e:2a:06:db:93:ab:23:29:b7:a5:42:90:e1:6a:cd:19:
         58:55:ac:95:17:36:ab:45:54:70:1b:38:49:81:37:47:b6:df:
         e8:92:dc:10:65:30:70:bc:79:b7:d2:05:ae:5a:f8:f5:1e:7f:
         f7:bf:78:cb:10:db:4d:8e:98:a8:c6:92:40:92:30:96:5c:25:
         a4:78:77:c9:ef:ac:f1:04:40:21:c7:96:65:a1:c5:8a:ae:31:
         0a:02:d7:ba:a7:30:51:a4:08:9d:46:ab:67:b5:1e:5f:c5:57:
         a6:8e:33:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZW5up2aWXmbtYSbZh2ZO4BbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMzIxMTcyMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmEwOTAxNTQwODY0NDBhYWE4MTAwYjc2OTFhMzhiOTJhMmYxN2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzpzQ7pqFTmGwU3i1yTwxOZ8YCQN
vpzVVxmt2SYQXmfn7GdZhhc0xEy5hDPGWXrEHX1R8WOIRdtyqf1fUdvIKiFfT6Yy
2wtmJtavM/vGo8qH24k2SklgZKQpbWG1DoVjhVzSJox7Ys869fFNiQqYSCc2q6HB
AWKbR6kTBbkAt6kdE21Dei+zaEjod7kc7J0QkJw5b6NhuDAuF6XoVb/0ZXNyCvZi
8dxhi8UGiIAimZOoUKU5H0ZZEMYDnyIoq/xIFrzHEHDI932hXjvIIohbKetjSind
ARk2Ol7mQQLVU4QTXShaGCEQe6ZN3ntWnDPGWWRxiQhCtoZmvXWd7Scg7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG+gkBVAhkQKqoEAt2kaOLkqLxfVMB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvYjZDUUZVQ0dSQXFxZ1FDM2FSbzR1U292RjlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUGBRMA0G
CSqGSIb3DQEBCwUAA4IBAQBzqw7lm/YgasnMLvBgQNq8AFKWUjz2EH+q4rPYo+QP
a+Bm0WPrUXjfqFqZemzEBUlh4lsShy7HR/mIyuZI3pkXacAPW8xcXAZ8pAnuwrR4
MTrHuM9NHpZum+ZoQzw4xU0Bw3dIDoxyr691nLoxE0Z8LK93I+tTchjD6KfnQhPK
zyeoeQ5Yqen9KX3Kux/+5E9l0Q4qBtuTqyMpt6VCkOFqzRlYVayVFzarRVRwGzhJ
gTdHtt/oktwQZTBwvHm30gWuWvj1Hn/3v3jLENtNjpioxpJAkjCWXCWkeHfJ76zx
BEAhx5ZlocWKrjEKAte6pzBRpAidRqtntR5fxVemjjOV
-----END CERTIFICATE-----