Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/6Fi2x6-MOtr7a_1fOFW30-_zrig.roa
File:                     6Fi2x6-MOtr7a_1fOFW30-_zrig.roa (raw, json)
Hash identifier:          2IN+YE3CMZAPD+uK8qRy2OV0W4x3OCpS/TO8CF/76aw=
Subject key identifier:   E8:58:B6:C7:AF:8C:3A:DA:FB:6B:FD:5F:38:55:B7:D3:EF:F3:AE:28
Certificate issuer:       /CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
Certificate serial:       01941F8C25696444B95A29B1AB65C4F8C5FB
Authority key identifier: AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/6Fi2x6-MOtr7a_1fOFW30-_zrig.roa
Signing time:             Wed 01 Jan 2025 01:47:45 +0000
ROA not before:           Wed 01 Jan 2025 01:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207492
IP address blocks:        45.140.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:25:69:64:44:b9:5a:29:b1:ab:65:c4:f8:c5:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=af5e93f902354ce4804b4cb049cf68b20f76aeb2
        Validity
            Not Before: Jan  1 01:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e858b6c7af8c3adafb6bfd5f3855b7d3eff3ae28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0c:67:a8:03:4e:c6:26:3a:2f:51:38:a0:34:
                    8c:ba:c7:98:c3:63:60:6b:62:75:36:56:a4:c9:06:
                    45:08:a3:dd:95:03:a1:37:14:9a:e5:cc:aa:11:19:
                    30:db:af:62:ff:45:53:dc:77:ed:07:c2:24:4e:fb:
                    ce:25:05:09:f1:2e:19:60:f9:db:57:d4:00:47:1e:
                    58:10:eb:1e:75:61:8e:73:ab:2b:26:17:82:4e:0d:
                    ca:b0:46:47:c9:64:cb:cc:53:58:86:e6:36:30:29:
                    5c:9c:03:1f:cb:8e:ba:f7:f4:fa:7a:b1:8e:3d:21:
                    d9:9a:17:ea:23:db:c7:16:e8:e1:a5:ba:15:da:8d:
                    54:d2:75:71:15:f8:82:99:8f:c2:bc:7f:ea:f2:26:
                    f0:ea:8f:05:ec:1f:ff:d0:56:93:55:cc:fb:c4:f8:
                    95:3a:9d:c4:ae:e5:de:6d:b4:82:b1:99:80:ac:0d:
                    d9:ed:fa:35:51:56:6a:f6:8e:90:75:82:02:b4:02:
                    24:f3:0f:6b:34:a1:be:80:63:b5:fc:04:66:36:6c:
                    3f:59:8c:3b:43:be:83:93:d1:f5:c9:a1:46:32:4f:
                    35:f2:65:a0:af:30:73:0e:47:46:96:f5:70:95:79:
                    76:44:bb:f9:7a:ca:24:68:8f:12:73:9a:7b:5c:98:
                    5f:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:58:B6:C7:AF:8C:3A:DA:FB:6B:FD:5F:38:55:B7:D3:EF:F3:AE:28
            X509v3 Authority Key Identifier:
                keyid:AF:5E:93:F9:02:35:4C:E4:80:4B:4C:B0:49:CF:68:B2:0F:76:AE:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r16T-QI1TOSAS0ywSc9osg92rrI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/6Fi2x6-MOtr7a_1fOFW30-_zrig.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/f4004b-d602-475d-931b-7e05ad0190ce/1/r16T-QI1TOSAS0ywSc9osg92rrI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:cf:37:6f:6b:d7:d5:61:cd:af:a8:63:aa:6a:60:01:75:86:
         20:ca:34:b7:b3:a1:7b:34:78:23:cd:a7:f3:d1:07:05:71:e0:
         3e:86:5f:20:3e:2b:c7:e8:6a:22:78:d6:6f:26:db:95:ab:91:
         8e:49:86:b4:df:0a:90:1a:42:4f:e1:18:3c:5b:13:d9:ef:d1:
         b4:f9:db:64:98:35:2b:ec:94:ac:ef:54:5b:c3:29:f2:b5:ed:
         55:15:c6:a1:76:e8:54:83:76:e4:46:f0:4c:d3:d7:c7:17:2f:
         42:6c:03:69:30:b0:5e:92:84:eb:72:97:72:1b:5b:ad:a9:57:
         43:9b:3c:ec:26:a3:94:f8:2f:eb:b3:4c:8e:1d:06:c6:1c:2f:
         8f:97:3d:c2:66:d5:07:f7:12:c9:07:80:99:d2:af:d4:81:4d:
         d3:0a:39:55:37:27:29:9a:0f:0d:d6:13:66:c2:b7:4f:ea:6d:
         96:14:ad:59:da:21:2b:fc:cb:12:c0:2c:70:01:61:9b:00:16:
         63:7c:09:27:6a:ad:63:8a:6b:03:15:a0:f6:ca:3e:0c:bc:62:
         e0:5e:83:5c:cc:f5:f7:ce:f4:81:a9:ee:55:19:8e:df:76:23:
         f9:ed:d3:34:98:36:aa:de:74:63:3f:fe:55:51:22:15:c0:29:
         09:3b:93:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCVpZES5Wimxq2XE+MX7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmNWU5M2Y5MDIzNTRjZTQ4MDRiNGNiMDQ5Y2Y2OGIyMGY3
NmFlYjIwHhcNMjUwMTAxMDE0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODU4YjZjN2FmOGMzYWRhZmI2YmZkNWYzODU1YjdkM2VmZjNhZTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQxnqANOxiY6L1E4oDSMuseYw2Ng
a2J1NlakyQZFCKPdlQOhNxSa5cyqERkw269i/0VT3HftB8IkTvvOJQUJ8S4ZYPnb
V9QARx5YEOsedWGOc6srJheCTg3KsEZHyWTLzFNYhuY2MClcnAMfy4669/T6erGO
PSHZmhfqI9vHFujhpboV2o1U0nVxFfiCmY/CvH/q8ibw6o8F7B//0FaTVcz7xPiV
Op3EruXebbSCsZmArA3Z7fo1UVZq9o6QdYICtAIk8w9rNKG+gGO1/ARmNmw/WYw7
Q76Dk9H1yaFGMk818mWgrzBzDkdGlvVwlXl2RLv5esokaI8Sc5p7XJhfBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhYtsevjDra+2v9XzhVt9Pv864oMB8GA1UdIwQY
MBaAFK9ek/kCNUzkgEtMsEnPaLIPdq6yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWIt
N2UwNWFkMDE5MGNlLzEvNkZpMng2LU1PdHI3YV8xZk9GVzMwLV96cmlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9mNDAwNGItZDYwMi00NzVkLTkzMWItN2UwNWFkMDE5MGNl
LzEvcjE2VC1RSTFUT1NBUzB5d1NjOW9zZzkycnJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYwoMA0G
CSqGSIb3DQEBCwUAA4IBAQBQzzdva9fVYc2vqGOqamABdYYgyjS3s6F7NHgjzafz
0QcFceA+hl8gPivH6GoieNZvJtuVq5GOSYa03wqQGkJP4Rg8WxPZ79G0+dtkmDUr
7JSs71Rbwynyte1VFcahduhUg3bkRvBM09fHFy9CbANpMLBekoTrcpdyG1utqVdD
mzzsJqOU+C/rs0yOHQbGHC+Plz3CZtUH9xLJB4CZ0q/UgU3TCjlVNycpmg8N1hNm
wrdP6m2WFK1Z2iEr/MsSwCxwAWGbABZjfAknaq1jimsDFaD2yj4MvGLgXoNczPX3
zvSBqe5VGY7fdiP57dM0mDaq3nRjP/5VUSIVwCkJO5M1
-----END CERTIFICATE-----