Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/6i00LPl42nHb8qbMKvKVhPUPT4A.roa
File:                     6i00LPl42nHb8qbMKvKVhPUPT4A.roa (raw, json)
Hash identifier:          2YZA57Jg0ln+zFDDEt7ePeu3FeU4ieQ7XTEhkxEpCwM=
Subject key identifier:   EA:2D:34:2C:F9:78:DA:71:DB:F2:A6:CC:2A:F2:95:84:F5:0F:4F:80
Certificate issuer:       /CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
Certificate serial:       01942067F10F9FDB5B50A2F79AB2DF1A60CA
Authority key identifier: A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/6i00LPl42nHb8qbMKvKVhPUPT4A.roa
Signing time:             Wed 01 Jan 2025 05:47:50 +0000
ROA not before:           Wed 01 Jan 2025 05:47:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58010
IP address blocks:        185.139.158.0/24 maxlen: 24
                          2a0b:20c0:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:f1:0f:9f:db:5b:50:a2:f7:9a:b2:df:1a:60:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f94ab935054b86dcb5d6adbad2dfdb564b5248
        Validity
            Not Before: Jan  1 05:47:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea2d342cf978da71dbf2a6cc2af29584f50f4f80
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:81:a0:9c:38:e4:f2:be:f5:8b:09:71:5e:02:
                    88:18:c8:97:a6:db:bf:4f:b0:2e:7d:02:49:46:62:
                    af:a9:44:00:67:02:61:30:b7:8b:7b:d4:c2:07:b7:
                    d3:a6:a3:29:41:99:6c:d8:00:2c:5e:38:bd:3e:e5:
                    ae:ea:4a:27:37:7b:c6:56:9e:f0:0b:7f:2f:3b:4a:
                    89:06:5b:1a:c2:8c:0c:c8:f7:86:60:5c:db:14:7e:
                    4a:f4:c2:29:c4:d8:59:ac:32:67:80:b0:b0:d0:48:
                    12:f4:8e:66:5c:dd:87:73:88:29:5f:20:c7:b9:6d:
                    e8:77:29:cc:39:ce:d5:d0:4c:d5:d8:65:97:e2:da:
                    e5:31:6a:ca:16:65:48:cc:9e:9f:6d:be:d0:3f:52:
                    9d:fd:eb:44:9a:98:74:70:b3:a8:49:68:04:7a:e7:
                    5a:f4:80:72:22:2f:2c:da:1b:55:01:51:6d:2e:94:
                    15:86:60:77:80:ae:92:a3:78:d3:79:14:43:7e:c5:
                    ed:23:da:b3:c0:92:6d:61:23:89:ca:84:c6:7c:9e:
                    3c:ad:b3:49:16:b6:e6:37:f2:8f:1b:1c:fd:da:2e:
                    1a:f0:85:12:e5:7e:f9:e4:51:e9:e6:20:58:ce:86:
                    a3:78:34:d4:6e:cd:33:0e:11:5e:52:bc:09:19:64:
                    3b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:2D:34:2C:F9:78:DA:71:DB:F2:A6:CC:2A:F2:95:84:F5:0F:4F:80
            X509v3 Authority Key Identifier:
                keyid:A7:F9:4A:B9:35:05:4B:86:DC:B5:D6:AD:BA:D2:DF:DB:56:4B:52:48

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_lKuTUFS4bctdatutLf21ZLUkg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/6i00LPl42nHb8qbMKvKVhPUPT4A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/7e38b2-bec1-4464-a0ca-7d258b620169/1/p_lKuTUFS4bctdatutLf21ZLUkg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.158.0/24
