Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/b6a1cd-65a0-49d3-9c5f-f06fc48c8e4c/1/g6TmhqoG_IADwsC-GEbQq9xKePg.roa
File:                     g6TmhqoG_IADwsC-GEbQq9xKePg.roa (raw, json)
Hash identifier:          L2BybzQCICOxY6zkJoh+UHB/hV65BYdz7sNC8RSFIvc=
Subject key identifier:   83:A4:E6:86:AA:06:FC:80:03:C2:C0:BE:18:46:D0:AB:DC:4A:78:F8
Certificate issuer:       /CN=6a211643187ef9258a1325cdfc1d1bf7383be85b
Certificate serial:       019423D7F82A90E42E6AB9F8AAE94738ADBD
Authority key identifier: 6A:21:16:43:18:7E:F9:25:8A:13:25:CD:FC:1D:1B:F7:38:3B:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aiEWQxh--SWKEyXN_B0b9zg76Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/b6a1cd-65a0-49d3-9c5f-f06fc48c8e4c/1/g6TmhqoG_IADwsC-GEbQq9xKePg.roa
Signing time:             Wed 01 Jan 2025 21:49:03 +0000
ROA not before:           Wed 01 Jan 2025 21:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15471
IP address blocks:        88.158.0.0/16 maxlen: 24
                          194.153.232.0/24 maxlen: 24
                          2a03:fa80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/b6a1cd-65a0-49d3-9c5f-f06fc48c8e4c/1/aiEWQxh--SWKEyXN_B0b9zg76Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/b6a1cd-65a0-49d3-9c5f-f06fc48c8e4c/1/aiEWQxh--SWKEyXN_B0b9zg76Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aiEWQxh--SWKEyXN_B0b9zg76Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f8:2a:90:e4:2e:6a:b9:f8:aa:e9:47:38:ad:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a211643187ef9258a1325cdfc1d1bf7383be85b
        Validity
            Not Before: Jan  1 21:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83a4e686aa06fc8003c2c0be1846d0abdc4a78f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:41:c3:47:a6:d2:ed:09:44:61:da:2b:a9:23:
                    d5:b2:54:65:94:2e:29:ef:34:8f:f9:a2:ca:4e:41:
                    2e:35:d3:03:09:b5:3d:9f:c1:9d:0f:2b:ee:43:df:
                    0a:26:94:24:f9:f0:b9:0f:c4:46:e1:45:0c:5f:75:
                    e9:9c:29:48:0a:71:68:af:01:d8:4c:ce:99:72:e9:
                    c4:8a:26:9f:7b:d2:2b:d6:71:3e:6f:5d:21:83:06:
                    15:38:99:35:0d:73:51:17:1a:48:29:36:d4:b5:a4:
                    6d:17:b1:b1:99:ce:e6:d6:ea:37:49:6d:c0:29:18:
                    7e:cb:fe:f8:89:0f:f2:54:ca:44:6a:4e:fd:16:6c:
                    df:81:6a:e6:23:01:e9:f0:3c:d2:3e:ac:37:a2:c3:
                    f4:34:b9:52:67:08:eb:c3:99:db:af:10:4f:34:66:
                    02:f2:9c:c0:e8:db:01:05:d5:6e:79:6a:35:12:e7:
                    57:74:7e:43:24:35:fb:28:56:5e:4e:e5:c7:60:bc:
                    30:52:3f:da:96:bd:8a:a0:ae:f6:48:92:82:e0:90:
                    08:00:27:0b:81:52:9b:4c:68:89:ea:60:b9:5f:0e:
                    30:4e:bf:00:fb:fe:a1:3e:43:a5:78:1b:69:e4:dd:
                    0c:96:e8:36:cd:94:41:80:9c:76:25:99:e9:e0:34:
                    7c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:A4:E6:86:AA:06:FC:80:03:C2:C0:BE:18:46:D0:AB:DC:4A:78:F8
