Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/k6_D03YidxIC349EjXRq0tAB-Qo.roa
File:                     k6_D03YidxIC349EjXRq0tAB-Qo.roa (raw, json)
Hash identifier:          EeEY/m7OL+tVaal0Hy7U3tDs+glAoHmKchjSxGhakus=
Subject key identifier:   93:AF:C3:D3:76:22:77:12:02:DF:8F:44:8D:74:6A:D2:D0:01:F9:0A
Certificate issuer:       /CN=3def11bb8a8d480a0313e1f218a66bdf4e95f627
Certificate serial:       019421B2400A0D09A09CCE8CCA53D9216632
Authority key identifier: 3D:EF:11:BB:8A:8D:48:0A:03:13:E1:F2:18:A6:6B:DF:4E:95:F6:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Pe8Ru4qNSAoDE-HyGKZr306V9ic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/k6_D03YidxIC349EjXRq0tAB-Qo.roa
Signing time:             Wed 01 Jan 2025 11:48:37 +0000
ROA not before:           Wed 01 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51703
IP address blocks:        212.174.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/Pe8Ru4qNSAoDE-HyGKZr306V9ic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/Pe8Ru4qNSAoDE-HyGKZr306V9ic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Pe8Ru4qNSAoDE-HyGKZr306V9ic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:40:0a:0d:09:a0:9c:ce:8c:ca:53:d9:21:66:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3def11bb8a8d480a0313e1f218a66bdf4e95f627
        Validity
            Not Before: Jan  1 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93afc3d37622771202df8f448d746ad2d001f90a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:83:2a:d4:f0:02:10:3f:c5:60:fa:7c:18:2a:
                    d1:7c:6e:88:74:1e:f3:a3:5c:43:28:00:9d:3e:5c:
                    61:d0:6c:d2:c4:8a:b7:11:e2:e9:1e:b8:ac:c6:25:
                    8b:4e:7c:de:2e:52:84:de:60:97:2e:89:40:8d:e2:
                    89:da:02:99:5e:c8:b4:4e:38:3d:0e:1e:23:0d:2a:
                    d2:30:a9:0a:8f:d1:45:7f:9b:36:52:c4:cb:10:18:
                    79:2e:60:90:d3:2b:f6:a4:81:eb:2e:c0:37:60:ef:
                    eb:ba:3d:bd:25:0a:0e:fe:4b:8a:ed:ec:bd:a4:bb:
                    67:3e:12:af:34:77:f2:b4:e9:1f:20:56:33:05:5c:
                    1d:e2:24:86:2e:4d:b7:f8:ec:b9:6c:74:1e:ad:a4:
                    50:fd:4e:c8:63:1b:71:89:31:12:6b:45:89:71:5e:
                    15:67:61:43:64:57:cf:c6:2b:20:19:49:da:0b:bf:
                    d0:99:d6:ec:26:24:1d:dd:cc:da:25:56:f4:9f:b6:
                    b5:4b:a5:b7:bd:fd:de:cb:10:56:f5:2b:58:e8:06:
                    29:ff:1f:f3:9c:1a:e2:59:8c:71:ab:80:6e:b8:58:
                    da:1c:94:b9:23:37:4d:c4:b6:03:24:4a:d2:6d:3a:
                    41:7f:30:97:4e:bf:d9:a6:0f:a3:c4:6b:57:14:c3:
                    e8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:AF:C3:D3:76:22:77:12:02:DF:8F:44:8D:74:6A:D2:D0:01:F9:0A
            X509v3 Authority Key Identifier:
