Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/6EzBdLMFhAHXtGoqOgo2hhkKxsE.roa
File:                     6EzBdLMFhAHXtGoqOgo2hhkKxsE.roa (raw, json)
Hash identifier:          6BZyqWO3dBV2T/D/HQLLEXL8wtnsNJxMwYYKl/DQzgM=
Subject key identifier:   E8:4C:C1:74:B3:05:84:01:D7:B4:6A:2A:3A:0A:36:86:19:0A:C6:C1
Certificate issuer:       /CN=3263787fd0f94b37813eef16bc8137423ee3fef3
Certificate serial:       01941F8C07AF4CAB114E5B02F153AA55B8DC
Authority key identifier: 32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/6EzBdLMFhAHXtGoqOgo2hhkKxsE.roa
Signing time:             Wed 01 Jan 2025 01:47:38 +0000
ROA not before:           Wed 01 Jan 2025 01:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        193.219.7.0/24 maxlen: 24
                          2a03:ec41:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:07:af:4c:ab:11:4e:5b:02:f1:53:aa:55:b8:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3263787fd0f94b37813eef16bc8137423ee3fef3
        Validity
            Not Before: Jan  1 01:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e84cc174b3058401d7b46a2a3a0a3686190ac6c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:4d:12:8c:38:c5:c5:21:5f:99:c9:72:7a:d4:
                    75:48:e9:57:ac:e5:e6:0a:bd:f9:77:11:e9:4e:60:
                    c5:93:b5:24:e1:b3:ee:8e:7b:62:86:77:83:8f:5e:
                    c4:56:b5:16:e3:dd:f6:8d:e2:3e:55:31:98:c5:73:
                    34:cd:1d:da:89:f9:04:ae:7a:dd:a3:1c:c6:67:2e:
                    e2:bb:73:2b:2d:ce:ea:26:e5:5a:9d:66:b9:47:4f:
                    7f:9e:c0:44:c1:fe:06:e5:b2:f7:f1:29:02:9e:a7:
                    95:d6:a8:8e:5b:b5:65:55:d8:80:31:3f:d2:3b:be:
                    c2:79:08:68:1e:43:fe:55:b5:ea:4f:eb:01:aa:0b:
                    6f:5c:48:5d:b1:64:b9:16:32:7b:52:45:14:a1:9b:
                    f2:a8:a2:c6:87:c6:f0:1f:6e:16:f5:de:ef:fb:ec:
                    9a:45:f1:c7:e4:28:48:a1:50:ef:fb:9a:f4:f4:92:
                    88:32:07:b5:56:5a:c5:24:69:14:ab:99:d3:9d:ff:
                    1a:59:9c:80:a3:83:70:44:e2:d2:a2:e3:51:16:f6:
                    e6:22:7f:fd:d1:af:f5:19:ed:c7:98:30:91:cb:1d:
                    3e:d3:9f:f2:ee:f5:36:21:80:8f:db:d9:94:53:4b:
                    f0:38:78:fa:97:5c:78:9b:b8:e8:69:72:fe:27:de:
                    70:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:4C:C1:74:B3:05:84:01:D7:B4:6A:2A:3A:0A:36:86:19:0A:C6:C1
            X509v3 Authority Key Identifier:
                keyid:32:63:78:7F:D0:F9:4B:37:81:3E:EF:16:BC:81:37:42:3E:E3:FE:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/6EzBdLMFhAHXtGoqOgo2hhkKxsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/7703ef-2422-437c-b93d-595e0bf5c613/1/MmN4f9D5SzeBPu8WvIE3Qj7j_vM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.219.7.0/24
