Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/b68MMacZMCk8BGd_dtEfXGC1gjQ.roa
File:                     b68MMacZMCk8BGd_dtEfXGC1gjQ.roa (raw, json)
Hash identifier:          +QdUGp66zSsRlRL+8vu3Z5FQrvxHfNwe3wX+LONTE6U=
Subject key identifier:   6F:AF:0C:31:A7:19:30:29:3C:04:67:7F:76:D1:1F:5C:60:B5:82:34
Certificate issuer:       /CN=22a44566764ebb511683cb6228fa91997b559379
Certificate serial:       0191B1CE72863D728490242DD56E087BE8A8
Authority key identifier: 22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/b68MMacZMCk8BGd_dtEfXGC1gjQ.roa
Signing time:             Mon 02 Sep 2024 08:16:22 +0000
ROA not before:           Mon 02 Sep 2024 08:16:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        78.153.136.0/24 maxlen: 24
                          109.237.98.0/24 maxlen: 24
                          109.237.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b1:ce:72:86:3d:72:84:90:24:2d:d5:6e:08:7b:e8:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22a44566764ebb511683cb6228fa91997b559379
        Validity
            Not Before: Sep  2 08:16:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6faf0c31a71930293c04677f76d11f5c60b58234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:56:2e:ed:2c:54:8e:5d:e6:91:0a:c8:52:52:
                    a9:16:f6:12:63:97:3b:b3:ca:02:0c:d7:65:f9:01:
                    5c:1a:1f:c8:a1:da:df:9c:e0:9c:e9:78:ea:0d:81:
                    ff:32:03:4f:cc:6c:a1:c8:fc:77:a2:e9:a7:33:92:
                    07:c6:58:fd:35:04:7e:2d:11:e7:f7:f3:2d:12:12:
                    02:26:cf:a4:58:e0:96:3f:6a:07:bc:34:12:b0:89:
                    3b:33:56:ec:75:a0:53:de:3e:e8:7f:f0:9c:98:a1:
                    ac:1c:1d:63:6d:62:74:2a:d7:4e:71:ac:b2:0d:c1:
                    c3:04:92:08:62:dd:0a:1e:91:78:04:25:6c:e6:e1:
                    e5:0b:13:05:77:0e:1a:f3:2c:49:04:70:74:ef:c8:
                    b6:20:2b:12:df:77:73:6d:02:96:e1:0f:c5:61:a6:
                    a2:f4:3b:99:f3:ca:97:81:90:7a:bf:30:e1:35:01:
                    d3:a9:6d:57:63:eb:4d:19:4e:73:47:f1:06:c7:c8:
                    69:90:ae:d1:c7:fa:97:4f:61:ad:71:1a:b2:e8:cc:
                    9f:fa:e0:85:50:7a:ef:46:86:48:08:81:9e:4a:6b:
                    ac:d2:b6:24:e3:4f:e2:e7:85:25:36:0c:f7:fb:b1:
                    35:19:a8:5f:97:04:ca:85:20:93:b6:30:18:e7:51:
                    74:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:AF:0C:31:A7:19:30:29:3C:04:67:7F:76:D1:1F:5C:60:B5:82:34
            X509v3 Authority Key Identifier:
                keyid:22:A4:45:66:76:4E:BB:51:16:83:CB:62:28:FA:91:99:7B:55:93:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IqRFZnZOu1EWg8tiKPqRmXtVk3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/b68MMacZMCk8BGd_dtEfXGC1gjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/6b3dda-7368-4d19-b603-16b80aa28dd6/1/IqRFZnZOu1EWg8tiKPqRmXtVk3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.136.0/24
