Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/5Q6TazizNZP069w3OqZlPT3VnMA.roa
File:                     5Q6TazizNZP069w3OqZlPT3VnMA.roa (raw, json)
Hash identifier:          MqFrFMICq1Ia2Wa95BqQ/xk/pVuHi5PcFMFdoWXsQzA=
Subject key identifier:   E5:0E:93:6B:38:B3:35:93:F4:EB:DC:37:3A:A6:65:3D:3D:D5:9C:C0
Certificate issuer:       /CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
Certificate serial:       018DDBFDA02EE51D754406DB5BA3C9362C7F
Authority key identifier: 97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/5Q6TazizNZP069w3OqZlPT3VnMA.roa
Signing time:             Sat 24 Feb 2024 16:40:48 +0000
ROA not before:           Sat 24 Feb 2024 16:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     11426
IP address blocks:        82.206.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:db:fd:a0:2e:e5:1d:75:44:06:db:5b:a3:c9:36:2c:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9799140b42db6cb6bf8c6dd413747fcf4a6fd9b5
        Validity
            Not Before: Feb 24 16:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e50e936b38b33593f4ebdc373aa6653d3dd59cc0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:2c:ae:81:8b:2f:84:0d:e4:b5:14:14:1a:16:
                    4c:cd:27:4f:e7:36:88:3a:14:01:5e:fe:be:36:a2:
                    25:e9:a6:07:1b:4b:8f:47:62:40:13:14:7a:11:8f:
                    d5:7f:c7:cf:25:74:d9:a3:1d:e1:cc:2a:9e:07:6f:
                    48:d1:66:1a:96:33:01:97:f8:c7:1e:7f:1e:01:2a:
                    b6:e5:dc:4e:2f:47:2e:e8:ef:32:2c:f8:52:3d:d2:
                    94:94:46:d3:e9:4e:e3:b4:cc:db:01:40:66:3a:57:
                    85:4b:30:12:e8:a5:a2:a8:fa:d0:30:c2:3e:bd:f4:
                    66:01:5e:77:48:4c:cf:0f:5f:73:d0:e2:4f:88:74:
                    b7:53:91:6c:46:ed:15:b1:83:0a:5d:1f:cf:b8:67:
                    41:fd:9e:3c:cd:cb:7c:aa:83:93:1c:9c:9d:1e:41:
                    5d:7c:fa:c3:e5:5f:51:90:bf:c4:44:79:70:01:fb:
                    a9:47:95:e8:2f:00:e7:4b:4b:3a:0b:7c:e3:7b:44:
                    25:86:d9:8a:aa:25:17:a3:52:19:6e:66:d8:21:b0:
                    84:3d:35:81:08:63:2d:bc:ae:1e:e2:ab:19:c0:80:
                    59:51:0b:ea:fa:a6:6d:c6:22:24:59:94:83:a3:f2:
                    9e:c6:9d:bb:63:33:c0:20:3d:45:48:46:6b:ed:65:
                    a4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:0E:93:6B:38:B3:35:93:F4:EB:DC:37:3A:A6:65:3D:3D:D5:9C:C0
            X509v3 Authority Key Identifier:
                keyid:97:99:14:0B:42:DB:6C:B6:BF:8C:6D:D4:13:74:7F:CF:4A:6F:D9:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/l5kUC0LbbLa_jG3UE3R_z0pv2bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/5Q6TazizNZP069w3OqZlPT3VnMA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/4eef03-91fe-445a-a7cd-595919be0f52/1/l5kUC0LbbLa_jG3UE3R_z0pv2bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.206.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:8c:dd:d3:97:86:5c:fd:37:19:41:15:bd:1d:2b:67:0b:11:
         17:3d:4d:0e:1c:19:15:35:97:f6:77:50:25:4e:b5:21:bc:de:
         24:9b:d5:c2:a9:0f:60:34:c0:5e:73:65:c7:38:ee:65:88:98:
         22:ce:b0:32:34:fa:da:dc:2a:ff:23:91:ca:5d:82:b3:80:ab:
         11:bd:0f:10:7f:1f:59:16:16:18:30:b7:c0:5a:35:0c:9f:ce:
         40:f9:39:63:a9:28:54:02:39:06:6a:5f:0d:9f:1c:89:80:7b:
         69:81:0a:d4:de:29:98:82:ca:6d:9b:51:19:d1:86:1e:07:ee:
         8c:7a:77:c1:81:ed:66:6a:d6:a0:35:d6:70:fa:c5:57:42:4f:
         44:8f:1a:f1:a4:dd:60:4e:fe:49:82:dd:36:60:9e:3d:70:6a:
         1d:d1:58:6f:58:9b:49:b7:5c:f0:5d:82:e6:7c:e7:cb:95:8e:
         38:25:68:42:db:32:cc:20:66:e2:96:02:22:16:3b:c5:86:18:
         b6:d3:e6:2c:60:59:27:07:29:4e:d0:ec:f8:14:ae:7c:f2:22:
         09:5c:2f:3c:b0:4d:db:2e:7c:fa:b1:a6:b2:b8:2b:76:91:17:
         ad:96:ed:be:5d:40:25:c1:0d:83:48:54:2f:fa:fa:b4:60:4f:
         f9:40:7e:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3b/aAu5R11RAbbW6PJNix/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3OTkxNDBiNDJkYjZjYjZiZjhjNmRkNDEzNzQ3ZmNmNGE2
ZmQ5YjUwHhcNMjQwMjI0MTY0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTBlOTM2YjM4YjMzNTkzZjRlYmRjMzczYWE2NjUzZDNkZDU5Y2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSyugYsvhA3ktRQUGhZMzSdP5zaI
OhQBXv6+NqIl6aYHG0uPR2JAExR6EY/Vf8fPJXTZox3hzCqeB29I0WYaljMBl/jH
Hn8eASq25dxOL0cu6O8yLPhSPdKUlEbT6U7jtMzbAUBmOleFSzAS6KWiqPrQMMI+
vfRmAV53SEzPD19z0OJPiHS3U5FsRu0VsYMKXR/PuGdB/Z48zct8qoOTHJydHkFd
fPrD5V9RkL/ERHlwAfupR5XoLwDnS0s6C3zje0QlhtmKqiUXo1IZbmbYIbCEPTWB
CGMtvK4e4qsZwIBZUQvq+qZtxiIkWZSDo/Kexp27YzPAID1FSEZr7WWk+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOUOk2s4szWT9OvcNzqmZT091ZzAMB8GA1UdIwQY
MBaAFJeZFAtC22y2v4xt1BN0f89Kb9m1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2Qt
NTk1OTE5YmUwZjUyLzEvNVE2VGF6aXpOWlAwNjl3M09xWmxQVDNWbk1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS80ZWVmMDMtOTFmZS00NDVhLWE3Y2QtNTk1OTE5YmUwZjUy
LzEvbDVrVUMwTGJiTGFfakczVUUzUl96MHB2MmJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBUs4IMA0G
CSqGSIb3DQEBCwUAA4IBAQBtjN3Tl4Zc/TcZQRW9HStnCxEXPU0OHBkVNZf2d1Al
TrUhvN4km9XCqQ9gNMBec2XHOO5liJgizrAyNPra3Cr/I5HKXYKzgKsRvQ8Qfx9Z
FhYYMLfAWjUMn85A+TljqShUAjkGal8NnxyJgHtpgQrU3imYgsptm1EZ0YYeB+6M
enfBge1matagNdZw+sVXQk9EjxrxpN1gTv5Jgt02YJ49cGod0VhvWJtJt1zwXYLm
fOfLlY44JWhC2zLMIGbilgIiFjvFhhi20+YsYFknBylO0Oz4FK588iIJXC88sE3b
Lnz6saayuCt2kRetlu2+XUAlwQ2DSFQv+vq0YE/5QH4B
-----END CERTIFICATE-----