Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6jT7BEFRgc2A3S7tcp7RK8mDu1w.roa
File:                     6jT7BEFRgc2A3S7tcp7RK8mDu1w.roa (raw, json)
Hash identifier:          moGZtnK+QmC3Qt/NHIGtLwFQlAJWuR8ww2Bl2ivhKd4=
Subject key identifier:   EA:34:FB:04:41:51:81:CD:80:DD:2E:ED:72:9E:D1:2B:C9:83:BB:5C
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018F76C75490BD8FCEB8783CB02B6E50DE0D
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6jT7BEFRgc2A3S7tcp7RK8mDu1w.roa
Signing time:             Tue 14 May 2024 11:05:25 +0000
ROA not before:           Tue 14 May 2024 11:05:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215068
IP address blocks:        89.35.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:76:c7:54:90:bd:8f:ce:b8:78:3c:b0:2b:6e:50:de:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: May 14 11:05:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ea34fb04415181cd80dd2eed729ed12bc983bb5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5d:2f:ce:c3:1f:63:6e:a1:b5:4d:b6:db:b1:
                    c4:e4:6c:6f:79:46:4d:50:d4:18:89:85:da:c3:e0:
                    a9:8b:e8:c9:f0:dd:56:47:b2:77:3d:a1:a6:74:1b:
                    76:ba:96:c5:bd:9f:a9:10:b6:e7:64:3e:db:45:85:
                    8e:f7:96:7a:b8:05:ec:2f:e3:9c:b3:5d:98:24:53:
                    ae:be:0e:40:85:f7:d5:69:2d:30:df:36:64:ac:22:
                    35:92:98:b1:c2:07:be:0f:15:b0:65:f7:07:83:42:
                    df:d6:13:ce:e6:d2:d4:40:21:72:66:b5:df:ed:ef:
                    12:74:a1:98:5a:f0:6b:b1:2e:e7:b4:21:a5:6f:c1:
                    15:e4:16:18:e8:d8:c0:11:3b:46:5e:f9:f0:a9:67:
                    97:c2:ad:be:96:04:59:b2:5b:7f:33:07:98:89:e7:
                    09:80:6f:fc:e9:fe:0f:61:28:4a:f4:0e:c5:da:d4:
                    26:49:fb:cd:bc:dc:86:ca:d3:76:48:33:89:f7:1a:
                    17:a4:8a:5f:83:47:03:00:94:73:9e:7f:1c:05:e5:
                    2d:6c:a4:ae:74:c8:ca:65:d3:1a:42:6d:84:89:64:
                    72:94:b6:02:ff:c0:6f:c1:41:92:4c:97:5b:5a:7e:
                    07:4a:16:e0:5c:18:c4:7c:1f:94:3d:2a:09:07:d0:
                    14:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:34:FB:04:41:51:81:CD:80:DD:2E:ED:72:9E:D1:2B:C9:83:BB:5C
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/6jT7BEFRgc2A3S7tcp7RK8mDu1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.35.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:e7:c4:d4:09:4e:0e:75:e3:09:a2:c1:95:9b:82:99:10:c6:
         ff:10:e1:d6:fb:7f:a3:ac:6d:a2:75:7e:e5:41:64:6c:60:3f:
         dc:d0:d3:69:65:3d:85:de:cd:f8:c4:75:d8:4c:44:1c:a7:83:
         c8:ee:c7:ec:8a:89:ad:19:18:86:b5:ef:66:71:4b:88:91:ce:
         00:fc:2d:f0:97:4a:11:8d:d6:f1:ab:1d:92:23:8d:e4:01:59:
         30:d7:78:4e:ab:e5:1d:47:a0:df:bf:29:b9:94:13:bc:bb:09:
         ae:8e:78:db:15:17:98:e4:5f:98:f8:df:12:29:5f:1c:a6:7a:
         5f:6f:1b:92:19:35:16:01:1c:1f:69:6e:41:d1:72:65:dd:8e:
         38:10:79:5c:ee:20:c7:f8:5d:e6:51:d7:f8:0e:a0:cd:1b:c5:
         43:c2:f0:6f:5e:32:c0:1e:7b:24:0b:f4:2b:32:0f:3e:8b:4e:
         dd:b8:a3:57:88:6a:a2:e7:7f:ac:c3:09:1a:d2:ca:12:55:5a:
         a4:28:c0:c2:6e:db:10:69:fb:ab:7e:43:0c:df:ca:88:31:30:
         85:83:d3:05:55:87:f1:0a:89:9d:3b:6f:a4:2e:05:90:02:b8:
         00:0b:11:5c:60:32:0f:ff:e9:99:78:62:0b:f9:59:d3:ad:5a:
         cd:c5:fe:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY92x1SQvY/OuHg8sCtuUN4NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNTE0MTEwNTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTM0ZmIwNDQxNTE4MWNkODBkZDJlZWQ3MjllZDEyYmM5ODNiYjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqV0vzsMfY26htU2227HE5GxveUZN
UNQYiYXaw+Cpi+jJ8N1WR7J3PaGmdBt2upbFvZ+pELbnZD7bRYWO95Z6uAXsL+Oc
s12YJFOuvg5AhffVaS0w3zZkrCI1kpixwge+DxWwZfcHg0Lf1hPO5tLUQCFyZrXf
7e8SdKGYWvBrsS7ntCGlb8EV5BYY6NjAETtGXvnwqWeXwq2+lgRZslt/MweYiecJ
gG/86f4PYShK9A7F2tQmSfvNvNyGytN2SDOJ9xoXpIpfg0cDAJRznn8cBeUtbKSu
dMjKZdMaQm2EiWRylLYC/8BvwUGSTJdbWn4HShbgXBjEfB+UPSoJB9AU0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOo0+wRBUYHNgN0u7XKe0SvJg7tcMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvNmpUN0JFRlJnYzJBM1M3dGNwN1JLOG1EdTF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWSNJMA0G
CSqGSIb3DQEBCwUAA4IBAQAG58TUCU4OdeMJosGVm4KZEMb/EOHW+3+jrG2idX7l
QWRsYD/c0NNpZT2F3s34xHXYTEQcp4PI7sfsiomtGRiGte9mcUuIkc4A/C3wl0oR
jdbxqx2SI43kAVkw13hOq+UdR6Dfvym5lBO8uwmujnjbFReY5F+Y+N8SKV8cpnpf
bxuSGTUWARwfaW5B0XJl3Y44EHlc7iDH+F3mUdf4DqDNG8VDwvBvXjLAHnskC/Qr
Mg8+i07duKNXiGqi53+swwka0soSVVqkKMDCbtsQafurfkMM38qIMTCFg9MFVYfx
ComdO2+kLgWQArgACxFcYDIP/+mZeGIL+VnTrVrNxf7L
-----END CERTIFICATE-----