Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/8a495d-c435-42dc-9123-ecd7fee7c1b0/1/qYgKJzqVGOIS2q3xrX8ooE48Ll0.roa
File:                     qYgKJzqVGOIS2q3xrX8ooE48Ll0.roa (raw, json)
Hash identifier:          XcckjsH0x/cr5fkLwWS3aKPBjm2oKn4ecy6ASegzzfw=
Subject key identifier:   A9:88:0A:27:3A:95:18:E2:12:DA:AD:F1:AD:7F:28:A0:4E:3C:2E:5D
Certificate issuer:       /CN=6ba4e363974b2ef90ecb05340af5daf6b24160cb
Certificate serial:       018CC2DB10714927EA8084B45F5B1884888A
Authority key identifier: 6B:A4:E3:63:97:4B:2E:F9:0E:CB:05:34:0A:F5:DA:F6:B2:41:60:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6TjY5dLLvkOywU0CvXa9rJBYMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/8a495d-c435-42dc-9123-ecd7fee7c1b0/1/qYgKJzqVGOIS2q3xrX8ooE48Ll0.roa
Signing time:             Mon 01 Jan 2024 02:29:45 +0000
ROA not before:           Mon 01 Jan 2024 02:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50975
IP address blocks:        109.75.0.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/8a495d-c435-42dc-9123-ecd7fee7c1b0/1/a6TjY5dLLvkOywU0CvXa9rJBYMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/8a495d-c435-42dc-9123-ecd7fee7c1b0/1/a6TjY5dLLvkOywU0CvXa9rJBYMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6TjY5dLLvkOywU0CvXa9rJBYMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:10:71:49:27:ea:80:84:b4:5f:5b:18:84:88:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ba4e363974b2ef90ecb05340af5daf6b24160cb
        Validity
            Not Before: Jan  1 02:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9880a273a9518e212daadf1ad7f28a04e3c2e5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:be:21:12:80:ff:99:e7:d4:69:73:e2:82:0a:
                    1f:aa:25:fc:93:5b:64:00:7a:ea:fe:3a:66:d9:4d:
                    29:22:54:d3:cf:0c:5c:76:17:fd:cb:e9:97:d6:ba:
                    ac:38:6a:c6:70:f2:98:b0:e2:15:d3:a4:2b:37:91:
                    39:8b:f3:a3:f4:5e:78:6d:e9:5a:60:6e:6f:89:78:
                    9a:3d:90:eb:ba:31:6a:66:fc:a8:94:21:aa:7c:d3:
                    9c:e7:a7:9c:37:73:8a:35:92:0e:08:55:9a:49:37:
                    88:4b:eb:bf:ac:1c:ba:32:33:9a:30:1b:a3:2f:57:
                    8e:c3:63:c5:7a:bb:be:57:13:9b:81:57:67:52:da:
                    35:7d:bd:7d:74:d7:9f:a9:f8:ab:39:b0:3b:b4:af:
                    83:ea:57:e4:1b:d7:b1:08:80:a3:ce:d8:45:e2:c2:
                    44:a2:03:ec:44:e4:8f:2e:68:bf:e1:04:63:08:1c:
                    d8:f9:4c:b4:eb:d9:01:07:ca:9c:4b:88:48:7f:d0:
                    be:76:f7:3c:57:1e:92:d9:e7:61:e6:ea:af:14:77:
                    07:5e:db:6c:41:36:99:b7:38:d4:3e:83:8b:c8:5c:
                    1c:5a:1e:84:b6:1c:3b:15:81:bd:05:39:a8:b8:6b:
                    37:62:f6:42:5e:4c:ca:1e:8a:11:67:62:40:62:6e:
                    55:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:88:0A:27:3A:95:18:E2:12:DA:AD:F1:AD:7F:28:A0:4E:3C:2E:5D
            X509v3 Authority Key Identifier:
