Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/MTEEbTxLhwcmIFVyPc3_83L2SWM.roa
File:                     MTEEbTxLhwcmIFVyPc3_83L2SWM.roa (raw, json)
Hash identifier:          pPAVTHjE82w53qTWAl4KRukHgVB0WjzGZSXqRTGTWY4=
Subject key identifier:   31:31:04:6D:3C:4B:87:07:26:20:55:72:3D:CD:FF:F3:72:F6:49:63
Certificate issuer:       /CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
Certificate serial:       019421443D72408F80EBDA2FE2E168BA5D63
Authority key identifier: 93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/MTEEbTxLhwcmIFVyPc3_83L2SWM.roa
Signing time:             Wed 01 Jan 2025 09:48:27 +0000
ROA not before:           Wed 01 Jan 2025 09:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35657
IP address blocks:        185.231.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3d:72:40:8f:80:eb:da:2f:e2:e1:68:ba:5d:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=932e8078ea420afc1a78bf922a9a2f274679c8a8
        Validity
            Not Before: Jan  1 09:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3131046d3c4b8707262055723dcdfff372f64963
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:53:38:80:8c:da:73:68:43:87:2d:52:3d:89:
                    3f:91:b6:51:25:f9:04:8d:88:07:c7:ed:d5:3a:f0:
                    e3:a4:6b:45:70:45:48:ae:29:44:f0:a6:16:03:fd:
                    6f:4c:bd:2b:bc:d2:85:8b:f0:75:23:66:dd:17:b7:
                    34:bc:5e:85:9c:eb:03:12:d6:b9:01:33:b7:eb:0a:
                    0c:76:e9:9f:a3:f7:7a:e5:5a:5a:00:85:65:ea:35:
                    65:33:f0:ad:80:d6:dc:43:03:f4:22:0c:47:6b:e8:
                    2e:a5:c2:b2:3b:9e:4a:29:68:22:40:cf:a8:3c:06:
                    68:a0:f9:ca:02:bd:cc:80:c6:d3:aa:2f:15:95:5c:
                    a0:88:55:3b:11:aa:c8:0e:8e:f5:22:6d:85:50:b8:
                    fb:86:6f:06:c9:5b:92:32:d3:ea:56:27:15:db:10:
                    3f:93:c7:79:f4:dc:34:10:90:14:bd:93:c2:a7:18:
                    de:95:dc:f1:ce:8b:3a:f2:fa:98:ed:b2:d8:17:fa:
                    d8:b4:ac:b2:40:3f:53:fb:05:e1:fd:d6:30:aa:bb:
                    41:e2:05:c7:89:f5:4f:d7:9a:02:03:33:ac:14:98:
                    42:a7:66:21:21:94:20:02:4b:ef:94:2f:d6:52:f3:
                    6a:c3:af:f3:34:e3:7e:fa:63:66:2b:56:b1:61:e7:
                    1c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:31:04:6D:3C:4B:87:07:26:20:55:72:3D:CD:FF:F3:72:F6:49:63
            X509v3 Authority Key Identifier:
                keyid:93:2E:80:78:EA:42:0A:FC:1A:78:BF:92:2A:9A:2F:27:46:79:C8:A8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/MTEEbTxLhwcmIFVyPc3_83L2SWM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/5eecf3-637f-450c-8489-34ba0738a341/1/ky6AeOpCCvwaeL-SKpovJ0Z5yKg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:78:25:6e:5b:2c:68:13:97:82:2c:a3:34:46:e9:00:86:b1:
         82:62:7e:c2:91:53:3a:41:34:23:78:18:28:aa:ff:53:a8:e2:
         82:1b:64:fa:98:44:f4:44:2a:0b:22:3f:78:57:b5:05:a5:09:
         7c:0d:4e:91:fc:81:e6:65:83:12:28:ba:bb:7d:51:16:a8:41:
         f0:f0:7c:4e:bb:25:f1:7a:fe:13:6e:85:5c:0b:e1:f1:3e:a9:
         c1:e3:25:96:d9:83:cc:40:d9:77:02:9a:d8:aa:1a:d4:c0:93:
         3a:8b:24:3c:64:0a:02:a8:36:96:10:15:a3:c8:db:c3:49:e1:
         38:89:eb:94:a2:5b:48:b9:f6:4b:68:1b:0d:cd:85:42:d4:cf:
         9a:ba:26:76:bb:2e:8d:ea:e1:bd:9b:d7:bd:31:4c:75:74:79:
         1b:1b:0b:3b:28:8c:66:b5:81:44:12:c9:21:d1:b6:1c:46:38:
         f0:c3:ec:6e:26:86:18:5f:86:08:3e:dc:3c:47:5d:e4:45:c3:
         cf:cf:58:f2:35:ac:ab:a6:f1:ee:f8:1b:2f:e6:ae:cb:c2:a2:
         13:29:61:92:46:6e:7e:9f:c2:6e:71:e7:e0:ab:26:20:56:a0:
         49:c2:5b:e5:4e:6e:a3:cf:2e:b1:d7:16:aa:5f:e0:57:c7:c5:
         45:ba:60:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRD1yQI+A69ov4uFoul1jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzMmU4MDc4ZWE0MjBhZmMxYTc4YmY5MjJhOWEyZjI3NDY3
OWM4YTgwHhcNMjUwMTAxMDk0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTMxMDQ2ZDNjNGI4NzA3MjYyMDU1NzIzZGNkZmZmMzcyZjY0OTYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyFM4gIzac2hDhy1SPYk/kbZRJfkE
jYgHx+3VOvDjpGtFcEVIrilE8KYWA/1vTL0rvNKFi/B1I2bdF7c0vF6FnOsDEta5
ATO36woMdumfo/d65VpaAIVl6jVlM/CtgNbcQwP0IgxHa+gupcKyO55KKWgiQM+o
PAZooPnKAr3MgMbTqi8VlVygiFU7EarIDo71Im2FULj7hm8GyVuSMtPqVicV2xA/
k8d59Nw0EJAUvZPCpxjeldzxzos68vqY7bLYF/rYtKyyQD9T+wXh/dYwqrtB4gXH
ifVP15oCAzOsFJhCp2YhIZQgAkvvlC/WUvNqw6/zNON++mNmK1axYeccOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDExBG08S4cHJiBVcj3N//Ny9kljMB8GA1UdIwQY
MBaAFJMugHjqQgr8Gni/kiqaLydGecioMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODkt
MzRiYTA3MzhhMzQxLzEvTVRFRWJUeExod2NtSUZWeVBjM184M0wyU1dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi81ZWVjZjMtNjM3Zi00NTBjLTg0ODktMzRiYTA3MzhhMzQx
LzEva3k2QWVPcENDdndhZUwtU0twb3ZKMFo1eUtnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuecGMA0G
CSqGSIb3DQEBCwUAA4IBAQBOeCVuWyxoE5eCLKM0RukAhrGCYn7CkVM6QTQjeBgo
qv9TqOKCG2T6mET0RCoLIj94V7UFpQl8DU6R/IHmZYMSKLq7fVEWqEHw8HxOuyXx
ev4TboVcC+HxPqnB4yWW2YPMQNl3AprYqhrUwJM6iyQ8ZAoCqDaWEBWjyNvDSeE4
ieuUoltIufZLaBsNzYVC1M+auiZ2uy6N6uG9m9e9MUx1dHkbGws7KIxmtYFEEskh
0bYcRjjww+xuJoYYX4YIPtw8R13kRcPPz1jyNayrpvHu+Bsv5q7LwqITKWGSRm5+
n8JucefgqyYgVqBJwlvlTm6jzy6x1xaqX+BXx8VFumB6
-----END CERTIFICATE-----