Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/6WF0N3ANEOh5V4LZtgZNOBJ_xJE.roa
File:                     6WF0N3ANEOh5V4LZtgZNOBJ_xJE.roa (raw, json)
Hash identifier:          GN3SfJqnfgCIXJsZSKWnxtWzFusuFwzLCL2yxaySHOE=
Subject key identifier:   E9:61:74:37:70:0D:10:E8:79:57:82:D9:B6:06:4D:38:12:7F:C4:91
Certificate issuer:       /CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
Certificate serial:       019424B29F2D1BFD922760634FB9887C13A6
Authority key identifier: 6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/6WF0N3ANEOh5V4LZtgZNOBJ_xJE.roa
Signing time:             Thu 02 Jan 2025 01:47:53 +0000
ROA not before:           Thu 02 Jan 2025 01:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        62.171.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:9f:2d:1b:fd:92:27:60:63:4f:b9:88:7c:13:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a5836dde9b9daef35a8a7f74d6326f6b42da74d
        Validity
            Not Before: Jan  2 01:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9617437700d10e8795782d9b6064d38127fc491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c7:97:0a:ec:56:fe:33:cc:44:65:77:e6:c8:
                    a9:2c:78:d1:66:e4:5b:8c:da:88:67:f0:cb:32:09:
                    15:0f:95:bf:0c:04:ba:ae:f1:86:c2:0c:72:a5:5c:
                    4e:22:68:bd:13:12:14:97:07:c3:2e:56:66:2e:2a:
                    a9:c5:67:54:d1:93:cf:67:79:6e:36:ac:80:dd:c7:
                    7d:b2:75:18:bc:04:b1:24:46:fe:4e:b9:06:13:29:
                    95:cd:3e:61:c7:13:3a:3e:8a:a0:0e:6d:ea:14:5e:
                    79:20:7c:19:3a:e2:d0:09:05:11:22:77:8e:2d:66:
                    b4:74:7e:d9:27:30:5a:87:8c:12:a4:fb:00:00:be:
                    cd:c1:b1:14:0b:9d:2c:6f:35:1e:13:af:71:61:74:
                    39:63:76:74:25:6b:9b:ab:af:59:6d:db:d0:d3:99:
                    b8:c6:1a:71:1c:bd:31:6d:3d:f8:b4:51:f1:e6:a6:
                    9a:8d:04:b3:02:1d:5a:26:b9:c9:a7:78:96:64:37:
                    2d:46:1b:14:02:52:82:de:29:11:41:91:59:3d:2e:
                    c2:4a:a7:a9:5d:b4:c4:97:be:61:8e:6e:9c:18:03:
                    3d:80:f5:f6:9d:69:b3:a2:f9:67:ea:5c:38:3e:7f:
                    23:bf:66:40:a0:f1:c5:c1:c3:7a:ef:68:85:57:8c:
                    62:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:61:74:37:70:0D:10:E8:79:57:82:D9:B6:06:4D:38:12:7F:C4:91
            X509v3 Authority Key Identifier:
