Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/7eb683-e218-4382-bfd9-28da6a1ba128/1/6Su0gIXqvUJ9rEm2q2tqhQ_XLJg.roa
File:                     6Su0gIXqvUJ9rEm2q2tqhQ_XLJg.roa (raw, json)
Hash identifier:          iQOejaSOHgzrEWZGi2YRsNhnDUgHCcp77SKjsuYR9pE=
Subject key identifier:   E9:2B:B4:80:85:EA:BD:42:7D:AC:49:B6:AB:6B:6A:85:0F:D7:2C:98
Certificate issuer:       /CN=e9e415ed5c0c7759981001b8db262da779a04b3d
Certificate serial:       018CC6B77B490AE827ED45DC3664E7418E00
Authority key identifier: E9:E4:15:ED:5C:0C:77:59:98:10:01:B8:DB:26:2D:A7:79:A0:4B:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6eQV7VwMd1mYEAG42yYtp3mgSz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/7eb683-e218-4382-bfd9-28da6a1ba128/1/6Su0gIXqvUJ9rEm2q2tqhQ_XLJg.roa
Signing time:             Mon 01 Jan 2024 20:29:22 +0000
ROA not before:           Mon 01 Jan 2024 20:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6453
IP address blocks:        213.132.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/7eb683-e218-4382-bfd9-28da6a1ba128/1/6eQV7VwMd1mYEAG42yYtp3mgSz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/7eb683-e218-4382-bfd9-28da6a1ba128/1/6eQV7VwMd1mYEAG42yYtp3mgSz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6eQV7VwMd1mYEAG42yYtp3mgSz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:7b:49:0a:e8:27:ed:45:dc:36:64:e7:41:8e:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e9e415ed5c0c7759981001b8db262da779a04b3d
        Validity
            Not Before: Jan  1 20:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e92bb48085eabd427dac49b6ab6b6a850fd72c98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:20:6d:b7:f7:a1:59:1d:b1:15:a0:27:5d:c9:
                    c5:a6:74:df:02:52:c1:44:87:6e:09:a4:61:90:a4:
                    fb:26:77:13:e0:af:65:2d:51:bb:12:0b:39:63:7a:
                    c0:80:a5:60:b4:8a:96:2f:fa:9b:22:0a:c7:2c:30:
                    1c:32:bb:1f:db:9e:90:d1:c5:1d:fc:a5:1d:c7:dc:
                    e8:62:b6:26:dc:e8:4b:99:39:30:be:b7:70:cb:a8:
                    50:74:78:72:fe:f9:d8:60:d2:f7:c4:7d:4f:3e:30:
                    78:54:97:d1:2a:64:ad:ac:ce:57:a2:60:10:96:53:
                    7c:f1:47:f9:3a:07:38:a1:8a:c7:36:c7:43:32:93:
                    b8:79:40:4c:06:6b:dd:72:55:e8:a0:b2:d6:e4:3c:
                    79:04:32:6e:1d:35:11:be:0c:d2:de:33:db:8c:d9:
                    ca:74:fa:61:5c:3a:8d:84:0b:10:4b:4b:94:cc:7d:
                    32:b5:22:a1:6d:08:5f:9d:2f:02:f4:1b:f6:f0:83:
                    40:88:46:29:d4:41:90:50:07:ff:50:3f:1d:26:88:
                    31:04:13:ed:8d:5d:2f:e5:72:67:1a:ef:47:d9:08:
                    2a:f6:06:b9:b8:4f:b1:ad:fc:9c:33:93:4a:7f:bf:
                    b9:19:4f:e9:35:48:aa:94:d3:8e:99:de:cc:01:28:
                    dc:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:2B:B4:80:85:EA:BD:42:7D:AC:49:B6:AB:6B:6A:85:0F:D7:2C:98
            X509v3 Authority Key Identifier:
