Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/6a8ad5-21df-4dbb-9abd-d446455dc5ba/1/6eQ_zPFAA063sG4iZtWQWJE5oqw.roa
File:                     6eQ_zPFAA063sG4iZtWQWJE5oqw.roa (raw, json)
Hash identifier:          nmWpCxwmwnfwHTYKUYfk1OMQjYzDlAhet+lCEz3vLMA=
Subject key identifier:   E9:E4:3F:CC:F1:40:03:4E:B7:B0:6E:22:66:D5:90:58:91:39:A2:AC
Certificate issuer:       /CN=f14666fbb64c4da8cb8992bf0da97b8b0117eac6
Certificate serial:       018CCA96E069930D0B95401F08F7D6AB7FB3
Authority key identifier: F1:46:66:FB:B6:4C:4D:A8:CB:89:92:BF:0D:A9:7B:8B:01:17:EA:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8UZm-7ZMTajLiZK_Dal7iwEX6sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/6a8ad5-21df-4dbb-9abd-d446455dc5ba/1/6eQ_zPFAA063sG4iZtWQWJE5oqw.roa
Signing time:             Tue 02 Jan 2024 14:32:14 +0000
ROA not before:           Tue 02 Jan 2024 14:32:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48797
IP address blocks:        185.130.16.0/22 maxlen: 22
                          95.128.232.0/22 maxlen: 22
                          95.128.236.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/6a8ad5-21df-4dbb-9abd-d446455dc5ba/1/8UZm-7ZMTajLiZK_Dal7iwEX6sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/6a8ad5-21df-4dbb-9abd-d446455dc5ba/1/8UZm-7ZMTajLiZK_Dal7iwEX6sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8UZm-7ZMTajLiZK_Dal7iwEX6sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:96:e0:69:93:0d:0b:95:40:1f:08:f7:d6:ab:7f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f14666fbb64c4da8cb8992bf0da97b8b0117eac6
        Validity
            Not Before: Jan  2 14:32:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9e43fccf140034eb7b06e2266d590589139a2ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:32:a6:91:97:47:11:36:aa:68:1d:4c:63:bb:
                    b8:1d:ba:27:0a:12:bc:b1:6f:56:aa:c4:d0:b9:20:
                    da:6e:dd:53:31:17:e3:69:e7:10:6a:5e:18:96:ee:
                    fd:74:7e:f4:b8:fa:5c:6d:c3:b1:fe:93:b4:fe:65:
                    ab:00:e5:aa:cd:e0:1c:56:11:63:3c:23:9c:61:ae:
                    4c:18:92:98:03:85:b5:c6:45:bb:71:d5:c2:d1:57:
                    c4:aa:53:c0:cb:28:1e:d3:ab:3b:ca:20:d0:6e:54:
                    a7:9e:d3:4f:12:30:cb:17:b9:34:a0:62:8e:12:7a:
                    ad:fa:c2:c2:b4:44:43:5e:a3:7e:b2:7a:87:64:fe:
                    07:f5:86:2a:29:71:42:a7:89:5d:c4:1a:f2:74:fe:
                    d7:fc:71:2f:9f:8b:f1:83:a1:5d:a9:dd:66:93:07:
                    97:4d:94:89:fe:f0:a6:81:61:5e:d4:8c:1b:7f:b9:
                    c9:40:b3:f1:9d:e5:77:f9:63:49:e6:12:a9:d9:f7:
                    94:54:0e:5b:56:4e:2c:80:da:6c:9e:b4:24:40:29:
                    38:55:f3:66:9e:1c:36:04:f1:03:b9:79:a8:f4:69:
                    2f:3d:c5:e4:00:ee:6e:92:2c:74:ae:98:07:64:f1:
                    dd:a9:34:b3:12:6f:7f:55:68:9e:55:c2:ed:54:12:
                    89:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:E4:3F:CC:F1:40:03:4E:B7:B0:6E:22:66:D5:90:58:91:39:A2:AC
            X509v3 Authority Key Identifier:
                keyid:F1:46:66:FB:B6:4C:4D:A8:CB:89:92:BF:0D:A9:7B:8B:01:17:EA:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8UZm-7ZMTajLiZK_Dal7iwEX6sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6a8ad5-21df-4dbb-9abd-d446455dc5ba/1/6eQ_zPFAA063sG4iZtWQWJE5oqw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6a8ad5-21df-4dbb-9abd-d446455dc5ba/1/8UZm-7ZMTajLiZK_Dal7iwEX6sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.128.232.0/21
                  185.130.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:61:1d:c9:23:47:3d:70:f6:8d:af:41:f8:6b:5c:c4:6d:bc:
         3d:fd:d0:bc:2b:77:63:8d:82:54:9e:2d:93:40:bb:35:83:d5:
         15:e0:7d:d0:18:83:fb:4e:93:41:46:eb:fa:b1:51:15:b9:74:
         0a:fb:a4:08:d0:f5:21:18:ba:1c:02:82:54:6f:19:07:9e:73:
         87:25:58:73:2c:5f:31:7e:59:25:4d:64:1f:82:43:89:82:4f:
         3c:52:91:11:15:57:ac:74:a5:00:11:37:02:2e:50:b4:a6:d0:
         42:78:c1:d3:f2:85:e9:65:c3:90:73:11:41:72:34:0b:1f:1f:
         09:d0:7d:ea:92:d2:4f:84:b3:43:51:c3:65:aa:e4:cd:76:10:
         02:af:ba:33:2a:22:93:d3:0a:95:32:6d:3d:dc:e3:4b:82:ce:
         63:8f:1d:19:11:db:e4:63:aa:fe:60:8d:7f:45:92:c7:88:87:
         24:d4:36:c4:41:0c:a5:b1:f7:3a:5f:98:12:45:ad:bb:9a:16:
         0a:d3:c8:2e:b3:a5:9f:d1:b9:85:dd:ea:de:c7:3e:43:ac:b3:
         92:74:54:92:3b:ae:66:84:98:01:31:03:7b:df:63:cb:b8:90:
         c6:81:81:de:51:d9:10:ad:ba:75:08:bb:1f:e5:5c:e1:83:69:
         4a:3f:21:b5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKluBpkw0LlUAfCPfWq3+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDY2NmZiYjY0YzRkYThjYjg5OTJiZjBkYTk3YjhiMDEx
N2VhYzYwHhcNMjQwMTAyMTQzMjE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWU0M2ZjY2YxNDAwMzRlYjdiMDZlMjI2NmQ1OTA1ODkxMzlhMmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTKmkZdHETaqaB1MY7u4HbonChK8
sW9WqsTQuSDabt1TMRfjaecQal4Ylu79dH70uPpcbcOx/pO0/mWrAOWqzeAcVhFj
PCOcYa5MGJKYA4W1xkW7cdXC0VfEqlPAyyge06s7yiDQblSnntNPEjDLF7k0oGKO
Enqt+sLCtERDXqN+snqHZP4H9YYqKXFCp4ldxBrydP7X/HEvn4vxg6Fdqd1mkweX
TZSJ/vCmgWFe1Iwbf7nJQLPxneV3+WNJ5hKp2feUVA5bVk4sgNpsnrQkQCk4VfNm
nhw2BPEDuXmo9GkvPcXkAO5ukix0rpgHZPHdqTSzEm9/VWieVcLtVBKJBQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOnkP8zxQANOt7BuImbVkFiROaKsMB8GA1UdIwQY
MBaAFPFGZvu2TE2oy4mSvw2pe4sBF+rGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVabS03Wk1UYWpMaVpLX0RhbDdpd0VYNnNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82YThhZDUtMjFkZi00ZGJiLTlhYmQt
ZDQ0NjQ1NWRjNWJhLzEvNmVRX3pQRkFBMDYzc0c0aVp0V1FXSkU1b3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82YThhZDUtMjFkZi00ZGJiLTlhYmQtZDQ0NjQ1NWRjNWJh
LzEvOFVabS03Wk1UYWpMaVpLX0RhbDdpd0VYNnNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDX4DoAwQC
uYIQMA0GCSqGSIb3DQEBCwUAA4IBAQBpYR3JI0c9cPaNr0H4a1zEbbw9/dC8K3dj
jYJUni2TQLs1g9UV4H3QGIP7TpNBRuv6sVEVuXQK+6QI0PUhGLocAoJUbxkHnnOH
JVhzLF8xflklTWQfgkOJgk88UpERFVesdKUAETcCLlC0ptBCeMHT8oXpZcOQcxFB
cjQLHx8J0H3qktJPhLNDUcNlquTNdhACr7ozKiKT0wqVMm093ONLgs5jjx0ZEdvk
Y6r+YI1/RZLHiIck1DbEQQylsfc6X5gSRa27mhYK08gus6Wf0bmF3erexz5DrLOS
dFSSO65mhJgBMQN732PLuJDGgYHeUdkQrbp1CLsf5Vzhg2lKPyG1
-----END CERTIFICATE-----