Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/MbqoSUw94G_kpX-xAxVWXxjX0io.roa
File:                     MbqoSUw94G_kpX-xAxVWXxjX0io.roa (raw, json)
Hash identifier:          R1upzBkGFuu3S6c70j9aIqWiLLfM3rhDbfCwHwN7UrE=
Subject key identifier:   31:BA:A8:49:4C:3D:E0:6F:E4:A5:7F:B1:03:15:56:5F:18:D7:D2:2A
Certificate issuer:       /CN=b79220a805e4378547e43bac731ce86fe01145c7
Certificate serial:       0194236A06843A7FFB142A45B7DD75CD49D0
Authority key identifier: B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/MbqoSUw94G_kpX-xAxVWXxjX0io.roa
Signing time:             Wed 01 Jan 2025 19:48:58 +0000
ROA not before:           Wed 01 Jan 2025 19:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1298
IP address blocks:        83.66.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:06:84:3a:7f:fb:14:2a:45:b7:dd:75:cd:49:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79220a805e4378547e43bac731ce86fe01145c7
        Validity
            Not Before: Jan  1 19:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31baa8494c3de06fe4a57fb10315565f18d7d22a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:78:1c:0b:4f:4b:02:18:ce:76:da:3f:0a:7d:
                    af:31:8a:2e:b9:ac:d7:89:47:15:aa:6a:90:27:c9:
                    e4:d5:3f:04:f6:43:6f:51:71:47:83:03:ef:8f:c3:
                    55:4a:24:22:b6:d1:73:28:16:5a:52:14:a2:d0:40:
                    36:6c:14:5c:41:59:ac:d4:0a:fc:1a:0b:66:f3:81:
                    70:f5:6f:4a:9a:9b:a3:6b:c0:c2:7e:d3:bb:f5:fe:
                    32:9f:d1:35:9d:3c:47:1d:ac:9f:d6:35:96:48:38:
                    74:d0:45:79:85:aa:23:12:19:b9:a0:df:49:eb:7d:
                    b9:b2:71:8e:7d:c8:f8:9b:c8:92:5d:7c:b6:29:ad:
                    9e:b7:11:50:62:ea:91:49:ab:9b:9c:f7:60:ca:14:
                    cd:4f:27:ea:fb:ac:26:f6:50:b3:1f:c4:e5:40:80:
                    72:54:04:4f:40:b4:ec:24:39:17:42:10:a0:11:fb:
                    d3:38:2f:dd:0b:8d:2f:7f:99:f0:81:91:3e:27:10:
                    c7:49:0c:a9:8f:fe:fb:1d:29:05:c7:a6:0e:0c:23:
                    76:b7:8f:8b:f7:74:1b:98:d3:59:52:a3:8e:17:2a:
                    3c:08:9d:87:05:3e:77:00:50:bb:c4:31:77:cd:6c:
                    33:5e:71:61:fb:01:ff:73:ae:54:56:07:27:ab:db:
                    17:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:BA:A8:49:4C:3D:E0:6F:E4:A5:7F:B1:03:15:56:5F:18:D7:D2:2A
            X509v3 Authority Key Identifier:
                keyid:B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/MbqoSUw94G_kpX-xAxVWXxjX0io.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.66.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:88:62:52:df:94:3e:c2:91:47:42:b9:13:fd:5a:5f:dc:88:
         87:ba:5f:d6:3b:fa:84:27:5c:f4:dd:3c:fe:85:a4:fd:b1:8e:
         0c:48:d1:1c:22:d9:9e:6f:41:e3:fa:cb:d9:03:15:98:17:58:
         cc:d4:02:34:5c:9c:54:cf:1c:2b:3e:ed:d1:03:f3:a5:7a:3d:
         b1:91:52:de:b6:18:cb:c9:8e:b7:b3:7a:ed:c4:a1:59:3e:8f:
         41:9c:ae:00:74:9a:df:76:a4:b5:b0:c3:25:c8:9a:dd:49:cc:
         8f:d1:c8:24:66:f8:95:7f:fb:f8:88:6d:4d:15:5d:b6:fb:d5:
         76:c0:64:eb:d3:01:cc:ac:47:3c:2d:3a:11:6b:45:7b:ee:9b:
         06:d0:3d:54:df:7c:68:f2:d6:ae:db:52:37:d5:99:94:0b:f2:
         2d:3a:87:f0:83:9e:e7:3c:d1:ce:81:b2:80:af:78:18:21:a7:
         61:3c:70:78:25:1d:cc:d1:57:6c:4a:88:4f:b2:bd:38:96:51:
         90:d5:62:c6:b8:e9:da:18:f9:b3:6e:b6:00:91:3b:36:f9:b5:
         8d:65:f2:b0:18:0a:38:4a:60:f0:df:f8:de:ec:3a:4f:44:9e:
         98:3d:f1:68:29:ac:b9:35:78:5b:1b:14:80:e5:b7:ae:a7:1b:
         1d:cc:39:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjagaEOn/7FCpFt911zUnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTIyMGE4MDVlNDM3ODU0N2U0M2JhYzczMWNlODZmZTAx
MTQ1YzcwHhcNMjUwMTAxMTk0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWJhYTg0OTRjM2RlMDZmZTRhNTdmYjEwMzE1NTY1ZjE4ZDdkMjJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XgcC09LAhjOdto/Cn2vMYouuazX
iUcVqmqQJ8nk1T8E9kNvUXFHgwPvj8NVSiQittFzKBZaUhSi0EA2bBRcQVms1Ar8
Ggtm84Fw9W9Kmpuja8DCftO79f4yn9E1nTxHHayf1jWWSDh00EV5haojEhm5oN9J
6325snGOfcj4m8iSXXy2Ka2etxFQYuqRSaubnPdgyhTNTyfq+6wm9lCzH8TlQIBy
VARPQLTsJDkXQhCgEfvTOC/dC40vf5nwgZE+JxDHSQypj/77HSkFx6YODCN2t4+L
93QbmNNZUqOOFyo8CJ2HBT53AFC7xDF3zWwzXnFh+wH/c65UVgcnq9sX9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDG6qElMPeBv5KV/sQMVVl8Y19IqMB8GA1UdIwQY
MBaAFLeSIKgF5DeFR+Q7rHMc6G/gEUXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDkt
NDIzYWZjMmI2OGI4LzEvTWJxb1NVdzk0R19rcFgteEF4VldYeGpYMGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDktNDIzYWZjMmI2OGI4
LzEvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU0IbMA0G
CSqGSIb3DQEBCwUAA4IBAQA5iGJS35Q+wpFHQrkT/Vpf3IiHul/WO/qEJ1z03Tz+
haT9sY4MSNEcItmeb0Hj+svZAxWYF1jM1AI0XJxUzxwrPu3RA/Olej2xkVLethjL
yY63s3rtxKFZPo9BnK4AdJrfdqS1sMMlyJrdScyP0cgkZviVf/v4iG1NFV22+9V2
wGTr0wHMrEc8LToRa0V77psG0D1U33xo8tau21I31ZmUC/ItOofwg57nPNHOgbKA
r3gYIadhPHB4JR3M0VdsSohPsr04llGQ1WLGuOnaGPmzbrYAkTs2+bWNZfKwGAo4
SmDw3/je7DpPRJ6YPfFoKay5NXhbGxSA5beupxsdzDlo
-----END CERTIFICATE-----