Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/32d49c-fbb9-4664-9ab8-f2bdc2275b6e/1/6t_nnlmTXWp3OzIKRqSj0hcN4no.roa
File:                     6t_nnlmTXWp3OzIKRqSj0hcN4no.roa (raw, json)
Hash identifier:          W90ueV41Ar0nzHXhwJLVE6WKCjLM7hges3g+HZc2lOE=
Subject key identifier:   EA:DF:E7:9E:59:93:5D:6A:77:3B:32:0A:46:A4:A3:D2:17:0D:E2:7A
Certificate issuer:       /CN=0f4d50f390cf945c6fa5b900905b4d517ebb091a
Certificate serial:       019422FB6DCD42D83A66A4E1220B41E32451
Authority key identifier: 0F:4D:50:F3:90:CF:94:5C:6F:A5:B9:00:90:5B:4D:51:7E:BB:09:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D01Q85DPlFxvpbkAkFtNUX67CRo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/32d49c-fbb9-4664-9ab8-f2bdc2275b6e/1/6t_nnlmTXWp3OzIKRqSj0hcN4no.roa
Signing time:             Wed 01 Jan 2025 17:48:10 +0000
ROA not before:           Wed 01 Jan 2025 17:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200889
IP address blocks:        193.32.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/32d49c-fbb9-4664-9ab8-f2bdc2275b6e/1/D01Q85DPlFxvpbkAkFtNUX67CRo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/32d49c-fbb9-4664-9ab8-f2bdc2275b6e/1/D01Q85DPlFxvpbkAkFtNUX67CRo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D01Q85DPlFxvpbkAkFtNUX67CRo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:6d:cd:42:d8:3a:66:a4:e1:22:0b:41:e3:24:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f4d50f390cf945c6fa5b900905b4d517ebb091a
        Validity
            Not Before: Jan  1 17:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eadfe79e59935d6a773b320a46a4a3d2170de27a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:69:4e:8a:12:39:74:2b:fa:b0:58:49:ec:db:
                    99:44:29:8c:ab:d2:98:cc:09:5f:97:f4:c8:d7:63:
                    64:6b:ac:04:6c:85:a8:55:70:d0:11:06:c7:f2:70:
                    85:0a:19:b9:4f:59:84:b2:69:b7:76:33:68:de:d3:
                    29:6b:65:da:2f:5c:71:54:ad:01:8c:96:80:d2:9d:
                    35:d0:1c:0a:df:c8:96:e2:31:e1:a5:db:c3:49:4f:
                    f1:bb:af:30:01:3a:05:2d:19:a0:b3:2b:ba:c4:ac:
                    97:c1:79:cb:0e:ac:a3:3e:f5:2f:8d:4b:4d:0d:1c:
                    06:65:98:d0:d2:50:72:d7:35:c2:a3:08:d1:f5:d7:
                    46:92:ce:54:33:e2:b3:c3:74:ba:31:d6:fd:24:b5:
                    f1:b5:76:71:b4:d0:83:9c:96:d9:bb:26:f5:e9:67:
                    fa:78:93:a8:33:19:a6:ab:a6:b5:11:28:66:56:a3:
                    a5:9b:9d:53:fb:9b:bd:ed:ae:ca:4f:6a:7a:27:07:
                    e2:2f:b8:f3:8a:cc:23:5e:f9:47:7d:85:95:5b:f4:
                    19:d0:6d:c2:04:c3:16:4a:c3:87:9f:11:73:40:19:
                    dd:7d:39:fd:68:33:6c:2d:ab:31:4b:06:4c:56:13:
                    5b:4a:3b:a0:76:1c:b9:c1:0f:2f:fc:49:59:e1:bf:
                    71:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:DF:E7:9E:59:93:5D:6A:77:3B:32:0A:46:A4:A3:D2:17:0D:E2:7A
            X509v3 Authority Key Identifier:
                keyid:0F:4D:50:F3:90:CF:94:5C:6F:A5:B9:00:90:5B:4D:51:7E:BB:09:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D01Q85DPlFxvpbkAkFtNUX67CRo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/32d49c-fbb9-4664-9ab8-f2bdc2275b6e/1/6t_nnlmTXWp3OzIKRqSj0hcN4no.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/32d49c-fbb9-4664-9ab8-f2bdc2275b6e/1/D01Q85DPlFxvpbkAkFtNUX67CRo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.32.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:3f:09:a4:b0:84:03:4e:59:7d:6f:9e:3a:7e:4c:6d:8d:7a:
         4e:25:e0:49:6f:a0:f6:ab:89:d9:00:b0:42:bb:2a:18:92:df:
         da:7e:a6:c5:ea:a4:55:d4:ff:d7:7c:16:72:4c:c7:7c:ca:7d:
         d9:27:37:eb:3f:b7:2f:a5:85:98:91:49:63:06:ac:e6:93:7a:
         0c:31:9a:e2:2c:95:c7:bd:44:16:85:2d:4f:25:80:93:85:6d:
         82:7e:da:f5:9e:9d:0d:54:d6:ef:b5:b6:7d:4e:03:e9:09:e2:
         45:ad:a0:7e:19:30:9f:65:c9:f8:78:29:66:4d:fe:b0:b6:95:
         ed:17:0e:9a:ed:4c:17:38:c5:2e:43:8a:25:14:51:bb:b0:c2:
         a1:18:44:08:80:5d:9c:6f:23:68:ef:6c:df:c2:62:00:76:ad:
         89:80:d4:91:ed:f5:2f:52:c6:c4:98:93:84:03:e9:92:f6:a3:
         b2:27:84:be:4d:cb:d9:a4:2c:ea:20:c5:24:ca:be:96:74:51:
         fc:5e:32:cf:01:b1:9d:ea:fa:f2:f5:eb:6e:4c:2d:5b:48:09:
         f2:11:20:9e:74:57:26:ad:7c:d9:2e:18:52:4c:a8:a4:cd:3e:
         3d:9d:e2:4f:1b:1d:82:ea:a9:4d:1f:d8:fa:5e:c0:81:00:2d:
         e0:f6:b2:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+23NQtg6ZqThIgtB4yRRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNGQ1MGYzOTBjZjk0NWM2ZmE1YjkwMDkwNWI0ZDUxN2Vi
YjA5MWEwHhcNMjUwMTAxMTc0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWRmZTc5ZTU5OTM1ZDZhNzczYjMyMGE0NmE0YTNkMjE3MGRlMjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42lOihI5dCv6sFhJ7NuZRCmMq9KY
zAlfl/TI12Nka6wEbIWoVXDQEQbH8nCFChm5T1mEsmm3djNo3tMpa2XaL1xxVK0B
jJaA0p010BwK38iW4jHhpdvDSU/xu68wAToFLRmgsyu6xKyXwXnLDqyjPvUvjUtN
DRwGZZjQ0lBy1zXCowjR9ddGks5UM+Kzw3S6Mdb9JLXxtXZxtNCDnJbZuyb16Wf6
eJOoMxmmq6a1EShmVqOlm51T+5u97a7KT2p6JwfiL7jziswjXvlHfYWVW/QZ0G3C
BMMWSsOHnxFzQBndfTn9aDNsLasxSwZMVhNbSjugdhy5wQ8v/ElZ4b9x9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOrf555Zk11qdzsyCkako9IXDeJ6MB8GA1UdIwQY
MBaAFA9NUPOQz5Rcb6W5AJBbTVF+uwkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDAxUTg1RFBsRnh2cGJrQWtGdE5VWDY3Q1JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8zMmQ0OWMtZmJiOS00NjY0LTlhYjgt
ZjJiZGMyMjc1YjZlLzEvNnRfbm5sbVRYV3AzT3pJS1JxU2owaGNONG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8zMmQ0OWMtZmJiOS00NjY0LTlhYjgtZjJiZGMyMjc1YjZl
LzEvRDAxUTg1RFBsRnh2cGJrQWtGdE5VWDY3Q1JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSBfMA0G
CSqGSIb3DQEBCwUAA4IBAQArPwmksIQDTll9b546fkxtjXpOJeBJb6D2q4nZALBC
uyoYkt/afqbF6qRV1P/XfBZyTMd8yn3ZJzfrP7cvpYWYkUljBqzmk3oMMZriLJXH
vUQWhS1PJYCThW2Cftr1np0NVNbvtbZ9TgPpCeJFraB+GTCfZcn4eClmTf6wtpXt
Fw6a7UwXOMUuQ4olFFG7sMKhGEQIgF2cbyNo72zfwmIAdq2JgNSR7fUvUsbEmJOE
A+mS9qOyJ4S+TcvZpCzqIMUkyr6WdFH8XjLPAbGd6vry9etuTC1bSAnyESCedFcm
rXzZLhhSTKikzT49neJPGx2C6qlNH9j6XsCBAC3g9rLU
-----END CERTIFICATE-----