Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/6F_Q4XpRKgEexZcCv84M_kGGwx8.roa
File:                     6F_Q4XpRKgEexZcCv84M_kGGwx8.roa (raw, json)
Hash identifier:          jzUe5knYI2NZSGwBtOwn1dJh+2wMTZvaI6KEnoCDN6M=
Subject key identifier:   E8:5F:D0:E1:7A:51:2A:01:1E:C5:97:02:BF:CE:0C:FE:41:86:C3:1F
Certificate issuer:       /CN=007e6b5aa437d3693151502a211496e37d4ae2c5
Certificate serial:       019422FB2D37B1ECE82D9579DB66B34CB745
Authority key identifier: 00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/6F_Q4XpRKgEexZcCv84M_kGGwx8.roa
Signing time:             Wed 01 Jan 2025 17:47:53 +0000
ROA not before:           Wed 01 Jan 2025 17:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5630
IP address blocks:        89.106.184.0/21 maxlen: 24
                          2a01:20::/48 maxlen: 48
                          2a01:20:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:2d:37:b1:ec:e8:2d:95:79:db:66:b3:4c:b7:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=007e6b5aa437d3693151502a211496e37d4ae2c5
        Validity
            Not Before: Jan  1 17:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e85fd0e17a512a011ec59702bfce0cfe4186c31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:b9:eb:15:a4:49:32:83:30:6d:bd:1b:b3:93:
                    f1:07:d7:51:2b:2e:2f:ca:ae:8a:fa:72:93:8f:d3:
                    0c:4e:9e:10:e0:bc:e8:4c:8a:31:f6:98:1e:d6:6d:
                    2b:7b:e8:da:f8:5d:df:b3:6f:16:ff:40:cb:e7:0a:
                    b5:93:34:80:88:47:fb:c2:ce:57:e8:36:c4:9a:d8:
                    6b:18:4b:4b:f0:0a:fe:97:49:f7:6b:96:d8:85:c2:
                    9a:7d:0a:9d:ec:61:82:f1:3b:82:67:27:f0:41:38:
                    c3:bf:18:36:bf:bc:e1:2e:83:a8:58:9a:ec:e5:75:
                    af:f8:13:3c:ca:0d:8d:8e:b3:c7:aa:b2:2a:2f:44:
                    4a:6c:26:b8:7e:b5:98:5a:96:38:80:81:32:f2:fa:
                    3b:02:71:95:cd:06:7a:0a:94:f4:28:65:cf:ce:85:
                    1a:2b:75:13:f9:1f:f4:cc:ce:da:8d:ca:fb:ea:ed:
                    c7:76:df:7f:1c:48:31:af:7b:11:1a:17:fc:d1:85:
                    83:11:e3:78:89:1c:67:56:1f:21:68:d2:27:68:e0:
                    f9:7a:6f:99:61:ab:78:53:c5:41:02:0d:97:35:50:
                    47:88:4d:a3:bf:ec:50:c4:9c:c1:26:63:17:26:fc:
                    13:00:25:2f:43:fe:0a:72:8b:e9:06:44:e6:80:48:
                    46:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:5F:D0:E1:7A:51:2A:01:1E:C5:97:02:BF:CE:0C:FE:41:86:C3:1F
            X509v3 Authority Key Identifier:
                keyid:00:7E:6B:5A:A4:37:D3:69:31:51:50:2A:21:14:96:E3:7D:4A:E2:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AH5rWqQ302kxUVAqIRSW431K4sU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/6F_Q4XpRKgEexZcCv84M_kGGwx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/518fab-7606-4832-aa66-5a8c67842389/1/AH5rWqQ302kxUVAqIRSW431K4sU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.184.0/21