                keyid:3D:EF:11:BB:8A:8D:48:0A:03:13:E1:F2:18:A6:6B:DF:4E:95:F6:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Pe8Ru4qNSAoDE-HyGKZr306V9ic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/k6_D03YidxIC349EjXRq0tAB-Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/d1f172-2def-4797-805f-b494664724ad/1/Pe8Ru4qNSAoDE-HyGKZr306V9ic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.174.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a8:73:55:aa:2b:9e:ba:35:29:41:b7:b4:da:bf:11:ac:a7:
         72:e5:7b:19:66:ca:1c:af:d8:2b:51:94:cc:0c:e7:4d:40:05:
         3f:79:93:b6:75:85:52:af:77:5a:4d:11:0a:71:3b:61:d3:3d:
         fb:ca:9d:9a:d9:82:08:ee:64:13:11:3f:2e:cb:66:33:8d:0e:
         92:b6:03:4f:11:2e:e7:3e:9f:25:ac:d0:2f:70:38:98:9e:9c:
         a8:45:3e:fc:60:c4:11:1c:d6:55:19:0d:69:f3:91:04:73:42:
         2e:c1:63:37:e9:37:21:2b:3f:41:c6:fe:be:00:aa:62:66:60:
         ee:2f:52:7f:dd:80:04:a7:fc:9b:6f:69:ff:90:0e:3c:6b:a7:
         cd:ea:7a:62:05:4a:5b:80:d5:03:53:f7:ba:56:70:bf:a0:ee:
         7a:c0:da:e8:62:51:bb:f4:a6:2e:26:65:7f:b0:06:f6:b8:41:
         4b:22:54:00:db:8a:ea:e7:17:9b:8c:e6:6e:7f:71:ce:c7:8b:
         c3:8f:c0:5a:3a:ae:42:48:07:bf:4f:1b:96:72:0e:4b:8a:c8:
         af:a3:0c:e5:f0:f0:1a:23:d8:97:86:0a:e4:f7:bd:31:05:30:
         cf:f1:b3:1b:22:1a:06:a7:12:15:63:ee:86:a8:45:65:d4:52:
         a7:13:37:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskAKDQmgnM6MylPZIWYyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNkZWYxMWJiOGE4ZDQ4MGEwMzEzZTFmMjE4YTY2YmRmNGU5
NWY2MjcwHhcNMjUwMTAxMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2FmYzNkMzc2MjI3NzEyMDJkZjhmNDQ4ZDc0NmFkMmQwMDFmOTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArIMq1PACED/FYPp8GCrRfG6IdB7z
o1xDKACdPlxh0GzSxIq3EeLpHrisxiWLTnzeLlKE3mCXLolAjeKJ2gKZXsi0Tjg9
Dh4jDSrSMKkKj9FFf5s2UsTLEBh5LmCQ0yv2pIHrLsA3YO/ruj29JQoO/kuK7ey9
pLtnPhKvNHfytOkfIFYzBVwd4iSGLk23+Oy5bHQeraRQ/U7IYxtxiTESa0WJcV4V
Z2FDZFfPxisgGUnaC7/QmdbsJiQd3czaJVb0n7a1S6W3vf3eyxBW9StY6AYp/x/z
nBriWYxxq4BuuFjaHJS5IzdNxLYDJErSbTpBfzCXTr/Zpg+jxGtXFMPodQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJOvw9N2IncSAt+PRI10atLQAfkKMB8GA1UdIwQY
MBaAFD3vEbuKjUgKAxPh8hima99OlfYnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGU4UnU0cU5TQW9ERS1IeUdLWnIzMDZWOWljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9kMWYxNzItMmRlZi00Nzk3LTgwNWYt
YjQ5NDY2NDcyNGFkLzEvazZfRDAzWWlkeElDMzQ5RWpYUnEwdEFCLVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9kMWYxNzItMmRlZi00Nzk3LTgwNWYtYjQ5NDY2NDcyNGFk
LzEvUGU4UnU0cU5TQW9ERS1IeUdLWnIzMDZWOWljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1K6LMA0G
CSqGSIb3DQEBCwUAA4IBAQCgqHNVqiueujUpQbe02r8RrKdy5XsZZsocr9grUZTM
DOdNQAU/eZO2dYVSr3daTREKcTth0z37yp2a2YII7mQTET8uy2YzjQ6StgNPES7n
Pp8lrNAvcDiYnpyoRT78YMQRHNZVGQ1p85EEc0IuwWM36TchKz9Bxv6+AKpiZmDu
L1J/3YAEp/ybb2n/kA48a6fN6npiBUpbgNUDU/e6VnC/oO56wNroYlG79KYuJmV/
sAb2uEFLIlQA24rq5xebjOZuf3HOx4vDj8BaOq5CSAe/TxuWcg5Lisivowzl8PAa
I9iXhgrk970xBTDP8bMbIhoGpxIVY+6GqEVl1FKnEzem
-----END CERTIFICATE-----