Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/6fkN5rOLJ6gL-NpTeta8_RIxCBE.roa
File:                     6fkN5rOLJ6gL-NpTeta8_RIxCBE.roa (raw, json)
Hash identifier:          f2ZwlMcvJoCKbYL6euCpxwS8YGFQEIwUnezA/2zOaSo=
Subject key identifier:   E9:F9:0D:E6:B3:8B:27:A8:0B:F8:DA:53:7A:D6:BC:FD:12:31:08:11
Certificate issuer:       /CN=dd640339e59addc75fd978101b40082b5d2b8796
Certificate serial:       019031ACEB965572413EBBA15DE4F34B8FF5
Authority key identifier: DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/6fkN5rOLJ6gL-NpTeta8_RIxCBE.roa
Signing time:             Wed 19 Jun 2024 18:05:34 +0000
ROA not before:           Wed 19 Jun 2024 18:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142146
IP address blocks:        185.191.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 13:50:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:31:ac:eb:96:55:72:41:3e:bb:a1:5d:e4:f3:4b:8f:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd640339e59addc75fd978101b40082b5d2b8796
        Validity
            Not Before: Jun 19 18:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e9f90de6b38b27a80bf8da537ad6bcfd12310811
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:0b:2e:08:ed:1d:ff:d8:ef:88:60:14:fc:68:
                    6c:ad:26:4e:67:cd:5c:2a:41:36:12:2c:f8:dd:4f:
                    b6:63:f1:da:fb:c0:2f:19:a9:48:e5:5b:e8:a6:54:
                    95:9e:0b:ca:61:51:ab:44:cd:79:de:ba:a2:dc:75:
                    09:ed:53:92:75:95:6c:b9:60:78:e7:3a:d5:90:38:
                    89:f2:23:26:31:93:2f:0a:c1:38:fe:89:25:6d:b4:
                    d7:da:94:89:2f:a9:0b:5f:76:30:cf:30:45:b3:b7:
                    5c:15:02:67:c5:bd:48:44:ac:b6:a0:2f:66:08:ad:
                    c8:45:fa:e6:fb:54:18:cc:e3:7b:8e:0f:71:d4:cc:
                    86:6f:06:ab:ca:f8:6d:21:9b:dd:db:4f:85:98:e1:
                    33:f6:8a:68:5c:4e:a6:ed:a0:1a:aa:4f:b7:9d:1c:
                    e6:d8:8f:ea:4a:67:44:cd:d8:dc:c4:96:5d:81:fb:
                    8b:9d:0f:86:29:97:53:9a:86:d5:74:38:b1:97:b4:
                    b5:54:f8:a4:0e:9b:c4:56:72:a5:95:ec:94:35:8e:
                    61:a9:14:a7:90:35:91:d6:82:89:ed:a7:5f:5c:52:
                    6c:1d:01:91:63:92:41:3b:93:99:4f:30:8f:40:b4:
                    59:e9:ef:37:dc:21:c2:7e:a1:4a:b1:b7:dc:aa:22:
                    54:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:F9:0D:E6:B3:8B:27:A8:0B:F8:DA:53:7A:D6:BC:FD:12:31:08:11
            X509v3 Authority Key Identifier:
