Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/6q8N6VoPP_q-oPwlCyaGxEsFbDw.roa
File:                     6q8N6VoPP_q-oPwlCyaGxEsFbDw.roa (raw, json)
Hash identifier:          AKxIC7rFXLwJ6E/CCOOuKqm4dMvKQ2hWi1DrE/h1vNw=
Subject key identifier:   EA:AF:0D:E9:5A:0F:3F:FA:BE:A0:FC:25:0B:26:86:C4:4B:05:6C:3C
Certificate issuer:       /CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
Certificate serial:       019428242E1680B1E20E6B9A97ED7DACA30B
Authority key identifier: C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/6q8N6VoPP_q-oPwlCyaGxEsFbDw.roa
Signing time:             Thu 02 Jan 2025 17:50:47 +0000
ROA not before:           Thu 02 Jan 2025 17:50:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214170
IP address blocks:        79.124.29.0/24 maxlen: 24
                          2a01:8740:18::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:2e:16:80:b1:e2:0e:6b:9a:97:ed:7d:ac:a3:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35eac64ea4802e6824686f7c0d201f2c85cb2aa
        Validity
            Not Before: Jan  2 17:50:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eaaf0de95a0f3ffabea0fc250b2686c44b056c3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:1a:36:01:73:8b:27:9d:00:2a:63:80:4f:a6:
                    76:42:32:e3:4c:0e:37:36:0d:57:b5:46:06:63:68:
                    36:c6:5d:63:9a:64:0c:6d:d4:7a:4e:95:96:b2:a0:
                    54:05:37:8a:7e:64:45:e7:c4:7f:f0:db:9b:b1:bc:
                    40:5f:7b:51:45:f4:fb:7c:7a:ec:ae:d0:90:df:5e:
                    3d:77:3d:ea:e0:60:da:c7:0d:8d:93:a7:11:96:63:
                    7c:e3:6a:84:0b:dc:5e:15:16:98:43:28:8f:9d:a5:
                    d1:44:0d:0d:42:37:bb:3b:ef:a1:84:e7:d6:16:58:
                    a8:51:66:6f:de:49:2d:48:4b:32:9b:e5:c7:ed:f1:
                    c7:d0:67:2a:24:43:43:0c:95:19:fa:bf:d9:50:2c:
                    6d:b9:e3:37:1a:bf:7a:82:44:b2:35:25:a3:e5:8a:
                    78:25:98:a9:a8:44:32:d0:da:3a:e2:94:76:ce:07:
                    9d:d6:e8:27:ea:6d:e2:78:18:52:31:bc:ab:9f:ff:
                    04:93:37:f4:4c:5f:19:eb:7f:31:3b:50:48:57:60:
                    8e:63:84:bd:8d:03:85:7c:e6:86:60:81:22:b7:90:
                    94:ba:90:ad:38:d2:11:d6:55:d5:50:4e:eb:43:48:
                    2b:b9:94:f9:64:1d:e8:ad:ab:a6:c7:63:39:71:f3:
                    28:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:AF:0D:E9:5A:0F:3F:FA:BE:A0:FC:25:0B:26:86:C4:4B:05:6C:3C
            X509v3 Authority Key Identifier:
                keyid:C3:5E:AC:64:EA:48:02:E6:82:46:86:F7:C0:D2:01:F2:C8:5C:B2:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w16sZOpIAuaCRob3wNIB8shcsqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/6q8N6VoPP_q-oPwlCyaGxEsFbDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/ccdd8b-7720-4de0-8c43-dacb5f356ea3/1/w16sZOpIAuaCRob3wNIB8shcsqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.124.29.0/24
