Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/A-6dGixYiVjP5SArd3OOXzF_y94.roa
File:                     A-6dGixYiVjP5SArd3OOXzF_y94.roa (raw, json)
Hash identifier:          dHKBVyiR8mv13Z7wTMxDvJhUaTAdj4JJSYSEmomSgRI=
Subject key identifier:   03:EE:9D:1A:2C:58:89:58:CF:E5:20:2B:77:73:8E:5F:31:7F:CB:DE
Certificate issuer:       /CN=a389e7035b08e181a341f37eda7343d23f1cafa4
Certificate serial:       0194258F02BCFAE1497F5CDEEB6A100C7B23
Authority key identifier: A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/A-6dGixYiVjP5SArd3OOXzF_y94.roa
Signing time:             Thu 02 Jan 2025 05:48:36 +0000
ROA not before:           Thu 02 Jan 2025 05:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     17941
IP address blocks:        176.121.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:02:bc:fa:e1:49:7f:5c:de:eb:6a:10:0c:7b:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a389e7035b08e181a341f37eda7343d23f1cafa4
        Validity
            Not Before: Jan  2 05:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03ee9d1a2c588958cfe5202b77738e5f317fcbde
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:62:e5:78:b0:73:d0:6e:8d:79:7a:82:36:59:
                    09:2e:cf:51:18:d9:a9:cc:8e:0b:67:1a:65:47:95:
                    c6:3e:e9:20:53:49:10:a0:b0:32:1b:a6:c9:0e:32:
                    34:21:ca:54:4f:b5:33:2e:17:8f:98:28:ae:71:f4:
                    18:d3:74:a5:22:85:f1:77:e4:47:30:b7:81:70:75:
                    56:6e:75:f4:5b:15:65:47:8e:dd:dc:b2:fa:cc:8c:
                    3c:5f:84:fa:27:cf:b5:89:79:62:76:84:c0:4a:92:
                    7e:bd:78:23:29:b6:5f:9c:15:07:a5:1f:c2:24:60:
                    21:f8:67:49:44:a7:92:82:de:c1:8d:6c:6b:33:46:
                    08:0d:93:5f:bf:3a:4d:42:76:9f:2b:ad:1d:94:05:
                    74:ee:2e:40:06:68:3f:70:07:e2:86:e5:2c:11:bf:
                    84:eb:01:0e:01:79:61:3d:97:af:cb:27:d7:1f:8e:
                    c2:82:6b:49:df:b0:64:38:a6:dd:dc:69:23:e0:15:
                    c7:d1:1f:50:60:c9:93:28:a3:d3:78:a7:2c:e7:1e:
                    17:d4:7c:53:54:27:3a:b8:f6:be:81:c4:c9:65:b2:
                    18:1a:16:6e:f6:30:f1:41:0e:f2:a3:7e:34:f7:8b:
                    69:cb:56:53:00:ff:75:ce:ec:46:e4:2b:95:05:43:
                    62:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:EE:9D:1A:2C:58:89:58:CF:E5:20:2B:77:73:8E:5F:31:7F:CB:DE
            X509v3 Authority Key Identifier:
                keyid:A3:89:E7:03:5B:08:E1:81:A3:41:F3:7E:DA:73:43:D2:3F:1C:AF:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o4nnA1sI4YGjQfN-2nND0j8cr6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/A-6dGixYiVjP5SArd3OOXzF_y94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/f053cd-1d79-43a1-9aab-0e72416b4dc7/1/o4nnA1sI4YGjQfN-2nND0j8cr6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.121.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:7e:33:d4:40:78:de:2a:21:ad:96:7f:eb:78:68:12:94:da:
         c7:2b:f2:6e:5c:66:17:59:b5:87:e5:fd:45:b8:d1:91:fb:bd:
         15:f3:0e:54:44:a8:61:6a:41:cc:75:1f:f4:3e:69:19:8f:3d:
         90:94:2d:10:04:36:87:20:14:2d:78:d6:ea:3e:15:1f:e5:53:
         ef:94:93:e7:c0:b0:12:3a:d3:39:70:62:1f:30:48:1d:0a:27:
         d4:37:6f:f4:b4:56:74:63:fb:92:e4:a6:f3:63:e6:a8:76:46:
         2b:7c:0f:69:85:7d:ff:be:30:b4:f1:d7:b1:99:a8:14:47:89:
         de:80:68:b5:9f:a4:dc:06:da:94:cf:2c:f9:33:99:3c:32:a6:
         72:53:54:0f:f4:df:b1:40:35:9c:44:35:c6:e9:b8:c7:36:7f:
         c8:d6:81:9a:8d:13:0a:30:7f:b2:ef:3a:07:a2:7b:09:06:10:
         f9:62:44:fb:92:a1:35:39:b0:ad:be:d7:cf:c3:1d:10:1a:e4:
         05:50:44:f1:7b:b8:79:11:38:e2:bb:87:fb:79:ac:67:8f:e0:
         80:43:0c:5c:23:fe:e8:dd:f5:a6:62:d2:22:73:d3:6b:11:54:
         d9:07:8d:80:67:57:3b:ab:74:a8:a4:8a:38:29:1d:d7:1f:d7:
         ea:80:48:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwK8+uFJf1ze62oQDHsjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzODllNzAzNWIwOGUxODFhMzQxZjM3ZWRhNzM0M2QyM2Yx
Y2FmYTQwHhcNMjUwMTAyMDU0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2VlOWQxYTJjNTg4OTU4Y2ZlNTIwMmI3NzczOGU1ZjMxN2ZjYmRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtmLleLBz0G6NeXqCNlkJLs9RGNmp
zI4LZxplR5XGPukgU0kQoLAyG6bJDjI0IcpUT7UzLhePmCiucfQY03SlIoXxd+RH
MLeBcHVWbnX0WxVlR47d3LL6zIw8X4T6J8+1iXlidoTASpJ+vXgjKbZfnBUHpR/C
JGAh+GdJRKeSgt7BjWxrM0YIDZNfvzpNQnafK60dlAV07i5ABmg/cAfihuUsEb+E
6wEOAXlhPZevyyfXH47CgmtJ37BkOKbd3Gkj4BXH0R9QYMmTKKPTeKcs5x4X1HxT
VCc6uPa+gcTJZbIYGhZu9jDxQQ7yo34094tpy1ZTAP91zuxG5CuVBUNi3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPunRosWIlYz+UgK3dzjl8xf8veMB8GA1UdIwQY
MBaAFKOJ5wNbCOGBo0HzftpzQ9I/HK+kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWIt
MGU3MjQxNmI0ZGM3LzEvQS02ZEdpeFlpVmpQNVNBcmQzT09YekZfeTk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9mMDUzY2QtMWQ3OS00M2ExLTlhYWItMGU3MjQxNmI0ZGM3
LzEvbzRubkExc0k0WUdqUWZOLTJuTkQwajhjcjZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHldMA0G
CSqGSIb3DQEBCwUAA4IBAQB3fjPUQHjeKiGtln/reGgSlNrHK/JuXGYXWbWH5f1F
uNGR+70V8w5URKhhakHMdR/0PmkZjz2QlC0QBDaHIBQteNbqPhUf5VPvlJPnwLAS
OtM5cGIfMEgdCifUN2/0tFZ0Y/uS5KbzY+aodkYrfA9phX3/vjC08dexmagUR4ne
gGi1n6TcBtqUzyz5M5k8MqZyU1QP9N+xQDWcRDXG6bjHNn/I1oGajRMKMH+y7zoH
onsJBhD5YkT7kqE1ObCtvtfPwx0QGuQFUETxe7h5ETjiu4f7eaxnj+CAQwxcI/7o
3fWmYtIic9NrEVTZB42AZ1c7q3SopIo4KR3XH9fqgEhP
-----END CERTIFICATE-----