Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/8cea1f-45e4-4201-bebc-0ded06e40a75/1/q6m7NK6FK0sB-sCvgtch4Ed6hLg.roa
File:                     q6m7NK6FK0sB-sCvgtch4Ed6hLg.roa (raw, json)
Hash identifier:          DERyLKP5VNG6isDvq1+Dptn/M33LMn5to41DaPS8E8I=
Subject key identifier:   AB:A9:BB:34:AE:85:2B:4B:01:FA:C0:AF:82:D7:21:E0:47:7A:84:B8
Certificate issuer:       /CN=d125fac4a5d95b41a072ebbf4f035d09b3aa59c7
Certificate serial:       018CC726F0509BBA7ABACF80FB1F7A421807
Authority key identifier: D1:25:FA:C4:A5:D9:5B:41:A0:72:EB:BF:4F:03:5D:09:B3:AA:59:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0SX6xKXZW0Ggcuu_TwNdCbOqWcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/8cea1f-45e4-4201-bebc-0ded06e40a75/1/q6m7NK6FK0sB-sCvgtch4Ed6hLg.roa
Signing time:             Mon 01 Jan 2024 22:31:07 +0000
ROA not before:           Mon 01 Jan 2024 22:31:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47549
IP address blocks:        93.159.202.0/24 maxlen: 24
                          93.159.206.0/24 maxlen: 24
                          93.159.201.0/24 maxlen: 24
                          93.159.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/8cea1f-45e4-4201-bebc-0ded06e40a75/1/0SX6xKXZW0Ggcuu_TwNdCbOqWcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/8cea1f-45e4-4201-bebc-0ded06e40a75/1/0SX6xKXZW0Ggcuu_TwNdCbOqWcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0SX6xKXZW0Ggcuu_TwNdCbOqWcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:f0:50:9b:ba:7a:ba:cf:80:fb:1f:7a:42:18:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d125fac4a5d95b41a072ebbf4f035d09b3aa59c7
        Validity
            Not Before: Jan  1 22:31:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aba9bb34ae852b4b01fac0af82d721e0477a84b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:06:8f:d2:34:7f:67:f4:22:fc:e4:31:c3:49:
                    a1:34:e9:4b:53:9c:51:14:d7:50:90:5a:b6:b7:36:
                    72:1a:0d:2b:77:c8:36:c0:c0:32:32:59:ff:46:76:
                    a9:6c:04:79:3b:9b:22:17:82:d4:dc:38:2c:c5:4d:
                    29:f0:c1:c3:31:66:9d:c1:e5:99:16:68:50:3e:cc:
                    97:af:7c:69:71:bc:55:dc:01:61:31:ed:fa:0c:52:
                    fa:98:65:1b:13:41:7f:ae:60:bc:02:bf:51:b0:88:
                    e3:3f:c7:98:24:96:3a:68:c3:38:f4:44:e3:cb:96:
                    e9:47:1c:53:6d:3d:9d:b0:ee:b5:1f:04:53:5b:a8:
                    77:37:2d:38:ef:73:5f:f9:11:e1:ee:f0:60:b5:61:
                    77:07:37:bd:62:41:21:87:ea:e8:8e:94:02:db:02:
                    ef:1e:29:ed:38:cc:7c:c0:bb:36:18:4b:cf:76:c6:
                    bf:20:60:7a:83:45:12:47:e5:ed:4b:f6:02:1f:d8:
                    8c:a6:e4:c7:ee:93:f3:58:a0:d5:8f:34:00:92:99:
                    d8:1d:69:dc:bc:21:da:f7:b1:4e:c0:76:ad:cc:04:
                    8f:33:f4:e1:3a:e5:d1:94:79:84:37:4c:31:8a:71:
                    5c:d0:59:b1:3c:9d:88:c3:86:ca:9c:58:b9:9c:6b:
                    ab:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A9:BB:34:AE:85:2B:4B:01:FA:C0:AF:82:D7:21:E0:47:7A:84:B8
            X509v3 Authority Key Identifier:
                keyid:D1:25:FA:C4:A5:D9:5B:41:A0:72:EB:BF:4F:03:5D:09:B3:AA:59:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0SX6xKXZW0Ggcuu_TwNdCbOqWcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8cea1f-45e4-4201-bebc-0ded06e40a75/1/q6m7NK6FK0sB-sCvgtch4Ed6hLg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/8cea1f-45e4-4201-bebc-0ded06e40a75/1/0SX6xKXZW0Ggcuu_TwNdCbOqWcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.200.0-93.159.202.255
                  93.159.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:63:da:3e:b3:a1:24:99:ad:f6:36:2f:10:87:1f:4a:c7:1e:
         33:de:ae:12:a3:59:83:d5:6d:b1:d3:1c:b9:89:25:b6:42:b5:
         3b:ea:61:63:01:32:6f:7a:d5:a4:33:84:5e:bf:be:90:66:d7:
         ac:64:bd:9b:f7:d6:1b:9a:3f:66:a2:a1:69:ec:31:7d:4c:0c:
         3a:75:63:7f:81:67:1c:0b:cc:fa:9e:35:0d:82:42:e4:57:7a:
         7b:e4:b9:a2:45:d1:0a:fd:70:2c:a5:8a:52:a7:6e:fc:33:b3:
         c8:2c:3f:00:0c:f2:5f:af:ca:a6:ff:5d:f8:e0:31:32:b8:09:
         7b:b5:67:9f:f2:af:71:0b:33:a5:d9:01:96:a1:ea:b9:9b:18:
         2e:45:92:2a:ce:7e:c6:bf:ce:aa:11:52:d2:95:ac:43:42:f0:
         61:d6:60:2e:32:9f:fd:0f:d1:27:e6:6d:d2:cc:78:be:1a:9d:
         d5:8a:dc:a0:87:8d:3d:4c:99:74:3d:b8:82:10:3b:f6:2b:51:
         02:cd:c8:32:7b:5d:22:0d:df:fa:e3:b0:07:a4:72:47:19:df:
         72:60:e6:ce:c4:4e:4c:53:11:e8:26:cf:2a:f9:96:27:ea:b1:
         d1:03:da:47:92:a3:51:6b:8e:1b:7d:0e:20:2b:d0:1f:1b:3c:
         8e:f6:c3:bb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzHJvBQm7p6us+A+x96QhgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxMjVmYWM0YTVkOTViNDFhMDcyZWJiZjRmMDM1ZDA5YjNh
YTU5YzcwHhcNMjQwMTAxMjIzMTA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE5YmIzNGFlODUyYjRiMDFmYWMwYWY4MmQ3MjFlMDQ3N2E4NGI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AaP0jR/Z/Qi/OQxw0mhNOlLU5xR
FNdQkFq2tzZyGg0rd8g2wMAyMln/RnapbAR5O5siF4LU3DgsxU0p8MHDMWadweWZ
FmhQPsyXr3xpcbxV3AFhMe36DFL6mGUbE0F/rmC8Ar9RsIjjP8eYJJY6aMM49ETj
y5bpRxxTbT2dsO61HwRTW6h3Ny0473Nf+RHh7vBgtWF3Bze9YkEhh+rojpQC2wLv
HintOMx8wLs2GEvPdsa/IGB6g0USR+XtS/YCH9iMpuTH7pPzWKDVjzQAkpnYHWnc
vCHa97FOwHatzASPM/ThOuXRlHmEN0wxinFc0FmxPJ2Iw4bKnFi5nGurkQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFKupuzSuhStLAfrAr4LXIeBHeoS4MB8GA1UdIwQY
MBaAFNEl+sSl2VtBoHLrv08DXQmzqlnHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMFNYNnhLWFpXMEdnY3V1X1R3TmRDYk9xV2NjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS84Y2VhMWYtNDVlNC00MjAxLWJlYmMt
MGRlZDA2ZTQwYTc1LzEvcTZtN05LNkZLMHNCLXNDdmd0Y2g0RWQ2aExnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS84Y2VhMWYtNDVlNC00MjAxLWJlYmMtMGRlZDA2ZTQwYTc1
LzEvMFNYNnhLWFpXMEdnY3V1X1R3TmRDYk9xV2NjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBANdn8gD
BABdn8oDBABdn84wDQYJKoZIhvcNAQELBQADggEBAENj2j6zoSSZrfY2LxCHH0rH
HjPerhKjWYPVbbHTHLmJJbZCtTvqYWMBMm961aQzhF6/vpBm16xkvZv31huaP2ai
oWnsMX1MDDp1Y3+BZxwLzPqeNQ2CQuRXenvkuaJF0Qr9cCylilKnbvwzs8gsPwAM
8l+vyqb/XfjgMTK4CXu1Z5/yr3ELM6XZAZah6rmbGC5FkirOfsa/zqoRUtKVrENC
8GHWYC4yn/0P0SfmbdLMeL4andWK3KCHjT1MmXQ9uIIQO/YrUQLNyDJ7XSIN3/rj
sAekckcZ33Jg5s7ETkxTEegmzyr5lifqsdED2keSo1Frjht9DiAr0B8bPI72w7s=
-----END CERTIFICATE-----