Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/dXlNqs4sctmDAbrW2Mdnb1ZiPQ8.roa
File:                     dXlNqs4sctmDAbrW2Mdnb1ZiPQ8.roa (raw, json)
Hash identifier:          6XBBbO2dgzMWRftGxWo3IPn8Bba+XglKbu5ydcr5hp4=
Subject key identifier:   75:79:4D:AA:CE:2C:72:D9:83:01:BA:D6:D8:C7:67:6F:56:62:3D:0F
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       0194E013E048AE50F4773496400B05B1CA00
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/dXlNqs4sctmDAbrW2Mdnb1ZiPQ8.roa
Signing time:             Fri 07 Feb 2025 11:03:06 +0000
ROA not before:           Fri 07 Feb 2025 11:03:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216106
IP address blocks:        82.206.22.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e0:13:e0:48:ae:50:f4:77:34:96:40:0b:05:b1:ca:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Feb  7 11:03:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75794daace2c72d98301bad6d8c7676f56623d0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:f0:42:8e:bf:5c:65:75:f6:b4:44:34:ba:52:
                    e3:8e:e2:d2:f3:f1:40:40:1d:4a:69:e6:1c:2c:71:
                    5b:10:98:f5:7b:54:2a:5a:34:ae:8a:0d:e7:88:1d:
                    4c:bf:6c:90:4e:4f:f4:2a:5f:71:1d:88:88:f9:ca:
                    9f:f2:25:f7:86:33:ab:a2:ff:cc:97:2f:e7:a1:86:
                    1d:1d:e9:8e:62:bc:42:f4:2d:46:d6:82:28:16:47:
                    72:37:78:c8:6b:94:09:91:d9:c3:19:10:c9:2a:66:
                    f2:b8:39:8e:35:db:e7:c2:bd:3a:40:3f:b0:64:ca:
                    f4:31:db:b5:3b:d6:b6:02:81:49:90:63:e0:6f:dc:
                    b6:a8:34:7c:6e:3c:05:32:e2:3b:e2:23:32:ee:69:
                    13:df:26:63:05:86:bf:5b:4d:d1:a4:88:32:7b:30:
                    a1:cb:c3:91:89:1a:e4:f5:ad:c8:d6:26:34:c6:c4:
                    37:91:2e:ab:b6:b1:c6:a7:d2:86:02:4e:7a:89:aa:
                    e9:37:0e:8b:02:d7:96:5d:4c:01:02:21:a7:f6:51:
                    73:bf:30:1e:a2:81:50:f8:bb:ec:17:c8:c7:7e:cf:
                    3e:7b:9f:79:5e:2f:d1:b6:64:56:1a:2e:6f:fe:be:
                    ba:81:9b:99:df:1f:8a:df:78:5c:46:a5:38:f2:c4:
                    5b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:79:4D:AA:CE:2C:72:D9:83:01:BA:D6:D8:C7:67:6F:56:62:3D:0F
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/dXlNqs4sctmDAbrW2Mdnb1ZiPQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.22.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:ef:87:56:d0:d2:55:22:04:62:30:52:b2:49:be:86:72:bf:
         b5:dc:c0:1d:a2:fb:c2:cb:d1:30:ea:79:e3:c8:2e:e0:93:39:
         d1:fb:bf:2b:8f:05:bd:d8:23:66:28:9a:af:dc:26:06:f3:fa:
         7f:c0:de:25:4a:51:fe:cf:de:9c:c3:ee:a3:85:09:bd:d9:d9:
         1a:73:cd:d4:52:bc:0f:65:7a:ba:79:a0:be:bf:a6:21:88:d6:
         5a:de:4c:3b:ac:68:8d:de:e8:2b:3e:18:b5:52:ed:20:54:5f:
         7f:9f:2f:23:3c:75:26:38:dd:4d:6a:41:bc:08:e0:a3:ca:07:
         99:2f:e1:93:35:2f:48:69:4a:1a:f3:7b:0d:ba:1e:ba:41:c7:
         0c:44:07:04:34:b3:68:24:db:09:6b:c8:06:aa:29:5f:1b:94:
         ab:39:0f:8f:15:71:f0:78:cb:a3:df:be:be:4b:39:97:29:13:
         c0:8d:34:8a:63:5e:18:bf:b1:a3:fa:d1:f7:ff:81:08:7f:a9:
         17:55:2f:10:51:d4:db:59:d2:c1:3c:f4:ed:62:2d:3b:bb:17:
         40:7b:a7:d4:ed:8e:d1:fe:5e:f9:9c:25:d2:20:3b:cc:b1:8d:
         e9:d7:3f:b2:c1:48:71:cc:5c:ee:fb:88:07:bd:35:c9:2e:e7:
         f1:30:24:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTgE+BIrlD0dzSWQAsFscoAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjUwMjA3MTEwMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTc5NGRhYWNlMmM3MmQ5ODMwMWJhZDZkOGM3Njc2ZjU2NjIzZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApfBCjr9cZXX2tEQ0ulLjjuLS8/FA
QB1KaeYcLHFbEJj1e1QqWjSuig3niB1Mv2yQTk/0Kl9xHYiI+cqf8iX3hjOrov/M
ly/noYYdHemOYrxC9C1G1oIoFkdyN3jIa5QJkdnDGRDJKmbyuDmONdvnwr06QD+w
ZMr0Mdu1O9a2AoFJkGPgb9y2qDR8bjwFMuI74iMy7mkT3yZjBYa/W03RpIgyezCh
y8ORiRrk9a3I1iY0xsQ3kS6rtrHGp9KGAk56iarpNw6LAteWXUwBAiGn9lFzvzAe
ooFQ+LvsF8jHfs8+e595Xi/RtmRWGi5v/r66gZuZ3x+K33hcRqU48sRbywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHV5TarOLHLZgwG61tjHZ29WYj0PMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvZFhsTnFzNHNjdG1EQWJyVzJNZG5iMVppUFE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUs4WMA0G
CSqGSIb3DQEBCwUAA4IBAQBi74dW0NJVIgRiMFKySb6Gcr+13MAdovvCy9Ew6nnj
yC7gkznR+78rjwW92CNmKJqv3CYG8/p/wN4lSlH+z96cw+6jhQm92dkac83UUrwP
ZXq6eaC+v6YhiNZa3kw7rGiN3ugrPhi1Uu0gVF9/ny8jPHUmON1NakG8COCjygeZ
L+GTNS9IaUoa83sNuh66QccMRAcENLNoJNsJa8gGqilfG5SrOQ+PFXHweMuj376+
SzmXKRPAjTSKY14Yv7Gj+tH3/4EIf6kXVS8QUdTbWdLBPPTtYi07uxdAe6fU7Y7R
/l75nCXSIDvMsY3p1z+ywUhxzFzu+4gHvTXJLufxMCQL
-----END CERTIFICATE-----