Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/6W6gmSc4k57Y4v5MIcHO8sDy0Nk.roa
File:                     6W6gmSc4k57Y4v5MIcHO8sDy0Nk.roa (raw, json)
Hash identifier:          aByrM29yQlmUSgYmIxuh2nCAQIQ4+06fpCqZWYYHHbE=
Subject key identifier:   E9:6E:A0:99:27:38:93:9E:D8:E2:FE:4C:21:C1:CE:F2:C0:F2:D0:D9
Certificate issuer:       /CN=a66246b806e89aba40e7e58888f3576513a3934a
Certificate serial:       0196CE7584ED34FA1321FB02203BD327020C
Authority key identifier: A6:62:46:B8:06:E8:9A:BA:40:E7:E5:88:88:F3:57:65:13:A3:93:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/6W6gmSc4k57Y4v5MIcHO8sDy0Nk.roa
Signing time:             Wed 14 May 2025 11:02:10 +0000
ROA not before:           Wed 14 May 2025 11:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208821
IP address blocks:        45.83.32.0/24 maxlen: 24
                          45.83.33.0/24 maxlen: 24
                          45.83.34.0/24 maxlen: 24
                          45.83.35.0/24 maxlen: 24
                          2a0e:8e80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 11 Jun 2025 23:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:75:84:ed:34:fa:13:21:fb:02:20:3b:d3:27:02:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a66246b806e89aba40e7e58888f3576513a3934a
        Validity
            Not Before: May 14 11:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e96ea0992738939ed8e2fe4c21c1cef2c0f2d0d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ec:8c:c6:22:be:ae:ec:62:51:3b:0e:67:5e:
                    f4:a7:bd:e6:28:a4:d4:87:39:0b:19:d5:11:bf:b9:
                    c9:1b:5c:73:ec:78:ae:23:96:5c:5f:59:70:99:cc:
                    87:10:1d:2a:3b:48:85:ae:90:0e:9b:2e:2d:29:c1:
                    79:6b:f6:53:7e:dd:30:d3:87:7c:75:80:a3:3c:dc:
                    bf:96:cd:6e:7f:cb:3f:d2:15:24:ce:7f:d6:75:14:
                    cc:37:2d:47:77:3d:ac:ff:41:4e:b2:9d:cf:27:67:
                    81:0e:86:37:c8:42:7e:e4:e7:2c:5b:bb:6e:7a:64:
                    13:30:17:84:71:25:f9:c6:68:2e:8a:f8:91:50:29:
                    a8:b7:5a:f0:91:9a:e3:e5:ae:0b:e8:85:73:d7:38:
                    00:78:a3:f0:a3:94:be:13:81:04:4a:94:b5:81:f1:
                    05:4d:fb:b9:2e:77:dc:6a:3d:95:6c:eb:c1:4b:c7:
                    d8:ec:a5:18:b4:d9:d2:9e:dd:ea:e8:24:a7:f3:2e:
                    05:a7:05:e4:8e:09:b5:27:46:c8:68:dc:b8:5b:2b:
                    9e:78:ac:0c:6b:a7:f9:fe:c5:d0:39:23:bc:78:7f:
                    e0:04:51:1a:ae:e6:54:aa:30:51:e8:c4:5f:33:ca:
                    f1:6d:21:1a:34:e7:4a:34:35:fc:a4:19:d3:80:d8:
                    8f:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:6E:A0:99:27:38:93:9E:D8:E2:FE:4C:21:C1:CE:F2:C0:F2:D0:D9
            X509v3 Authority Key Identifier:
                keyid:A6:62:46:B8:06:E8:9A:BA:40:E7:E5:88:88:F3:57:65:13:A3:93:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pmJGuAbomrpA5-WIiPNXZROjk0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/6W6gmSc4k57Y4v5MIcHO8sDy0Nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/555221-000d-49f6-8335-4fd28c6619ae/1/pmJGuAbomrpA5-WIiPNXZROjk0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.32.0/22
                IPv6:
                  2a0e:8e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         2a:80:a6:c4:63:85:2a:51:8d:16:f1:74:21:35:79:fd:6a:0c:
         7d:be:a9:ef:a8:8c:8d:47:3b:e6:ae:df:e9:9d:cb:b2:f4:94:
         4f:ff:e8:2a:e7:ca:47:71:e9:94:d4:57:52:9a:0a:94:5f:d5:
         23:ba:9d:49:8d:2d:1f:34:93:45:d9:42:a7:76:52:5b:c0:24:
         b9:e8:d0:8a:18:22:6f:95:26:60:9c:61:58:5d:5c:43:87:a0:
         7c:64:ca:62:c2:b1:12:49:03:3a:83:4b:be:5d:4d:c3:4e:ce:
         46:83:79:0e:ad:e4:57:a5:bd:bd:f6:c8:80:1d:3d:4e:61:85:
         02:75:4b:32:cd:cb:ad:a7:b4:74:50:17:1b:7e:ef:25:a0:9b:
         69:d4:11:ff:71:1d:d8:e3:65:67:ed:0a:42:2c:d3:99:95:02:
         8a:c6:8f:fb:1e:44:15:90:51:5a:5c:cb:5b:c2:2a:bf:c4:18:
         2b:55:77:66:86:c6:a2:b8:37:50:d0:8b:12:79:68:7c:16:3d:
         91:1f:27:74:fa:bb:4a:81:84:46:98:60:19:6f:c3:79:5a:44:
         c0:0d:e7:db:e0:ea:30:29:c7:41:ef:da:49:3e:5e:c1:5b:a8:
         00:0f:ef:3d:4a:b3:65:3a:81:22:73:1a:f5:2e:83:36:f4:a5:
         6a:d9:3b:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZbOdYTtNPoTIfsCIDvTJwIMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2NjI0NmI4MDZlODlhYmE0MGU3ZTU4ODg4ZjM1NzY1MTNh
MzkzNGEwHhcNMjUwNTE0MTEwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOTZlYTA5OTI3Mzg5MzllZDhlMmZlNGMyMWMxY2VmMmMwZjJkMGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr+yMxiK+ruxiUTsOZ170p73mKKTU
hzkLGdURv7nJG1xz7HiuI5ZcX1lwmcyHEB0qO0iFrpAOmy4tKcF5a/ZTft0w04d8
dYCjPNy/ls1uf8s/0hUkzn/WdRTMNy1Hdz2s/0FOsp3PJ2eBDoY3yEJ+5OcsW7tu
emQTMBeEcSX5xmguiviRUCmot1rwkZrj5a4L6IVz1zgAeKPwo5S+E4EESpS1gfEF
Tfu5Lnfcaj2VbOvBS8fY7KUYtNnSnt3q6CSn8y4FpwXkjgm1J0bIaNy4WyueeKwM
a6f5/sXQOSO8eH/gBFEaruZUqjBR6MRfM8rxbSEaNOdKNDX8pBnTgNiPpQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOluoJknOJOe2OL+TCHBzvLA8tDZMB8GA1UdIwQY
MBaAFKZiRrgG6Jq6QOfliIjzV2UTo5NKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcG1KR3VBYm9tcnBBNS1XSWlQTlhaUk9qazBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC81NTUyMjEtMDAwZC00OWY2LTgzMzUt
NGZkMjhjNjYxOWFlLzEvNlc2Z21TYzRrNTdZNHY1TUljSE84c0R5ME5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC81NTUyMjEtMDAwZC00OWY2LTgzMzUtNGZkMjhjNjYxOWFl
LzEvcG1KR3VBYm9tcnBBNS1XSWlQTlhaUk9qazBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVMgMA0E
AgACMAcDBQMqDo6AMA0GCSqGSIb3DQEBCwUAA4IBAQAqgKbEY4UqUY0W8XQhNXn9
agx9vqnvqIyNRzvmrt/pncuy9JRP/+gq58pHcemU1FdSmgqUX9Ujup1JjS0fNJNF
2UKndlJbwCS56NCKGCJvlSZgnGFYXVxDh6B8ZMpiwrESSQM6g0u+XU3DTs5Gg3kO
reRXpb299siAHT1OYYUCdUsyzcutp7R0UBcbfu8loJtp1BH/cR3Y42Vn7QpCLNOZ
lQKKxo/7HkQVkFFaXMtbwiq/xBgrVXdmhsaiuDdQ0IsSeWh8Fj2RHyd0+rtKgYRG
mGAZb8N5WkTADefb4OowKcdB79pJPl7BW6gAD+89SrNlOoEicxr1LoM29KVq2Tt2
-----END CERTIFICATE-----
Generated at Wed Jun 11 07:04:37 2025 by rpki-client