                  109.237.98.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:d9:4a:14:3e:87:29:45:b4:0e:a4:71:d8:c5:39:31:e9:e9:
         cd:44:c9:7c:84:1c:63:84:c3:d5:e2:5f:b6:e6:35:4e:55:a7:
         3f:95:22:e2:76:93:c5:77:3b:83:a5:f3:fe:9d:fd:28:4a:47:
         00:f6:f8:12:71:d9:05:6e:c1:86:3f:88:01:9f:81:76:77:5c:
         ea:10:f5:9e:af:4c:7d:fc:56:49:d0:f9:ad:2d:04:a4:78:04:
         07:3d:2d:f7:ba:76:b0:45:f1:b3:e6:05:67:5d:1a:b1:c8:ed:
         93:f4:02:65:f0:8d:32:d0:0d:cc:d5:03:bd:1b:e0:14:27:37:
         02:61:6b:9c:f9:d7:73:f5:3f:55:cb:07:ef:40:40:ad:f2:76:
         c6:09:5a:14:9b:a7:b4:6a:f4:58:e3:af:74:67:b9:03:06:a0:
         67:76:0c:a1:4d:0e:b0:24:0c:3c:a4:f4:e4:6e:07:da:8a:19:
         09:83:42:3b:09:3f:58:35:e8:a3:0b:17:48:a4:3d:ca:05:bf:
         93:2c:e3:72:1c:18:92:d1:5a:82:a1:ab:07:01:12:57:a4:2b:
         8c:72:4c:97:48:2f:47:82:4f:bf:9b:40:f9:c2:b9:f5:77:58:
         8f:ab:8f:8a:11:2c:1a:51:f6:be:1d:22:f5:3d:c5:31:b9:42:
         96:0a:3d:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGxznKGPXKEkCQt1W4Ie+ioMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYTQ0NTY2NzY0ZWJiNTExNjgzY2I2MjI4ZmE5MTk5N2I1
NTkzNzkwHhcNMjQwOTAyMDgxNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmFmMGMzMWE3MTkzMDI5M2MwNDY3N2Y3NmQxMWY1YzYwYjU4MjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lYu7SxUjl3mkQrIUlKpFvYSY5c7
s8oCDNdl+QFcGh/IodrfnOCc6XjqDYH/MgNPzGyhyPx3oumnM5IHxlj9NQR+LRHn
9/MtEhICJs+kWOCWP2oHvDQSsIk7M1bsdaBT3j7of/CcmKGsHB1jbWJ0KtdOcayy
DcHDBJIIYt0KHpF4BCVs5uHlCxMFdw4a8yxJBHB078i2ICsS33dzbQKW4Q/FYaai
9DuZ88qXgZB6vzDhNQHTqW1XY+tNGU5zR/EGx8hpkK7Rx/qXT2GtcRqy6Myf+uCF
UHrvRoZICIGeSmus0rYk40/i54UlNgz3+7E1GahflwTKhSCTtjAY51F0twIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG+vDDGnGTApPARnf3bRH1xgtYI0MB8GA1UdIwQY
MBaAFCKkRWZ2TrtRFoPLYij6kZl7VZN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMt
MTZiODBhYTI4ZGQ2LzEvYjY4TU1hY1pNQ2s4QkdkX2R0RWZYR0MxZ2pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS82YjNkZGEtNzM2OC00ZDE5LWI2MDMtMTZiODBhYTI4ZGQ2
LzEvSXFSRlpuWk91MUVXZzh0aUtQcVJtWHRWazNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATpmIAwQB
be1iMA0GCSqGSIb3DQEBCwUAA4IBAQA32UoUPocpRbQOpHHYxTkx6enNRMl8hBxj
hMPV4l+25jVOVac/lSLidpPFdzuDpfP+nf0oSkcA9vgScdkFbsGGP4gBn4F2d1zq
EPWer0x9/FZJ0PmtLQSkeAQHPS33unawRfGz5gVnXRqxyO2T9AJl8I0y0A3M1QO9
G+AUJzcCYWuc+ddz9T9VywfvQECt8nbGCVoUm6e0avRY4690Z7kDBqBndgyhTQ6w
JAw8pPTkbgfaihkJg0I7CT9YNeijCxdIpD3KBb+TLONyHBiS0VqCoasHARJXpCuM
ckyXSC9Hgk+/m0D5wrn1d1iPq4+KESwaUfa+HSL1PcUxuUKWCj3M
-----END CERTIFICATE-----