Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/6-1osKnhRTEecieKzI4jIsepkfg.roa
File:                     6-1osKnhRTEecieKzI4jIsepkfg.roa (raw, json)
Hash identifier:          ckgtNbcE4kjHePU129hSHdQEi9afRo+rLgqsRFEg78g=
Subject key identifier:   EB:ED:68:B0:A9:E1:45:31:1E:72:27:8A:CC:8E:23:22:C7:A9:91:F8
Certificate issuer:       /CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
Certificate serial:       01960B35FD4C9D6C37433034857CCCC6EA43
Authority key identifier: D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/6-1osKnhRTEecieKzI4jIsepkfg.roa
Signing time:             Sun 06 Apr 2025 13:06:49 +0000
ROA not before:           Sun 06 Apr 2025 13:06:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        78.153.96.0/20 maxlen: 24
                          78.153.112.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 10:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:0b:35:fd:4c:9d:6c:37:43:30:34:85:7c:cc:c6:ea:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
        Validity
            Not Before: Apr  6 13:06:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebed68b0a9e145311e72278acc8e2322c7a991f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:cd:b7:e2:62:3d:55:34:f7:f6:dc:91:6a:1a:
                    89:a8:12:7a:de:65:be:9d:e9:c4:13:c2:5d:74:fd:
                    60:d4:fb:b1:ad:cf:39:7f:64:b5:d7:6a:01:6b:94:
                    df:af:8f:8f:84:53:16:74:ed:d8:91:dc:81:ce:45:
                    2e:6f:f5:4c:fc:02:2f:d1:91:49:36:3c:1f:38:4d:
                    de:25:0b:57:c4:7b:22:7d:9a:a8:f9:1a:d3:8c:39:
                    44:7d:6b:19:12:d6:fe:79:9f:df:6e:8a:d8:98:b4:
                    46:3d:d7:b7:cd:a3:9f:b0:a2:cf:ce:45:b5:fc:5e:
                    91:27:f9:95:5c:fe:92:5d:63:a6:53:ec:35:ba:db:
                    93:b6:2b:e9:7c:60:d8:8a:c4:0e:33:1f:0a:8f:1c:
                    ca:da:ef:9b:b9:c7:30:c6:22:9b:2f:c1:7d:d1:cf:
                    1d:fd:b0:18:c4:19:e9:16:cf:40:dc:25:9c:17:88:
                    a9:3e:82:b5:c7:24:01:d2:c0:67:ca:08:15:f0:73:
                    66:0a:0c:1b:c9:d2:f3:6c:e1:ff:ff:55:f9:9e:45:
                    af:4d:0b:4a:74:eb:3f:6d:ac:f7:ac:e6:26:a1:2f:
                    92:40:c8:01:20:39:5d:e3:cf:fb:73:5b:51:cc:d8:
                    00:22:c5:5e:d9:88:98:4c:f5:76:a0:29:18:80:e3:
                    10:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:ED:68:B0:A9:E1:45:31:1E:72:27:8A:CC:8E:23:22:C7:A9:91:F8
            X509v3 Authority Key Identifier:
                keyid:D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/6-1osKnhRTEecieKzI4jIsepkfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         59:2a:d3:63:ea:a7:25:de:05:78:eb:68:f1:ef:c8:d2:f4:69:
         39:f1:03:ce:a4:36:67:5a:06:73:d6:03:47:7f:f9:5b:ff:9a:
         ea:5a:cc:4b:fe:ae:dd:c3:1d:48:c2:5b:66:8d:f3:6e:b7:a7:
         91:d1:87:21:3f:b0:8d:c8:d3:f9:3f:35:35:c0:3e:10:9b:0d:
         f8:38:d2:ce:ed:8c:aa:10:d6:19:98:c8:80:ca:fd:4c:4b:3c:
         04:f5:5c:d1:d7:9c:97:fc:60:29:f7:06:d8:3b:3f:b6:1d:fb:
         bd:1d:2a:14:1d:93:43:6c:e6:b4:92:67:ed:40:7b:a6:ff:18:
         f1:35:25:75:9e:da:20:a0:db:db:8d:7b:22:d9:d4:bf:9e:0b:
         fc:ea:fe:f8:9f:23:44:34:71:49:be:d5:0f:6a:61:2b:cb:36:
         7b:a5:f6:82:d4:91:da:1d:63:5d:04:31:c0:3a:aa:b7:59:35:
         d1:dc:ab:7c:13:ce:36:05:9a:2a:a8:49:b0:bc:88:87:1b:29:
         7c:ab:53:5f:03:d6:dc:33:43:80:13:0a:73:f1:e9:75:a6:74:
         72:22:73:4c:ae:87:26:72:02:98:66:4d:06:2e:28:83:f5:ef:
         df:fd:d2:95:9a:c6:3f:90:2d:ee:1e:f4:e7:a4:9e:57:f2:9e:
         83:df:1f:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYLNf1MnWw3QzA0hXzMxupDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNzFlYTA2YjFhNzU2Y2JmNDZhZTA0NjQ4NGJiZDNlNGZj
ZTRjYTUwHhcNMjUwNDA2MTMwNjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmVkNjhiMGE5ZTE0NTMxMWU3MjI3OGFjYzhlMjMyMmM3YTk5MWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwc234mI9VTT39tyRahqJqBJ63mW+
nenEE8JddP1g1Puxrc85f2S112oBa5Tfr4+PhFMWdO3YkdyBzkUub/VM/AIv0ZFJ
NjwfOE3eJQtXxHsifZqo+RrTjDlEfWsZEtb+eZ/fborYmLRGPde3zaOfsKLPzkW1
/F6RJ/mVXP6SXWOmU+w1utuTtivpfGDYisQOMx8KjxzK2u+buccwxiKbL8F90c8d
/bAYxBnpFs9A3CWcF4ipPoK1xyQB0sBnyggV8HNmCgwbydLzbOH//1X5nkWvTQtK
dOs/baz3rOYmoS+SQMgBIDld48/7c1tRzNgAIsVe2YiYTPV2oCkYgOMQ7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOvtaLCp4UUxHnInisyOIyLHqZH4MB8GA1UdIwQY
MBaAFNJx6gaxp1bL9GrgRkhLvT5PzkylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMt
ZmMzZDVjMjIzMGIyLzEvNi0xb3NLbmhSVEVlY2llS3pJNGpJc2Vwa2ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMtZmMzZDVjMjIzMGIy
LzEvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFTplgMA0G
CSqGSIb3DQEBCwUAA4IBAQBZKtNj6qcl3gV462jx78jS9Gk58QPOpDZnWgZz1gNH
f/lb/5rqWsxL/q7dwx1IwltmjfNut6eR0YchP7CNyNP5PzU1wD4Qmw34ONLO7Yyq
ENYZmMiAyv1MSzwE9VzR15yX/GAp9wbYOz+2Hfu9HSoUHZNDbOa0kmftQHum/xjx
NSV1ntogoNvbjXsi2dS/ngv86v74nyNENHFJvtUPamEryzZ7pfaC1JHaHWNdBDHA
Oqq3WTXR3Kt8E842BZoqqEmwvIiHGyl8q1NfA9bcM0OAEwpz8el1pnRyInNMrocm
cgKYZk0GLiiD9e/f/dKVmsY/kC3uHvTnpJ5X8p6D3x9w
-----END CERTIFICATE-----