Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/5e0298-0d6b-41b4-88f6-9185199a18c0/1/bC6pTGDsZ4iOHNe53IXcZCBmlIw.roa
File:                     bC6pTGDsZ4iOHNe53IXcZCBmlIw.roa (raw, json)
Hash identifier:          Nu4vCdQXopNGTYxKSdmiEuUUjtIYYlh9hvqm6GEgfmc=
Subject key identifier:   6C:2E:A9:4C:60:EC:67:88:8E:1C:D7:B9:DC:85:DC:64:20:66:94:8C
Certificate issuer:       /CN=191a96a28c65d584c8dd234d3db444cf4b337ba2
Certificate serial:       019538DADFD6CADE6285BB6385CD37452292
Authority key identifier: 19:1A:96:A2:8C:65:D5:84:C8:DD:23:4D:3D:B4:44:CF:4B:33:7B:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GRqWooxl1YTI3SNNPbREz0sze6I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/5e0298-0d6b-41b4-88f6-9185199a18c0/1/bC6pTGDsZ4iOHNe53IXcZCBmlIw.roa
Signing time:             Mon 24 Feb 2025 16:47:02 +0000
ROA not before:           Mon 24 Feb 2025 16:47:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        46.31.232.0/21 maxlen: 24
                          185.165.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/5e0298-0d6b-41b4-88f6-9185199a18c0/1/GRqWooxl1YTI3SNNPbREz0sze6I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/5e0298-0d6b-41b4-88f6-9185199a18c0/1/GRqWooxl1YTI3SNNPbREz0sze6I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GRqWooxl1YTI3SNNPbREz0sze6I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:38:da:df:d6:ca:de:62:85:bb:63:85:cd:37:45:22:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=191a96a28c65d584c8dd234d3db444cf4b337ba2
        Validity
            Not Before: Feb 24 16:47:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c2ea94c60ec67888e1cd7b9dc85dc642066948c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:e4:1b:2b:68:6c:5a:d4:0a:4d:bf:37:d5:a3:
                    05:01:1a:aa:88:b4:f5:a2:8c:56:30:f1:c7:9a:95:
                    51:f1:bc:da:60:b0:9b:77:b5:57:31:5c:b0:95:b9:
                    20:df:e0:d9:6b:55:d0:d8:d4:20:9b:8e:1c:90:09:
                    4b:41:01:72:e3:bd:0a:96:8a:ab:92:72:38:52:a6:
                    9d:0a:42:9e:ad:70:e4:a8:ad:73:f3:ff:22:66:dd:
                    c9:44:f6:d8:3e:b9:c7:30:b1:9e:00:e3:c4:97:53:
                    8a:f2:e1:88:f1:ea:cc:48:7b:0a:72:d6:e3:9d:ce:
                    d1:53:d3:53:2d:93:a2:5e:1f:2c:16:29:a1:77:89:
                    ed:64:2b:54:9a:51:d4:33:09:71:7b:4e:6b:f1:c8:
                    60:e4:98:9f:af:89:b5:66:6f:00:48:3d:41:e4:df:
                    7f:9d:ee:0f:db:f3:8c:55:29:0c:b8:c5:13:74:e2:
                    f7:84:f4:71:5d:79:b7:2a:cb:b9:7b:da:81:69:f6:
                    a6:3d:74:86:86:52:fa:af:96:b6:14:8f:7f:03:c7:
                    b1:dd:49:f6:29:51:1f:6c:0e:09:0b:3c:a5:18:de:
                    35:ca:01:37:f6:c1:8e:85:7c:7c:61:81:83:bc:6f:
                    85:ae:17:e5:e7:c0:46:fd:ff:d4:d6:b5:a2:cb:07:
                    28:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:2E:A9:4C:60:EC:67:88:8E:1C:D7:B9:DC:85:DC:64:20:66:94:8C
            X509v3 Authority Key Identifier:
                keyid:19:1A:96:A2:8C:65:D5:84:C8:DD:23:4D:3D:B4:44:CF:4B:33:7B:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GRqWooxl1YTI3SNNPbREz0sze6I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/5e0298-0d6b-41b4-88f6-9185199a18c0/1/bC6pTGDsZ4iOHNe53IXcZCBmlIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/5e0298-0d6b-41b4-88f6-9185199a18c0/1/GRqWooxl1YTI3SNNPbREz0sze6I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.232.0/21
                  185.165.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:51:0c:8b:6f:c4:58:2b:3f:76:5a:3c:3b:46:45:bf:32:50:
         40:f9:82:9e:3e:65:74:2a:34:ee:5e:03:ce:18:c7:22:de:2d:
         5a:30:4c:2f:bc:9e:35:ef:31:f2:f4:2d:65:ea:a1:c3:e2:c9:
         dd:96:da:ed:73:8a:e7:6b:8e:80:92:78:9d:e1:b9:a7:2d:94:
         57:9a:4b:66:d3:1e:c7:7c:d4:25:ca:98:54:cc:4a:b8:e9:35:
         02:b1:f0:0d:c0:98:53:d4:17:ce:fc:ce:dd:5f:08:c0:d8:60:
         60:2e:99:ed:fe:e8:5d:8b:a0:bd:5a:01:15:bc:cc:91:1b:c0:
         36:b8:7f:d9:3b:50:0d:cf:53:c1:bb:f4:6d:8d:96:5b:aa:92:
         1f:cf:a8:dc:91:e8:ae:48:76:d9:30:a9:ad:4c:1f:17:80:8e:
         31:f9:46:65:8d:18:b1:25:b9:27:48:06:a8:63:b6:ec:70:05:
         27:25:c9:27:6b:20:51:a3:ea:a3:e7:61:30:b6:ec:ac:9a:3e:
         83:81:80:fc:d2:c7:82:75:89:c8:bc:47:70:1d:39:99:02:7d:
         fb:d3:85:26:9c:82:10:9e:55:24:10:0c:ab:b5:38:99:23:9b:
         bc:44:d0:0f:ee:d4:44:47:f7:ed:f3:81:65:a8:9f:8a:6c:14:
         c4:48:35:27
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZU42t/Wyt5ihbtjhc03RSKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5MWE5NmEyOGM2NWQ1ODRjOGRkMjM0ZDNkYjQ0NGNmNGIz
MzdiYTIwHhcNMjUwMjI0MTY0NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzJlYTk0YzYwZWM2Nzg4OGUxY2Q3YjlkYzg1ZGM2NDIwNjY5NDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgeQbK2hsWtQKTb831aMFARqqiLT1
ooxWMPHHmpVR8bzaYLCbd7VXMVywlbkg3+DZa1XQ2NQgm44ckAlLQQFy470Kloqr
knI4UqadCkKerXDkqK1z8/8iZt3JRPbYPrnHMLGeAOPEl1OK8uGI8erMSHsKctbj
nc7RU9NTLZOiXh8sFimhd4ntZCtUmlHUMwlxe05r8chg5Jifr4m1Zm8ASD1B5N9/
ne4P2/OMVSkMuMUTdOL3hPRxXXm3Ksu5e9qBafamPXSGhlL6r5a2FI9/A8ex3Un2
KVEfbA4JCzylGN41ygE39sGOhXx8YYGDvG+Frhfl58BG/f/U1rWiywco5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGwuqUxg7GeIjhzXudyF3GQgZpSMMB8GA1UdIwQY
MBaAFBkalqKMZdWEyN0jTT20RM9LM3uiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1JxV29veGwxWVRJM1NOTlBiUkV6MHN6ZTZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi81ZTAyOTgtMGQ2Yi00MWI0LTg4ZjYt
OTE4NTE5OWExOGMwLzEvYkM2cFRHRHNaNGlPSE5lNTNJWGNaQ0JtbEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi81ZTAyOTgtMGQ2Yi00MWI0LTg4ZjYtOTE4NTE5OWExOGMw
LzEvR1JxV29veGwxWVRJM1NOTlBiUkV6MHN6ZTZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLh/oAwQC
uaU0MA0GCSqGSIb3DQEBCwUAA4IBAQB0UQyLb8RYKz92Wjw7RkW/MlBA+YKePmV0
KjTuXgPOGMci3i1aMEwvvJ417zHy9C1l6qHD4sndltrtc4rna46Aknid4bmnLZRX
mktm0x7HfNQlyphUzEq46TUCsfANwJhT1BfO/M7dXwjA2GBgLpnt/uhdi6C9WgEV
vMyRG8A2uH/ZO1ANz1PBu/RtjZZbqpIfz6jckeiuSHbZMKmtTB8XgI4x+UZljRix
JbknSAaoY7bscAUnJcknayBRo+qj52Ewtuysmj6DgYD80seCdYnIvEdwHTmZAn37
04UmnIIQnlUkEAyrtTiZI5u8RNAP7tRER/ft84FlqJ+KbBTESDUn
-----END CERTIFICATE-----