                IPv6:
                  2a01:20::/48
                  2a01:20:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:30:71:0b:24:d1:8e:d2:9c:18:35:76:54:af:2f:5d:5a:cc:
         ee:b5:42:dd:21:5d:96:87:52:de:d8:c0:fa:6d:fe:53:59:dd:
         04:cd:62:7c:92:04:8a:a3:f1:03:da:2d:56:7e:1f:66:a1:e3:
         0c:0c:1e:03:ae:42:25:3b:d1:a4:21:17:e2:94:e1:f9:0f:01:
         0d:2e:0f:53:c9:a4:09:5b:d2:25:b0:25:dc:64:63:ee:7a:3b:
         ed:4f:fd:af:e4:a5:27:53:8a:9a:e2:d8:4f:a4:e2:8c:95:ed:
         1c:64:69:0d:85:98:8a:5c:a6:f2:29:08:ba:fb:c0:5f:75:7f:
         b4:c3:53:93:60:c3:64:c4:82:7f:85:ff:5d:d9:28:68:b0:e5:
         cf:f3:72:2f:b2:25:9a:b1:8b:8c:16:85:89:af:0a:14:43:58:
         f5:23:30:03:ee:5c:71:3b:f7:8f:1b:61:e4:40:78:91:1c:e3:
         68:0a:5e:31:aa:ce:4b:cb:2e:43:2b:d1:0e:2b:40:c1:2d:3c:
         bc:b5:da:9e:9f:d0:b7:32:d8:af:7c:59:2f:c8:5c:87:e2:bd:
         df:75:76:05:14:46:f1:fb:8a:d0:f1:df:11:55:55:da:e4:00:
         9c:7f:94:3c:9f:a9:96:b3:c9:23:b8:b2:65:55:37:ca:d1:47:
         96:8c:fc:3b
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAZQi+y03sezoLZV522azTLdFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwN2U2YjVhYTQzN2QzNjkzMTUxNTAyYTIxMTQ5NmUzN2Q0
YWUyYzUwHhcNMjUwMTAxMTc0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODVmZDBlMTdhNTEyYTAxMWVjNTk3MDJiZmNlMGNmZTQxODZjMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv7nrFaRJMoMwbb0bs5PxB9dRKy4v
yq6K+nKTj9MMTp4Q4LzoTIox9pge1m0re+ja+F3fs28W/0DL5wq1kzSAiEf7ws5X
6DbEmthrGEtL8Ar+l0n3a5bYhcKafQqd7GGC8TuCZyfwQTjDvxg2v7zhLoOoWJrs
5XWv+BM8yg2NjrPHqrIqL0RKbCa4frWYWpY4gIEy8vo7AnGVzQZ6CpT0KGXPzoUa
K3UT+R/0zM7ajcr76u3Hdt9/HEgxr3sRGhf80YWDEeN4iRxnVh8haNInaOD5em+Z
Yat4U8VBAg2XNVBHiE2jv+xQxJzBJmMXJvwTACUvQ/4KcovpBkTmgEhG4QIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFOhf0OF6USoBHsWXAr/ODP5BhsMfMB8GA1UdIwQY
MBaAFAB+a1qkN9NpMVFQKiEUluN9SuLFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYt
NWE4YzY3ODQyMzg5LzEvNkZfUTRYcFJLZ0VleFpjQ3Y4NE1fa0dHd3g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy81MThmYWItNzYwNi00ODMyLWFhNjYtNWE4YzY3ODQyMzg5
LzEvQUg1cldxUTMwMmt4VVZBcUlSU1c0MzFLNHNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAMBAIAATAGAwQDWWq4MBgE
AgACMBIDBwAqAQAgAAADBwAqAQAgAAQwDQYJKoZIhvcNAQELBQADggEBACEwcQsk
0Y7SnBg1dlSvL11azO61Qt0hXZaHUt7YwPpt/lNZ3QTNYnySBIqj8QPaLVZ+H2ah
4wwMHgOuQiU70aQhF+KU4fkPAQ0uD1PJpAlb0iWwJdxkY+56O+1P/a/kpSdTipri
2E+k4oyV7RxkaQ2FmIpcpvIpCLr7wF91f7TDU5Ngw2TEgn+F/13ZKGiw5c/zci+y
JZqxi4wWhYmvChRDWPUjMAPuXHE7948bYeRAeJEc42gKXjGqzkvLLkMr0Q4rQMEt
PLy12p6f0Lcy2K98WS/IXIfivd91dgUURvH7itDx3xFVVdrkAJx/lDyfqZazySO4
smVVN8rRR5aM/Ds=
-----END CERTIFICATE-----