                keyid:6A:58:36:DD:E9:B9:DA:EF:35:A8:A7:F7:4D:63:26:F6:B4:2D:A7:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/alg23em52u81qKf3TWMm9rQtp00.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/6WF0N3ANEOh5V4LZtgZNOBJ_xJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/838032-db97-497f-8c95-c19942737e6d/1/alg23em52u81qKf3TWMm9rQtp00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.171.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         91:c9:8b:5c:53:b2:a5:11:e7:fa:b7:6a:e9:4b:c4:3b:e5:73:
         e3:53:78:c4:16:a1:a8:17:93:e7:19:48:9e:b6:e2:94:fe:76:
         25:cc:05:22:af:f7:07:df:1d:56:c4:8e:4b:62:84:04:9f:50:
         57:06:05:5e:89:33:c5:7a:6c:e4:08:46:d8:80:94:41:45:88:
         60:39:63:12:7b:a1:df:b4:c5:a4:1e:c8:c2:2b:d6:b1:21:d5:
         96:fc:a5:b5:3c:4d:4a:62:15:89:76:b9:89:b4:b0:39:f6:6e:
         b7:18:4b:cc:90:43:43:f9:67:d5:81:be:7d:27:23:e3:55:e9:
         b9:e6:80:0a:d6:2d:80:30:e8:ce:29:1d:4e:56:63:f7:cb:ba:
         88:23:5e:e8:b7:1a:c0:2a:e8:6a:22:a7:c2:24:8f:40:d4:25:
         75:ad:e2:8f:d1:14:af:17:03:2a:f4:9d:2d:01:36:52:07:7d:
         9b:22:bf:eb:fb:82:73:d2:6c:11:a3:e2:ad:98:a1:00:80:6f:
         f2:c1:f4:ed:55:ec:5d:7b:f1:3d:d6:9b:75:33:24:ea:3c:3f:
         a6:1f:64:b6:91:32:76:ba:91:12:9f:ee:37:24:2c:19:4f:e3:
         4f:81:50:28:b8:8f:4b:65:61:0c:ab:d9:17:c4:fc:c1:c7:19:
         00:27:00:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksp8tG/2SJ2BjT7mIfBOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNTgzNmRkZTliOWRhZWYzNWE4YTdmNzRkNjMyNmY2YjQy
ZGE3NGQwHhcNMjUwMTAyMDE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTYxNzQzNzcwMGQxMGU4Nzk1NzgyZDliNjA2NGQzODEyN2ZjNDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxceXCuxW/jPMRGV35sipLHjRZuRb
jNqIZ/DLMgkVD5W/DAS6rvGGwgxypVxOImi9ExIUlwfDLlZmLiqpxWdU0ZPPZ3lu
NqyA3cd9snUYvASxJEb+TrkGEymVzT5hxxM6PoqgDm3qFF55IHwZOuLQCQURIneO
LWa0dH7ZJzBah4wSpPsAAL7NwbEUC50sbzUeE69xYXQ5Y3Z0JWubq69ZbdvQ05m4
xhpxHL0xbT34tFHx5qaajQSzAh1aJrnJp3iWZDctRhsUAlKC3ikRQZFZPS7CSqep
XbTEl75hjm6cGAM9gPX2nWmzovln6lw4Pn8jv2ZAoPHFwcN672iFV4xirQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOlhdDdwDRDoeVeC2bYGTTgSf8SRMB8GA1UdIwQY
MBaAFGpYNt3pudrvNain901jJva0LadNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUt
YzE5OTQyNzM3ZTZkLzEvNldGME4zQU5FT2g1VjRMWnRnWk5PQkpfeEpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi84MzgwMzItZGI5Ny00OTdmLThjOTUtYzE5OTQyNzM3ZTZk
LzEvYWxnMjNlbTUydTgxcUtmM1RXTW05clF0cDAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDPqvoMA0G
CSqGSIb3DQEBCwUAA4IBAQCRyYtcU7KlEef6t2rpS8Q75XPjU3jEFqGoF5PnGUie
tuKU/nYlzAUir/cH3x1WxI5LYoQEn1BXBgVeiTPFemzkCEbYgJRBRYhgOWMSe6Hf
tMWkHsjCK9axIdWW/KW1PE1KYhWJdrmJtLA59m63GEvMkEND+WfVgb59JyPjVem5
5oAK1i2AMOjOKR1OVmP3y7qII17otxrAKuhqIqfCJI9A1CV1reKP0RSvFwMq9J0t
ATZSB32bIr/r+4Jz0mwRo+KtmKEAgG/ywfTtVexde/E91pt1MyTqPD+mH2S2kTJ2
upESn+43JCwZT+NPgVAouI9LZWEMq9kXxPzBxxkAJwBP
-----END CERTIFICATE-----