                keyid:DD:64:03:39:E5:9A:DD:C7:5F:D9:78:10:1B:40:08:2B:5D:2B:87:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3WQDOeWa3cdf2XgQG0AIK10rh5Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/6fkN5rOLJ6gL-NpTeta8_RIxCBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/7616e5-a8cc-45d1-b3d0-61b73354abdb/1/3WQDOeWa3cdf2XgQG0AIK10rh5Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.191.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:d5:e4:3e:57:70:25:36:1e:d5:e6:90:3e:36:71:23:87:90:
         a3:59:f7:d0:19:f9:73:07:63:c3:3b:11:c8:9d:65:e2:4a:10:
         79:30:eb:3c:77:3d:4f:d3:94:16:e2:25:89:92:71:92:2b:f2:
         f2:92:e0:b9:74:68:79:65:8b:f7:0e:a4:d3:b3:cb:dc:91:cb:
         ed:ce:a4:7f:a6:21:a0:72:f0:25:c7:fd:2c:59:d6:c0:44:1b:
         55:d2:db:6a:3d:98:ba:31:38:c2:42:b9:fd:6c:93:2e:76:de:
         d2:4f:99:aa:90:3f:83:4b:10:9f:97:88:e4:b7:87:e1:f5:56:
         b3:9d:6d:29:ff:aa:14:f0:02:f9:42:a2:33:69:5b:b2:60:75:
         a5:34:41:43:18:82:42:85:2a:e8:e1:7c:af:fb:55:00:cc:79:
         1f:37:8d:a5:72:fc:1f:82:f0:fa:5d:44:7c:85:5b:41:02:d9:
         92:50:09:9f:33:cf:fd:ba:f6:9e:a9:cb:ad:e9:4a:dc:ca:67:
         c3:94:f5:00:82:10:e7:38:b7:b1:53:31:fc:93:a9:56:40:3e:
         16:ef:62:7d:5c:a4:ca:df:2f:d3:42:16:08:c9:13:01:9c:9b:
         52:de:2a:46:98:e4:cd:eb:d2:65:99:c7:f4:5b:ac:1e:1d:5d:
         67:43:a1:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAxrOuWVXJBPruhXeTzS4/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkNjQwMzM5ZTU5YWRkYzc1ZmQ5NzgxMDFiNDAwODJiNWQy
Yjg3OTYwHhcNMjQwNjE5MTgwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWY5MGRlNmIzOGIyN2E4MGJmOGRhNTM3YWQ2YmNmZDEyMzEwODExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1wsuCO0d/9jviGAU/GhsrSZOZ81c
KkE2Eiz43U+2Y/Ha+8AvGalI5VvoplSVngvKYVGrRM153rqi3HUJ7VOSdZVsuWB4
5zrVkDiJ8iMmMZMvCsE4/oklbbTX2pSJL6kLX3YwzzBFs7dcFQJnxb1IRKy2oC9m
CK3IRfrm+1QYzON7jg9x1MyGbwaryvhtIZvd20+FmOEz9opoXE6m7aAaqk+3nRzm
2I/qSmdEzdjcxJZdgfuLnQ+GKZdTmobVdDixl7S1VPikDpvEVnKlleyUNY5hqRSn
kDWR1oKJ7adfXFJsHQGRY5JBO5OZTzCPQLRZ6e833CHCfqFKsbfcqiJU3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOn5DeaziyeoC/jaU3rWvP0SMQgRMB8GA1UdIwQY
MBaAFN1kAznlmt3HX9l4EBtACCtdK4eWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAt
NjFiNzMzNTRhYmRiLzEvNmZrTjVyT0xKNmdMLU5wVGV0YThfUkl4Q0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy83NjE2ZTUtYThjYy00NWQxLWIzZDAtNjFiNzMzNTRhYmRi
LzEvM1dRRE9lV2EzY2RmMlhnUUcwQUlLMTByaDVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAub+RMA0G
CSqGSIb3DQEBCwUAA4IBAQBB1eQ+V3AlNh7V5pA+NnEjh5CjWffQGflzB2PDOxHI
nWXiShB5MOs8dz1P05QW4iWJknGSK/LykuC5dGh5ZYv3DqTTs8vckcvtzqR/piGg
cvAlx/0sWdbARBtV0ttqPZi6MTjCQrn9bJMudt7ST5mqkD+DSxCfl4jkt4fh9Vaz
nW0p/6oU8AL5QqIzaVuyYHWlNEFDGIJChSro4Xyv+1UAzHkfN42lcvwfgvD6XUR8
hVtBAtmSUAmfM8/9uvaeqcut6UrcymfDlPUAghDnOLexUzH8k6lWQD4W72J9XKTK
3y/TQhYIyRMBnJtS3ipGmOTN69Jlmcf0W6weHV1nQ6H2
-----END CERTIFICATE-----