Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dgaS6fn3OpV72cEYNy7VeVSk2tE.roa
File:                     dgaS6fn3OpV72cEYNy7VeVSk2tE.roa (raw, json)
Hash identifier:          t9/MBst/MC7EkBAyzHdTuY3YBMIxG+Elxy81Bz6kYyc=
Subject key identifier:   76:06:92:E9:F9:F7:3A:95:7B:D9:C1:18:37:2E:D5:79:54:A4:DA:D1
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       01941FFA914E1959EF87E43E4E70096F9DFD
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dgaS6fn3OpV72cEYNy7VeVSk2tE.roa
Signing time:             Wed 01 Jan 2025 03:48:22 +0000
ROA not before:           Wed 01 Jan 2025 03:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212335
IP address blocks:        193.176.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:91:4e:19:59:ef:87:e4:3e:4e:70:09:6f:9d:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  1 03:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=760692e9f9f73a957bd9c118372ed57954a4dad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:d0:63:73:1a:d6:6e:d1:b5:ea:42:f8:aa:a1:
                    d9:30:05:5f:5f:ea:97:b8:ab:88:91:9f:91:48:9d:
                    16:19:2d:33:70:bb:be:b6:03:63:1b:c4:88:25:7c:
                    70:6f:61:d6:7e:4c:37:cc:97:c8:61:46:19:50:6d:
                    8d:f5:e8:4f:78:20:44:f3:c2:b7:ca:80:5f:cd:7c:
                    9e:e6:b4:37:ca:ab:e2:8e:41:a1:4e:23:4d:4e:0e:
                    e7:e9:d8:7c:3d:70:d4:0a:eb:45:89:c5:d2:b1:a4:
                    fd:fd:20:16:f9:70:3b:4c:aa:5a:b3:14:f1:37:28:
                    3b:50:58:fd:34:22:2f:91:e5:d4:0e:e3:ba:d6:66:
                    2d:b3:5e:a2:61:d3:8c:7e:4f:ed:81:ef:d5:d2:a8:
                    40:2f:07:13:76:4d:54:7d:37:ff:01:2e:3e:89:09:
                    11:95:6f:f4:3a:cc:58:f1:01:d7:75:91:03:21:3c:
                    87:c4:ce:71:fe:02:4d:70:bf:a2:6d:7d:65:94:28:
                    f0:75:4d:80:bd:8c:94:e5:61:1e:ab:d9:6a:c1:07:
                    ea:a3:dc:a1:bb:d4:ce:ad:53:57:6b:b9:50:27:33:
                    35:d7:62:51:c3:02:a2:fd:be:e7:5a:2f:cc:99:ba:
                    70:b2:ff:1f:1a:84:a8:ac:6b:da:c9:6f:14:c2:26:
                    0d:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:06:92:E9:F9:F7:3A:95:7B:D9:C1:18:37:2E:D5:79:54:A4:DA:D1
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/dgaS6fn3OpV72cEYNy7VeVSk2tE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:f8:8c:3d:80:81:2c:e6:f8:9d:16:29:37:75:64:b0:2c:10:
         ad:e3:a3:ff:36:60:81:b1:a4:80:23:d6:bc:e3:08:55:7f:ea:
         b4:fa:37:ce:e8:a3:a1:21:b3:80:79:3c:92:6b:36:f2:f7:5e:
         bb:f9:a6:5b:28:89:e3:f5:ab:a2:4b:96:97:05:20:01:21:3a:
         3a:74:6b:98:dc:4e:47:80:80:64:54:aa:68:a8:e0:17:d2:e6:
         06:ca:51:0d:f9:e3:bd:66:e5:32:01:60:b0:14:64:15:fb:df:
         0e:99:af:6d:b8:29:69:7d:a3:d9:06:66:9e:a1:28:85:1a:5a:
         71:b7:6b:40:21:48:39:84:da:81:f0:77:24:57:e1:70:20:40:
         93:47:cc:b6:68:cf:8a:2c:60:d3:3f:16:70:f8:aa:43:98:b9:
         47:10:1d:21:5c:c0:18:5b:41:15:38:0a:f6:b1:f2:45:ee:bb:
         69:8e:66:a0:59:8c:ba:94:e6:8f:24:24:da:75:eb:17:12:e4:
         03:2d:db:b9:52:1d:f3:a1:57:ff:4e:d4:96:9b:80:f4:ee:6b:
         26:3d:f1:33:24:ea:cb:75:71:26:21:36:47:79:c6:f3:8a:df:
         80:f3:58:05:23:b9:c5:ab:ac:4f:4e:e6:f2:65:70:44:04:1e:
         e6:b4:5d:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+pFOGVnvh+Q+TnAJb539MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwMTAxMDM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjA2OTJlOWY5ZjczYTk1N2JkOWMxMTgzNzJlZDU3OTU0YTRkYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptBjcxrWbtG16kL4qqHZMAVfX+qX
uKuIkZ+RSJ0WGS0zcLu+tgNjG8SIJXxwb2HWfkw3zJfIYUYZUG2N9ehPeCBE88K3
yoBfzXye5rQ3yqvijkGhTiNNTg7n6dh8PXDUCutFicXSsaT9/SAW+XA7TKpasxTx
Nyg7UFj9NCIvkeXUDuO61mYts16iYdOMfk/tge/V0qhALwcTdk1UfTf/AS4+iQkR
lW/0OsxY8QHXdZEDITyHxM5x/gJNcL+ibX1llCjwdU2AvYyU5WEeq9lqwQfqo9yh
u9TOrVNXa7lQJzM112JRwwKi/b7nWi/Mmbpwsv8fGoSorGvayW8UwiYNjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHYGkun59zqVe9nBGDcu1XlUpNrRMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvZGdhUzZmbjNPcFY3MmNFWU55N1ZlVlNrMnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbBgMA0G
CSqGSIb3DQEBCwUAA4IBAQBo+Iw9gIEs5vidFik3dWSwLBCt46P/NmCBsaSAI9a8
4whVf+q0+jfO6KOhIbOAeTySazby9167+aZbKInj9auiS5aXBSABITo6dGuY3E5H
gIBkVKpoqOAX0uYGylEN+eO9ZuUyAWCwFGQV+98Oma9tuClpfaPZBmaeoSiFGlpx
t2tAIUg5hNqB8HckV+FwIECTR8y2aM+KLGDTPxZw+KpDmLlHEB0hXMAYW0EVOAr2
sfJF7rtpjmagWYy6lOaPJCTadesXEuQDLdu5Uh3zoVf/TtSWm4D07msmPfEzJOrL
dXEmITZHecbzit+A81gFI7nFq6xPTubyZXBEBB7mtF2J
-----END CERTIFICATE-----