Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/b33e14-b3eb-4de5-a519-9adaa4b2b196/1/6kuYBzw429hTfcmzLy4TgFrJKDQ.roa
File:                     6kuYBzw429hTfcmzLy4TgFrJKDQ.roa (raw, json)
Hash identifier:          v8D/cGNdDOxEWcCfZs7ngYEeBNL4fY/mcOnmBbmdr7k=
Subject key identifier:   EA:4B:98:07:3C:38:DB:D8:53:7D:C9:B3:2F:2E:13:80:5A:C9:28:34
Certificate issuer:       /CN=5af6bc2da3c2c642b14ae129c1bfff267852d6fc
Certificate serial:       01980418E654C1BE5EA23EDF518C06BA75A1
Authority key identifier: 5A:F6:BC:2D:A3:C2:C6:42:B1:4A:E1:29:C1:BF:FF:26:78:52:D6:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Wva8LaPCxkKxSuEpwb__JnhS1vw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/b33e14-b3eb-4de5-a519-9adaa4b2b196/1/6kuYBzw429hTfcmzLy4TgFrJKDQ.roa
Signing time:             Sun 13 Jul 2025 14:03:17 +0000
ROA not before:           Sun 13 Jul 2025 14:03:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207946
IP address blocks:        91.204.81.0/24 maxlen: 24
                          2001:678:5a0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/b33e14-b3eb-4de5-a519-9adaa4b2b196/1/Wva8LaPCxkKxSuEpwb__JnhS1vw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/b33e14-b3eb-4de5-a519-9adaa4b2b196/1/Wva8LaPCxkKxSuEpwb__JnhS1vw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Wva8LaPCxkKxSuEpwb__JnhS1vw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:04:18:e6:54:c1:be:5e:a2:3e:df:51:8c:06:ba:75:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5af6bc2da3c2c642b14ae129c1bfff267852d6fc
        Validity
            Not Before: Jul 13 14:03:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea4b98073c38dbd8537dc9b32f2e13805ac92834
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:2a:0f:41:67:fd:18:7a:bb:8e:d5:2c:44:50:
                    93:ed:68:c1:6f:79:b9:a3:71:44:a9:d6:a1:6b:1e:
                    b5:1d:d6:c6:0c:fe:6b:e3:de:98:d4:e7:a3:ed:af:
                    ad:4c:d1:79:2a:cb:68:1a:2f:30:d1:46:82:70:f2:
                    e0:30:51:b3:ad:da:73:96:24:0c:aa:8b:ec:b6:e8:
                    4c:66:54:1d:fe:64:d4:b3:d2:8f:d6:ec:a2:f4:fa:
                    77:fa:4a:68:39:59:37:07:7b:1e:98:57:f4:18:9a:
                    5a:3b:cc:84:be:5f:0f:80:8e:52:cc:d0:61:0a:0c:
                    03:c3:bb:07:fb:47:6e:bc:97:ff:72:e8:f9:f9:41:
                    7b:60:89:1a:e5:0c:6a:60:9e:b2:cd:d2:77:4f:35:
                    ed:2b:13:23:16:44:69:b6:c7:8c:70:80:69:47:d3:
                    93:2a:30:1a:c9:ca:22:28:b4:de:5d:f2:f2:f6:4a:
                    a8:60:5d:85:b9:19:7e:1c:f3:31:b6:37:7c:cb:e2:
                    0e:08:f3:c0:8c:e7:6f:a1:79:01:1f:d2:64:73:93:
                    81:e9:8e:63:be:32:60:4c:8f:f3:c3:ac:6d:13:f4:
                    36:34:dc:d5:55:de:49:9d:95:d1:16:23:fb:58:f2:
                    0c:dc:fc:e2:66:88:05:65:8d:ad:c6:db:4f:b9:f7:
                    16:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:4B:98:07:3C:38:DB:D8:53:7D:C9:B3:2F:2E:13:80:5A:C9:28:34
            X509v3 Authority Key Identifier:
                keyid:5A:F6:BC:2D:A3:C2:C6:42:B1:4A:E1:29:C1:BF:FF:26:78:52:D6:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Wva8LaPCxkKxSuEpwb__JnhS1vw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/b33e14-b3eb-4de5-a519-9adaa4b2b196/1/6kuYBzw429hTfcmzLy4TgFrJKDQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/b33e14-b3eb-4de5-a519-9adaa4b2b196/1/Wva8LaPCxkKxSuEpwb__JnhS1vw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.204.81.0/24
                IPv6:
                  2001:678:5a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         44:cf:ab:f7:02:5d:d9:14:66:3f:ec:fc:f4:28:59:3f:aa:7a:
         e4:dd:91:ff:0b:14:df:2d:37:be:78:4d:6b:fb:8a:89:40:bc:
         43:a2:b9:bf:01:85:7b:ca:be:9d:b7:d6:1c:51:26:ff:e9:cb:
         56:8a:cf:d5:84:4e:eb:7c:20:c3:e2:03:8d:d9:e3:aa:95:9f:
         a6:66:1a:21:d2:d8:4d:92:86:94:ce:94:eb:eb:64:7d:7a:3b:
         ed:40:4e:c8:e2:e2:7d:b5:f7:29:0b:dd:9c:25:e7:ad:85:96:
         21:33:ad:8a:32:2c:69:90:a9:af:b2:1c:1b:24:9c:e8:63:87:
         79:c7:82:60:2b:9b:0e:41:d1:62:f7:e6:95:3d:02:5b:75:1e:
         c0:d6:bb:96:c2:0b:f2:4f:75:28:2e:d4:78:2b:05:1e:df:34:
         b1:7e:aa:80:bf:00:43:30:ca:5c:8c:76:c7:e7:bd:62:c8:a8:
         14:9a:c7:b2:00:da:fd:c1:9d:0e:9a:af:c5:c3:23:14:af:6d:
         f2:91:7d:c9:99:a3:53:9d:19:30:2f:93:6e:4f:e7:a3:ec:d4:
         5f:00:a3:ab:5d:4d:b3:a2:b0:f0:91:e3:d1:39:9f:a2:36:55:
         94:af:34:1d:02:bd:63:13:5a:40:ee:9e:9f:d3:d2:1b:b6:d9:
         52:a5:62:5a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZgEGOZUwb5eoj7fUYwGunWhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZjZiYzJkYTNjMmM2NDJiMTRhZTEyOWMxYmZmZjI2Nzg1
MmQ2ZmMwHhcNMjUwNzEzMTQwMzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTRiOTgwNzNjMzhkYmQ4NTM3ZGM5YjMyZjJlMTM4MDVhYzkyODM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSoPQWf9GHq7jtUsRFCT7WjBb3m5
o3FEqdahax61HdbGDP5r496Y1Oej7a+tTNF5KstoGi8w0UaCcPLgMFGzrdpzliQM
qovstuhMZlQd/mTUs9KP1uyi9Pp3+kpoOVk3B3semFf0GJpaO8yEvl8PgI5SzNBh
CgwDw7sH+0duvJf/cuj5+UF7YIka5QxqYJ6yzdJ3TzXtKxMjFkRptseMcIBpR9OT
KjAaycoiKLTeXfLy9kqoYF2FuRl+HPMxtjd8y+IOCPPAjOdvoXkBH9Jkc5OB6Y5j
vjJgTI/zw6xtE/Q2NNzVVd5JnZXRFiP7WPIM3PziZogFZY2txttPufcWFwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFOpLmAc8ONvYU33Jsy8uE4BaySg0MB8GA1UdIwQY
MBaAFFr2vC2jwsZCsUrhKcG//yZ4Utb8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3ZhOExhUEN4a0t4U3VFcHdiX19KbmhTMXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9iMzNlMTQtYjNlYi00ZGU1LWE1MTkt
OWFkYWE0YjJiMTk2LzEvNmt1WUJ6dzQyOWhUZmNtekx5NFRnRnJKS0RRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9iMzNlMTQtYjNlYi00ZGU1LWE1MTktOWFkYWE0YjJiMTk2
LzEvV3ZhOExhUEN4a0t4U3VFcHdiX19KbmhTMXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW8xRMA8E
AgACMAkDBwAgAQZ4BaAwDQYJKoZIhvcNAQELBQADggEBAETPq/cCXdkUZj/s/PQo
WT+qeuTdkf8LFN8tN754TWv7iolAvEOiub8BhXvKvp231hxRJv/py1aKz9WETut8
IMPiA43Z46qVn6ZmGiHS2E2ShpTOlOvrZH16O+1ATsji4n219ykL3Zwl562FliEz
rYoyLGmQqa+yHBsknOhjh3nHgmArmw5B0WL35pU9Alt1HsDWu5bCC/JPdSgu1Hgr
BR7fNLF+qoC/AEMwylyMdsfnvWLIqBSax7IA2v3BnQ6ar8XDIxSvbfKRfcmZo1Od
GTAvk25P56Ps1F8Ao6tdTbOisPCR49E5n6I2VZSvNB0CvWMTWkDunp/T0hu22VKl
Ylo=
-----END CERTIFICATE-----