                IPv6:
                  2a0b:20c0:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         9c:d3:f8:32:8b:b9:b5:18:bc:8e:50:19:a4:f6:50:aa:ef:06:
         87:f6:57:7f:47:54:02:e1:0a:f2:3a:4c:2e:66:1a:4d:73:9d:
         27:0b:33:6d:c4:34:04:70:e0:ef:25:01:df:c9:1e:e0:3b:9a:
         e3:29:fe:b9:e7:b5:45:5b:82:ee:46:67:95:e7:8b:04:5e:05:
         a9:4a:dd:45:95:c4:fe:61:17:c2:5a:7c:1d:a1:e2:8b:7f:fc:
         c0:d0:02:f7:b9:69:c2:c3:1f:d5:e5:a5:7d:25:d0:a4:19:8e:
         1f:88:49:08:2a:a5:ba:31:8f:30:1e:a0:4e:16:bf:00:3e:94:
         07:ed:08:0f:6d:28:46:92:ad:7d:05:f4:29:56:01:2d:77:cf:
         b1:e6:61:eb:8d:89:7e:0e:5d:cb:b9:e8:eb:61:48:3e:b1:a2:
         ef:d3:ed:f9:6f:83:13:00:17:df:3d:7c:57:74:b1:18:59:ea:
         5c:a8:7c:fa:5e:17:c6:2d:d3:60:f2:7b:13:dd:80:31:c1:bb:
         6a:4e:d3:c5:42:59:81:ae:0e:05:bc:4b:56:2f:60:8a:9f:a0:
         bc:f2:7d:45:7f:78:81:a7:2d:1a:60:b7:e6:bb:f9:a3:9d:2b:
         e6:57:9e:ed:82:d3:b4:7b:e8:2b:b3:a2:fc:87:e2:5c:30:5b:
         a5:01:8c:22
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQgZ/EPn9tbUKL3mrLfGmDKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Zjk0YWI5MzUwNTRiODZkY2I1ZDZhZGJhZDJkZmRiNTY0
YjUyNDgwHhcNMjUwMTAxMDU0NzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTJkMzQyY2Y5NzhkYTcxZGJmMmE2Y2MyYWYyOTU4NGY1MGY0ZjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoGgnDjk8r71iwlxXgKIGMiXptu/
T7AufQJJRmKvqUQAZwJhMLeLe9TCB7fTpqMpQZls2AAsXji9PuWu6konN3vGVp7w
C38vO0qJBlsawowMyPeGYFzbFH5K9MIpxNhZrDJngLCw0EgS9I5mXN2Hc4gpXyDH
uW3odynMOc7V0EzV2GWX4trlMWrKFmVIzJ6fbb7QP1Kd/etEmph0cLOoSWgEeuda
9IByIi8s2htVAVFtLpQVhmB3gK6So3jTeRRDfsXtI9qzwJJtYSOJyoTGfJ48rbNJ
FrbmN/KPGxz92i4a8IUS5X755FHp5iBYzoajeDTUbs0zDhFeUrwJGWQ78wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOotNCz5eNpx2/KmzCrylYT1D0+AMB8GA1UdIwQY
MBaAFKf5Srk1BUuG3LXWrbrS39tWS1JIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9sS3VUVUZTNGJjdGRhdHV0TGYyMVpMVWtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy83ZTM4YjItYmVjMS00NDY0LWEwY2Et
N2QyNThiNjIwMTY5LzEvNmkwMExQbDQybkhiOHFiTUt2S1ZoUFVQVDRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy83ZTM4YjItYmVjMS00NDY0LWEwY2EtN2QyNThiNjIwMTY5
LzEvcF9sS3VUVUZTNGJjdGRhdHV0TGYyMVpMVWtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAuYueMA4E
AgACMAgDBgQqCyDAIDANBgkqhkiG9w0BAQsFAAOCAQEAnNP4Mou5tRi8jlAZpPZQ
qu8Gh/ZXf0dUAuEK8jpMLmYaTXOdJwszbcQ0BHDg7yUB38ke4Dua4yn+uee1RVuC
7kZnleeLBF4FqUrdRZXE/mEXwlp8HaHii3/8wNAC97lpwsMf1eWlfSXQpBmOH4hJ
CCqlujGPMB6gTha/AD6UB+0ID20oRpKtfQX0KVYBLXfPseZh642Jfg5dy7no62FI
PrGi79Pt+W+DEwAX3z18V3SxGFnqXKh8+l4Xxi3TYPJ7E92AMcG7ak7TxUJZga4O
BbxLVi9gip+gvPJ9RX94gactGmC35rv5o50r5lee7YLTtHvoK7Oi/IfiXDBbpQGM
Ig==
-----END CERTIFICATE-----