                IPv6:
                  2a03:ec41:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:6f:eb:f0:e7:69:95:07:f6:4d:53:31:7e:42:8d:eb:d4:7a:
         c5:7a:a2:5a:81:87:81:c0:76:7e:75:6e:d5:7f:08:c4:fa:bf:
         e6:f6:b1:9c:00:f0:c5:a4:a5:d6:a7:40:b3:f5:0a:d8:cb:cc:
         02:10:cc:a9:ec:ee:1a:04:d0:a7:31:1e:a9:7a:80:01:58:fb:
         b4:8a:17:68:fc:ef:68:1d:9c:65:a5:a4:bf:9c:2a:6b:03:0d:
         b7:59:ae:2c:be:e3:35:14:52:6a:d4:ee:23:a0:ce:54:5d:cf:
         72:c0:b2:97:49:a9:4d:ab:e0:2d:7c:1d:f8:0b:0c:e1:69:6f:
         a5:e8:c1:64:34:c6:ef:21:41:89:92:e8:ef:3a:52:7a:51:04:
         12:04:3e:b5:b9:fd:67:30:85:64:f5:11:27:27:b7:a0:08:de:
         a4:76:2d:77:50:37:0f:54:0e:37:3a:b4:35:bf:89:21:12:85:
         b0:27:81:77:53:e4:b5:71:a9:2c:8d:25:19:b6:b1:ef:83:5d:
         97:a0:87:a4:ca:ef:a5:f1:56:c3:9f:98:55:90:36:82:fe:40:
         26:3d:38:a8:f5:8c:f5:7e:5c:2f:8d:b3:4f:33:38:38:6a:51:
         ea:9f:92:e5:f4:9a:90:29:21:46:52:c0:67:8c:56:71:8a:fb:
         b4:a2:1c:87
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQfjAevTKsRTlsC8VOqVbjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyNjM3ODdmZDBmOTRiMzc4MTNlZWYxNmJjODEzNzQyM2Vl
M2ZlZjMwHhcNMjUwMTAxMDE0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODRjYzE3NGIzMDU4NDAxZDdiNDZhMmEzYTBhMzY4NjE5MGFjNmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz00SjDjFxSFfmclyetR1SOlXrOXm
Cr35dxHpTmDFk7Uk4bPujntihneDj17EVrUW4932jeI+VTGYxXM0zR3aifkErnrd
oxzGZy7iu3MrLc7qJuVanWa5R09/nsBEwf4G5bL38SkCnqeV1qiOW7VlVdiAMT/S
O77CeQhoHkP+VbXqT+sBqgtvXEhdsWS5FjJ7UkUUoZvyqKLGh8bwH24W9d7v++ya
RfHH5ChIoVDv+5r09JKIMge1VlrFJGkUq5nTnf8aWZyAo4NwROLSouNRFvbmIn/9
0a/1Ge3HmDCRyx0+05/y7vU2IYCP29mUU0vwOHj6l1x4m7joaXL+J95wLwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOhMwXSzBYQB17RqKjoKNoYZCsbBMB8GA1UdIwQY
MBaAFDJjeH/Q+Us3gT7vFryBN0I+4/7zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2Qt
NTk1ZTBiZjVjNjEzLzEvNkV6QmRMTUZoQUhYdEdvcU9nbzJoaGtLeHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS83NzAzZWYtMjQyMi00MzdjLWI5M2QtNTk1ZTBiZjVjNjEz
LzEvTW1ONGY5RDVTemVCUHU4V3ZJRTNRajdqX3ZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwdsHMA8E
AgACMAkDBwAqA+xBAAQwDQYJKoZIhvcNAQELBQADggEBAENv6/DnaZUH9k1TMX5C
jevUesV6olqBh4HAdn51btV/CMT6v+b2sZwA8MWkpdanQLP1CtjLzAIQzKns7hoE
0KcxHql6gAFY+7SKF2j872gdnGWlpL+cKmsDDbdZriy+4zUUUmrU7iOgzlRdz3LA
spdJqU2r4C18HfgLDOFpb6XowWQ0xu8hQYmS6O86UnpRBBIEPrW5/WcwhWT1EScn
t6AI3qR2LXdQNw9UDjc6tDW/iSEShbAngXdT5LVxqSyNJRm2se+DXZegh6TK76Xx
VsOfmFWQNoL+QCY9OKj1jPV+XC+Ns08zODhqUeqfkuX0mpApIUZSwGeMVnGK+7Si
HIc=
-----END CERTIFICATE-----