                IPv6:
                  2a01:8740:18::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:6c:4e:a8:58:d1:f5:c8:e5:85:cf:3d:17:39:c9:88:1b:f7:
         c7:5e:6e:d5:b6:62:d8:e4:31:18:8f:51:75:dc:eb:85:58:13:
         85:bd:29:d5:e3:dc:71:ec:24:95:1b:a5:1c:d8:c0:d5:dc:a3:
         61:77:bd:39:1e:e7:51:92:5a:70:ed:45:f8:38:9c:1c:6a:7a:
         a5:67:1e:4c:77:04:63:77:09:a3:de:53:0f:c4:25:d6:3f:5c:
         d2:be:8b:9c:3c:66:18:74:bd:31:55:4d:30:c5:ab:e1:d5:3e:
         3c:35:c9:ef:45:4a:c2:4c:04:f4:d3:22:0f:53:30:6f:40:86:
         33:84:b0:da:3b:48:84:9a:88:b2:38:80:ae:48:08:70:6b:6f:
         ff:fb:c2:c2:e6:a4:24:c2:15:4e:68:45:aa:27:59:59:6a:55:
         85:36:6e:2a:83:85:24:a8:36:b9:2e:f7:58:dc:f0:79:27:03:
         03:e0:e9:ae:df:2a:8d:bc:8c:ac:79:77:8e:a9:bc:1c:bd:1b:
         89:2e:e2:ab:54:03:2c:cd:9e:76:85:f8:03:0b:84:2f:15:2e:
         c9:af:8b:b6:89:04:df:53:21:b0:81:3f:9c:43:c5:61:b1:33:
         71:04:8f:fa:46:c1:9a:4b:a9:c5:a3:fe:fe:29:ef:e8:88:1a:
         53:41:ef:08
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQoJC4WgLHiDmual+19rKMLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWVhYzY0ZWE0ODAyZTY4MjQ2ODZmN2MwZDIwMWYyYzg1
Y2IyYWEwHhcNMjUwMTAyMTc1MDQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYWFmMGRlOTVhMGYzZmZhYmVhMGZjMjUwYjI2ODZjNDRiMDU2YzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuRo2AXOLJ50AKmOAT6Z2QjLjTA43
Ng1XtUYGY2g2xl1jmmQMbdR6TpWWsqBUBTeKfmRF58R/8NubsbxAX3tRRfT7fHrs
rtCQ3149dz3q4GDaxw2Nk6cRlmN842qEC9xeFRaYQyiPnaXRRA0NQje7O++hhOfW
FlioUWZv3kktSEsym+XH7fHH0GcqJENDDJUZ+r/ZUCxtueM3Gr96gkSyNSWj5Yp4
JZipqEQy0No64pR2zged1ugn6m3ieBhSMbyrn/8Ekzf0TF8Z638xO1BIV2COY4S9
jQOFfOaGYIEit5CUupCtONIR1lXVUE7rQ0gruZT5ZB3oraumx2M5cfMoQQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOqvDelaDz/6vqD8JQsmhsRLBWw8MB8GA1UdIwQY
MBaAFMNerGTqSALmgkaG98DSAfLIXLKqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMt
ZGFjYjVmMzU2ZWEzLzEvNnE4TjZWb1BQX3Etb1B3bEN5YUd4RXNGYkR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9jY2RkOGItNzcyMC00ZGUwLThjNDMtZGFjYjVmMzU2ZWEz
LzEvdzE2c1pPcElBdWFDUm9iM3dOSUI4c2hjc3FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAT3wdMA8E
AgACMAkDBwAqAYdAABgwDQYJKoZIhvcNAQELBQADggEBADJsTqhY0fXI5YXPPRc5
yYgb98debtW2YtjkMRiPUXXc64VYE4W9KdXj3HHsJJUbpRzYwNXco2F3vTke51GS
WnDtRfg4nBxqeqVnHkx3BGN3CaPeUw/EJdY/XNK+i5w8Zhh0vTFVTTDFq+HVPjw1
ye9FSsJMBPTTIg9TMG9AhjOEsNo7SISaiLI4gK5ICHBrb//7wsLmpCTCFU5oRaon
WVlqVYU2biqDhSSoNrku91jc8HknAwPg6a7fKo28jKx5d46pvBy9G4ku4qtUAyzN
nnaF+AMLhC8VLsmvi7aJBN9TIbCBP5xDxWGxM3EEj/pGwZpLqcWj/v4p7+iIGlNB
7wg=
-----END CERTIFICATE-----