                keyid:E9:E4:15:ED:5C:0C:77:59:98:10:01:B8:DB:26:2D:A7:79:A0:4B:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6eQV7VwMd1mYEAG42yYtp3mgSz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/7eb683-e218-4382-bfd9-28da6a1ba128/1/6Su0gIXqvUJ9rEm2q2tqhQ_XLJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/7eb683-e218-4382-bfd9-28da6a1ba128/1/6eQV7VwMd1mYEAG42yYtp3mgSz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.132.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:d4:b4:81:5e:1a:45:13:14:e3:4e:4f:bc:dd:23:95:f4:40:
         b5:cf:ac:ef:59:62:15:eb:b3:b4:a8:4b:bc:48:83:64:b0:72:
         46:b3:fc:81:0e:59:8e:86:b2:a0:65:68:aa:eb:51:be:38:6a:
         6c:aa:11:da:aa:9b:c8:52:a1:73:e0:e7:72:e3:3b:e1:cb:42:
         f3:c7:0d:a8:f4:c3:70:74:20:49:cf:aa:13:64:09:15:be:f0:
         21:4c:91:bb:3c:69:ef:66:cb:d9:df:c9:f5:58:69:db:49:76:
         5e:73:a4:de:68:21:04:cd:bb:96:e0:02:73:2b:2d:f1:2d:f3:
         16:21:ef:54:af:d0:c9:f0:30:66:55:87:d6:d1:5e:01:ab:f2:
         e5:17:98:da:ca:37:c6:b0:be:6a:09:2a:48:42:87:50:e3:d6:
         ef:25:7e:08:08:0e:48:8a:36:47:a5:9f:7f:c8:cd:78:45:e2:
         b7:5e:ea:91:20:71:ef:cb:a9:5d:cf:70:da:f5:d6:6b:2b:e8:
         16:f6:11:aa:a9:18:78:2a:bc:a4:1d:4b:4d:51:17:30:80:db:
         9a:48:80:62:9c:16:ef:29:7c:a1:17:51:46:65:c0:0d:9e:a5:
         51:54:6c:94:22:d9:56:a5:e5:3f:31:d5:25:55:c9:89:51:b7:
         d7:97:14:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt3tJCugn7UXcNmTnQY4AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5ZTQxNWVkNWMwYzc3NTk5ODEwMDFiOGRiMjYyZGE3Nzlh
MDRiM2QwHhcNMjQwMTAxMjAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTJiYjQ4MDg1ZWFiZDQyN2RhYzQ5YjZhYjZiNmE4NTBmZDcyYzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyBtt/ehWR2xFaAnXcnFpnTfAlLB
RIduCaRhkKT7JncT4K9lLVG7Egs5Y3rAgKVgtIqWL/qbIgrHLDAcMrsf256Q0cUd
/KUdx9zoYrYm3OhLmTkwvrdwy6hQdHhy/vnYYNL3xH1PPjB4VJfRKmStrM5XomAQ
llN88Uf5Ogc4oYrHNsdDMpO4eUBMBmvdclXooLLW5Dx5BDJuHTURvgzS3jPbjNnK
dPphXDqNhAsQS0uUzH0ytSKhbQhfnS8C9Bv28INAiEYp1EGQUAf/UD8dJogxBBPt
jV0v5XJnGu9H2Qgq9ga5uE+xrfycM5NKf7+5GU/pNUiqlNOOmd7MASjc2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOkrtICF6r1CfaxJtqtraoUP1yyYMB8GA1UdIwQY
MBaAFOnkFe1cDHdZmBABuNsmLad5oEs9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmVRVjdWd01kMW1ZRUFHNDJ5WXRwM21nU3owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS83ZWI2ODMtZTIxOC00MzgyLWJmZDkt
MjhkYTZhMWJhMTI4LzEvNlN1MGdJWHF2VUo5ckVtMnEydHFoUV9YTEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS83ZWI2ODMtZTIxOC00MzgyLWJmZDktMjhkYTZhMWJhMTI4
LzEvNmVRVjdWd01kMW1ZRUFHNDJ5WXRwM21nU3owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YT7MA0G
CSqGSIb3DQEBCwUAA4IBAQBr1LSBXhpFExTjTk+83SOV9EC1z6zvWWIV67O0qEu8
SINksHJGs/yBDlmOhrKgZWiq61G+OGpsqhHaqpvIUqFz4Ody4zvhy0Lzxw2o9MNw
dCBJz6oTZAkVvvAhTJG7PGnvZsvZ38n1WGnbSXZec6TeaCEEzbuW4AJzKy3xLfMW
Ie9Ur9DJ8DBmVYfW0V4Bq/LlF5jayjfGsL5qCSpIQodQ49bvJX4ICA5IijZHpZ9/
yM14ReK3XuqRIHHvy6ldz3Da9dZrK+gW9hGqqRh4KrykHUtNURcwgNuaSIBinBbv
KXyhF1FGZcANnqVRVGyUItlWpeU/MdUlVcmJUbfXlxTL
-----END CERTIFICATE-----