Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/x3drftlfvyiEtkh0afmWcroU9Js.roa
File:                     x3drftlfvyiEtkh0afmWcroU9Js.roa (raw, json)
Hash identifier:          NILZn8jb2pSCwJZ594oMmV5sakNi3NDJXkj51QTnCsM=
Subject key identifier:   C7:77:6B:7E:D9:5F:BF:28:84:B6:48:74:69:F9:96:72:BA:14:F4:9B
Certificate issuer:       /CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
Certificate serial:       019426D92E5082A75228D2E8E75402F5BF60
Authority key identifier: 74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/x3drftlfvyiEtkh0afmWcroU9Js.roa
Signing time:             Thu 02 Jan 2025 11:49:14 +0000
ROA not before:           Thu 02 Jan 2025 11:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        194.6.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:2e:50:82:a7:52:28:d2:e8:e7:54:02:f5:bf:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=743d850cd12a363ddcdb0dc273e1dfc863b705f7
        Validity
            Not Before: Jan  2 11:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7776b7ed95fbf2884b6487469f99672ba14f49b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:16:2c:61:4c:a3:77:26:35:87:22:2e:8b:26:
                    ae:47:90:29:af:76:4d:bd:63:ed:43:ee:9f:95:a9:
                    c8:61:c6:33:07:70:e6:f2:61:52:1e:07:c7:1b:8b:
                    63:46:28:f5:6d:2e:bf:88:8e:9b:af:73:70:95:5c:
                    84:8d:6e:37:c6:eb:0f:5a:b2:a1:93:3f:55:3f:eb:
                    5b:53:bc:8f:6e:1b:36:50:45:cd:cc:67:b4:3f:83:
                    03:8f:31:7e:25:4a:7a:8e:a6:5a:66:c5:a7:8a:50:
                    8b:6f:26:1c:53:44:55:dc:aa:c0:87:1e:e3:12:bd:
                    77:aa:4e:75:0b:1f:ec:2f:ab:ea:69:78:70:25:74:
                    46:4b:29:9f:bb:0f:62:b2:99:c6:ee:c8:9c:ba:d9:
                    2b:73:e7:b0:c6:49:a5:cf:2f:67:c5:1c:20:c9:67:
                    a9:c4:89:4f:0a:8a:16:26:df:bd:db:83:80:20:18:
                    3d:ec:4e:a7:ea:a9:f2:eb:14:80:05:42:80:45:a1:
                    95:a4:a4:51:2b:83:90:44:39:df:af:7e:ef:02:ec:
                    1e:94:ef:ae:74:0b:68:d9:69:8f:2d:ae:8a:92:85:
                    78:f4:be:73:cb:5d:d5:e4:c0:f5:05:88:85:fe:51:
                    a2:9b:4a:78:27:56:f9:75:ad:4b:de:3d:1e:d1:a0:
                    14:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:77:6B:7E:D9:5F:BF:28:84:B6:48:74:69:F9:96:72:BA:14:F4:9B
            X509v3 Authority Key Identifier:
                keyid:74:3D:85:0C:D1:2A:36:3D:DC:DB:0D:C2:73:E1:DF:C8:63:B7:05:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/x3drftlfvyiEtkh0afmWcroU9Js.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/081e96-10e1-4c97-b932-1daf80c519d0/1/dD2FDNEqNj3c2w3Cc-HfyGO3Bfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.6.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5e:06:07:29:b7:64:e6:77:ce:eb:a9:e3:ca:20:a8:72:af:
         d6:a9:28:c3:4e:28:40:c1:33:97:8a:5d:c1:23:1d:b5:61:43:
         87:90:e6:8d:53:98:e0:54:58:28:8f:97:ed:4e:fd:d6:c9:c6:
         e8:ca:59:a5:78:7d:17:46:28:5d:20:62:60:da:b7:4f:bd:60:
         27:0b:87:ed:a0:5c:25:68:ad:72:1a:49:35:82:fa:4c:71:e1:
         9f:71:a9:81:78:22:fa:2e:2e:96:7a:bf:be:e0:96:e8:a3:9c:
         ce:a9:a2:25:e2:61:13:7b:46:af:d1:a1:18:07:75:3d:e6:64:
         77:fe:62:b0:8f:5d:e3:26:47:59:04:04:c3:c8:9c:2d:4c:f1:
         e6:b1:1b:38:27:ba:1e:59:52:95:3a:69:93:39:33:73:7f:ee:
         a3:dd:7d:e9:e8:f5:ca:23:c2:0c:d7:18:60:55:68:3d:c9:02:
         26:66:92:a5:8a:f1:69:62:c3:a3:a3:fc:4e:36:5d:bf:4d:9a:
         cb:e7:e8:b8:3c:56:6a:d8:6d:3a:83:6f:95:58:fe:b8:9b:03:
         95:c1:78:e1:de:f3:5a:af:da:a1:10:81:16:ef:77:56:85:11:
         cd:83:fe:05:76:a4:ed:82:4d:7f:a0:b9:20:52:57:aa:79:b8:
         3f:c5:db:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2S5QgqdSKNLo51QC9b9gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2Q4NTBjZDEyYTM2M2RkY2RiMGRjMjczZTFkZmM4NjNi
NzA1ZjcwHhcNMjUwMTAyMTE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzc3NmI3ZWQ5NWZiZjI4ODRiNjQ4NzQ2OWY5OTY3MmJhMTRmNDliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhYsYUyjdyY1hyIuiyauR5Apr3ZN
vWPtQ+6flanIYcYzB3Dm8mFSHgfHG4tjRij1bS6/iI6br3NwlVyEjW43xusPWrKh
kz9VP+tbU7yPbhs2UEXNzGe0P4MDjzF+JUp6jqZaZsWnilCLbyYcU0RV3KrAhx7j
Er13qk51Cx/sL6vqaXhwJXRGSymfuw9ispnG7sicutkrc+ewxkmlzy9nxRwgyWep
xIlPCooWJt+924OAIBg97E6n6qny6xSABUKARaGVpKRRK4OQRDnfr37vAuwelO+u
dAto2WmPLa6KkoV49L5zy13V5MD1BYiF/lGim0p4J1b5da1L3j0e0aAURQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMd3a37ZX78ohLZIdGn5lnK6FPSbMB8GA1UdIwQY
MBaAFHQ9hQzRKjY93NsNwnPh38hjtwX3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQyRkRORXFOajNjMnczQ2MtSGZ5R08zQmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wODFlOTYtMTBlMS00Yzk3LWI5MzIt
MWRhZjgwYzUxOWQwLzEveDNkcmZ0bGZ2eWlFdGtoMGFmbVdjcm9VOUpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wODFlOTYtMTBlMS00Yzk3LWI5MzItMWRhZjgwYzUxOWQw
LzEvZEQyRkRORXFOajNjMnczQ2MtSGZ5R08zQmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgb/MA0G
CSqGSIb3DQEBCwUAA4IBAQAkXgYHKbdk5nfO66njyiCocq/WqSjDTihAwTOXil3B
Ix21YUOHkOaNU5jgVFgoj5ftTv3WycboylmleH0XRihdIGJg2rdPvWAnC4ftoFwl
aK1yGkk1gvpMceGfcamBeCL6Li6Wer++4Jboo5zOqaIl4mETe0av0aEYB3U95mR3
/mKwj13jJkdZBATDyJwtTPHmsRs4J7oeWVKVOmmTOTNzf+6j3X3p6PXKI8IM1xhg
VWg9yQImZpKlivFpYsOjo/xONl2/TZrL5+i4PFZq2G06g2+VWP64mwOVwXjh3vNa
r9qhEIEW73dWhRHNg/4FdqTtgk1/oLkgUleqebg/xdvg
-----END CERTIFICATE-----