Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/n6DRn-yz1l_kukvGuUdkFPi0yqE.roa
File:                     n6DRn-yz1l_kukvGuUdkFPi0yqE.roa (raw, json)
Hash identifier:          w5AsAZL4KWq7cY/65ktsoHP8NqGmNdGIK9TrZqTUg5M=
Subject key identifier:   9F:A0:D1:9F:EC:B3:D6:5F:E4:BA:4B:C6:B9:47:64:14:F8:B4:CA:A1
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       0194258FFA1AA863BD57EC046B2F4F6AD8AC
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/n6DRn-yz1l_kukvGuUdkFPi0yqE.roa
Signing time:             Thu 02 Jan 2025 05:49:40 +0000
ROA not before:           Thu 02 Jan 2025 05:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207415
IP address blocks:        146.120.234.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:fa:1a:a8:63:bd:57:ec:04:6b:2f:4f:6a:d8:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 05:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fa0d19fecb3d65fe4ba4bc6b9476414f8b4caa1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:75:45:13:27:ce:c0:74:c0:34:0f:17:08:01:
                    95:6f:64:c1:bc:cd:02:20:a7:56:04:68:51:a0:d5:
                    4b:10:09:7f:6b:68:6b:4a:f2:86:ae:76:e8:f6:19:
                    4e:fb:53:c1:72:86:0b:60:1a:8a:ff:9b:88:98:9a:
                    95:a5:74:fe:a2:7a:30:73:b9:b3:37:f4:97:53:90:
                    4f:e3:cb:bb:87:ea:5f:88:aa:95:af:da:1b:c1:a7:
                    91:56:5a:29:cc:7b:bd:fd:95:f6:b0:5a:71:cd:79:
                    d4:dc:42:6f:9b:62:1c:40:3a:9d:9e:c5:c4:fa:41:
                    86:83:b0:52:59:56:77:b4:24:02:4b:88:59:45:d3:
                    dc:b4:56:fd:ef:0c:49:0d:2e:de:7f:d6:10:15:a2:
                    dd:24:cb:a5:be:0b:73:c4:b1:e4:4d:ac:0b:ec:35:
                    b1:09:82:d9:1d:e2:20:8f:80:52:31:b5:9e:54:c7:
                    72:82:52:f3:63:de:c6:a1:aa:1e:67:43:f2:bd:47:
                    a6:01:d6:8b:09:fd:52:ef:60:4f:56:b5:63:81:85:
                    46:16:a9:32:b5:ee:9a:c4:aa:94:1b:89:d9:32:c1:
                    d4:c2:79:de:b4:27:be:48:28:7f:d9:85:3c:33:1a:
                    3e:70:59:85:08:a0:71:d2:c8:2a:04:61:88:6f:53:
                    c9:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:A0:D1:9F:EC:B3:D6:5F:E4:BA:4B:C6:B9:47:64:14:F8:B4:CA:A1
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/n6DRn-yz1l_kukvGuUdkFPi0yqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:03:48:48:b3:cd:6b:15:8c:c2:c1:9e:ff:8b:c9:33:5a:88:
         ef:af:ea:10:c7:3a:7f:1e:5d:f9:46:66:5d:9f:b1:0f:c8:37:
         10:34:23:3e:00:c9:36:f7:cb:d5:bd:91:2d:e7:dc:92:14:d8:
         a3:9b:40:6e:88:82:f2:6b:ed:c1:66:d6:b9:a4:c2:99:bd:11:
         b6:35:ce:ca:46:a6:b7:3d:c6:d9:b1:33:82:f8:81:4c:8d:a7:
         15:5b:5b:1b:04:c9:17:63:38:b2:c7:93:4e:a2:bc:43:09:b2:
         2c:88:1a:fd:ca:4e:4c:52:ee:ea:84:47:26:c2:53:fc:53:92:
         c4:5e:21:91:5f:5f:36:c8:8e:a5:1f:27:af:92:27:d6:1d:ad:
         a2:05:c5:47:95:04:c3:4e:f5:2b:fa:43:87:77:42:aa:05:c5:
         d4:1f:00:7a:bb:94:7f:4b:5b:fe:66:95:75:5e:c4:34:4f:af:
         a9:91:c8:95:ce:55:6e:46:11:6f:3c:40:5a:d4:5b:30:2f:26:
         cc:e2:fd:a0:1d:6c:ee:24:06:15:c9:ec:12:7d:3c:61:f1:a8:
         68:e3:21:cd:0f:ea:76:14:9a:77:70:b6:c3:f4:62:3b:99:82:
         1f:08:b2:46:91:f3:c2:be:58:af:65:cb:96:26:28:c0:9f:41:
         08:bd:fd:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj/oaqGO9V+wEay9PatisMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjUwMTAyMDU0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmEwZDE5ZmVjYjNkNjVmZTRiYTRiYzZiOTQ3NjQxNGY4YjRjYWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnVFEyfOwHTANA8XCAGVb2TBvM0C
IKdWBGhRoNVLEAl/a2hrSvKGrnbo9hlO+1PBcoYLYBqK/5uImJqVpXT+onowc7mz
N/SXU5BP48u7h+pfiKqVr9obwaeRVlopzHu9/ZX2sFpxzXnU3EJvm2IcQDqdnsXE
+kGGg7BSWVZ3tCQCS4hZRdPctFb97wxJDS7ef9YQFaLdJMulvgtzxLHkTawL7DWx
CYLZHeIgj4BSMbWeVMdyglLzY97GoaoeZ0PyvUemAdaLCf1S72BPVrVjgYVGFqky
te6axKqUG4nZMsHUwnnetCe+SCh/2YU8Mxo+cFmFCKBx0sgqBGGIb1PJ+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ+g0Z/ss9Zf5LpLxrlHZBT4tMqhMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvbjZEUm4teXoxbF9rdWt2R3VVZGtGUGkweXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBknjqMA0G
CSqGSIb3DQEBCwUAA4IBAQBnA0hIs81rFYzCwZ7/i8kzWojvr+oQxzp/Hl35RmZd
n7EPyDcQNCM+AMk298vVvZEt59ySFNijm0BuiILya+3BZta5pMKZvRG2Nc7KRqa3
PcbZsTOC+IFMjacVW1sbBMkXYziyx5NOorxDCbIsiBr9yk5MUu7qhEcmwlP8U5LE
XiGRX182yI6lHyevkifWHa2iBcVHlQTDTvUr+kOHd0KqBcXUHwB6u5R/S1v+ZpV1
XsQ0T6+pkciVzlVuRhFvPEBa1FswLybM4v2gHWzuJAYVyewSfTxh8aho4yHND+p2
FJp3cLbD9GI7mYIfCLJGkfPCvlivZcuWJijAn0EIvf0/
-----END CERTIFICATE-----