                keyid:6B:A4:E3:63:97:4B:2E:F9:0E:CB:05:34:0A:F5:DA:F6:B2:41:60:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6TjY5dLLvkOywU0CvXa9rJBYMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8a495d-c435-42dc-9123-ecd7fee7c1b0/1/qYgKJzqVGOIS2q3xrX8ooE48Ll0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/8a495d-c435-42dc-9123-ecd7fee7c1b0/1/a6TjY5dLLvkOywU0CvXa9rJBYMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.75.0.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:6d:9d:a9:cb:0e:62:07:ac:cd:7e:6f:04:ba:08:ae:6c:5a:
         71:73:69:9d:59:53:09:42:31:4c:bc:18:6d:39:ae:12:02:aa:
         4d:b5:16:4e:77:c6:05:1a:d7:9f:80:59:7f:ab:de:85:8a:3b:
         4a:d0:26:5c:76:25:02:51:f2:18:a2:b3:59:ee:8e:b9:c4:f5:
         62:00:a7:37:38:f5:1a:1f:3d:79:1d:5d:40:96:49:3b:25:ac:
         50:31:84:08:b0:07:b8:4e:5b:a0:bd:f8:d3:2a:00:6e:33:86:
         4c:e4:58:eb:86:73:87:88:c7:ae:23:83:7d:10:3e:14:1a:59:
         66:d4:7f:91:81:b7:25:64:d1:97:87:f0:36:53:87:10:c3:fc:
         db:ab:b0:d7:5b:a6:a5:ca:dc:9b:41:b0:41:bb:e9:a2:14:6e:
         dc:29:81:22:73:87:bb:f9:d0:f8:b9:64:d7:11:8e:a2:ed:45:
         61:a0:f7:33:0f:e7:ef:df:b0:fb:36:c8:cd:23:a3:9d:f1:08:
         26:0f:9e:2e:af:76:64:1c:42:8d:91:69:42:91:79:dd:1e:55:
         a8:a7:90:62:31:6f:ce:a1:de:71:43:a9:09:27:62:16:e8:ba:
         4a:f7:53:be:0c:25:17:aa:fa:dc:71:66:94:00:7b:6d:35:b6:
         9d:1d:38:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2xBxSSfqgIS0X1sYhIiKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTRlMzYzOTc0YjJlZjkwZWNiMDUzNDBhZjVkYWY2YjI0
MTYwY2IwHhcNMjQwMTAxMDIyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTg4MGEyNzNhOTUxOGUyMTJkYWFkZjFhZDdmMjhhMDRlM2MyZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAir4hEoD/mefUaXPiggofqiX8k1tk
AHrq/jpm2U0pIlTTzwxcdhf9y+mX1rqsOGrGcPKYsOIV06QrN5E5i/Oj9F54bela
YG5viXiaPZDrujFqZvyolCGqfNOc56ecN3OKNZIOCFWaSTeIS+u/rBy6MjOaMBuj
L1eOw2PFeru+VxObgVdnUto1fb19dNefqfirObA7tK+D6lfkG9exCICjzthF4sJE
ogPsROSPLmi/4QRjCBzY+Uy069kBB8qcS4hIf9C+dvc8Vx6S2edh5uqvFHcHXtts
QTaZtzjUPoOLyFwcWh6Ethw7FYG9BTmouGs3YvZCXkzKHooRZ2JAYm5VNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKmICic6lRjiEtqt8a1/KKBOPC5dMB8GA1UdIwQY
MBaAFGuk42OXSy75DssFNAr12vayQWDLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZUalk1ZExMdmtPeXdVMEN2WGE5ckpCWU1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi84YTQ5NWQtYzQzNS00MmRjLTkxMjMt
ZWNkN2ZlZTdjMWIwLzEvcVlnS0p6cVZHT0lTMnEzeHJYOG9vRTQ4TGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi84YTQ5NWQtYzQzNS00MmRjLTkxMjMtZWNkN2ZlZTdjMWIw
LzEvYTZUalk1ZExMdmtPeXdVMEN2WGE5ckpCWU1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDbUsAMA0G
CSqGSIb3DQEBCwUAA4IBAQApbZ2pyw5iB6zNfm8EugiubFpxc2mdWVMJQjFMvBht
Oa4SAqpNtRZOd8YFGtefgFl/q96FijtK0CZcdiUCUfIYorNZ7o65xPViAKc3OPUa
Hz15HV1Alkk7JaxQMYQIsAe4TlugvfjTKgBuM4ZM5FjrhnOHiMeuI4N9ED4UGllm
1H+RgbclZNGXh/A2U4cQw/zbq7DXW6alytybQbBBu+miFG7cKYEic4e7+dD4uWTX
EY6i7UVhoPczD+fv37D7NsjNI6Od8QgmD54ur3ZkHEKNkWlCkXndHlWop5BiMW/O
od5xQ6kJJ2IW6LpK91O+DCUXqvrccWaUAHttNbadHThs
-----END CERTIFICATE-----