            X509v3 Authority Key Identifier:
                keyid:6A:21:16:43:18:7E:F9:25:8A:13:25:CD:FC:1D:1B:F7:38:3B:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aiEWQxh--SWKEyXN_B0b9zg76Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b6a1cd-65a0-49d3-9c5f-f06fc48c8e4c/1/g6TmhqoG_IADwsC-GEbQq9xKePg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/b6a1cd-65a0-49d3-9c5f-f06fc48c8e4c/1/aiEWQxh--SWKEyXN_B0b9zg76Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.158.0.0/16
                  194.153.232.0/24
                IPv6:
                  2a03:fa80::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:de:c6:db:4e:4f:b1:de:0b:a3:e6:56:6a:cf:09:9d:0b:d9:
         e5:aa:fe:12:26:cb:e6:3e:15:81:2e:3a:cd:7f:94:ef:2f:fe:
         bb:c7:db:3d:49:e7:54:e2:df:47:a2:4f:0b:cc:63:41:45:9f:
         bd:42:ed:b8:ff:1d:63:5b:2c:af:c4:d0:ac:36:38:33:d2:17:
         e5:72:f4:04:c0:59:b5:9d:52:98:da:b0:90:b7:2d:e5:91:c2:
         73:ec:aa:32:9e:ed:7a:5f:93:35:be:8b:3c:62:c4:3b:9a:f2:
         56:6f:bc:93:fa:52:4f:09:52:0c:39:05:2e:3e:21:c7:8a:58:
         e0:1f:c6:cf:c5:ae:c8:df:0e:9f:e7:93:0a:94:26:d3:5b:ec:
         a0:c9:6b:a9:bd:38:9f:24:e2:d3:2e:61:ce:34:88:6b:ba:5d:
         7b:d7:8e:ba:04:a1:a4:f8:7e:1e:2d:91:7b:8b:71:ff:de:4f:
         04:a7:52:d1:68:85:38:b4:d7:c5:ac:bf:27:6e:c2:19:4e:9c:
         c5:44:9a:c2:31:5e:e1:6b:a5:30:d7:e0:5d:1c:1b:69:c9:bf:
         e1:c5:fd:2c:15:e6:a5:c6:7b:af:81:43:aa:aa:d8:f7:28:d8:
         ea:15:30:36:c9:8e:15:f0:c7:28:64:99:4f:d9:f6:76:25:bb:
         4c:39:a9:74
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZQj1/gqkOQuarn4qulHOK29MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhMjExNjQzMTg3ZWY5MjU4YTEzMjVjZGZjMWQxYmY3Mzgz
YmU4NWIwHhcNMjUwMTAxMjE0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2E0ZTY4NmFhMDZmYzgwMDNjMmMwYmUxODQ2ZDBhYmRjNGE3OGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0HDR6bS7QlEYdorqSPVslRllC4p
7zSP+aLKTkEuNdMDCbU9n8GdDyvuQ98KJpQk+fC5D8RG4UUMX3XpnClICnForwHY
TM6ZcunEiiafe9Ir1nE+b10hgwYVOJk1DXNRFxpIKTbUtaRtF7Gxmc7m1uo3SW3A
KRh+y/74iQ/yVMpEak79FmzfgWrmIwHp8DzSPqw3osP0NLlSZwjrw5nbrxBPNGYC
8pzA6NsBBdVueWo1EudXdH5DJDX7KFZeTuXHYLwwUj/alr2KoK72SJKC4JAIACcL
gVKbTGiJ6mC5Xw4wTr8A+/6hPkOleBtp5N0Mlug2zZRBgJx2JZnp4DR87wIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFIOk5oaqBvyAA8LAvhhG0KvcSnj4MB8GA1UdIwQY
MBaAFGohFkMYfvklihMlzfwdG/c4O+hbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYWlFV1F4aC0tU1dLRXlYTl9CMGI5emc3NkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9iNmExY2QtNjVhMC00OWQzLTljNWYt
ZjA2ZmM0OGM4ZTRjLzEvZzZUbWhxb0dfSUFEd3NDLUdFYlFxOXhLZVBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9iNmExY2QtNjVhMC00OWQzLTljNWYtZjA2ZmM0OGM4ZTRj
LzEvYWlFV1F4aC0tU1dLRXlYTl9CMGI5emc3NkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAWJ4DBADC
megwDQQCAAIwBwMFACoD+oAwDQYJKoZIhvcNAQELBQADggEBAGfexttOT7HeC6Pm
VmrPCZ0L2eWq/hImy+Y+FYEuOs1/lO8v/rvH2z1J51Ti30eiTwvMY0FFn71C7bj/
HWNbLK/E0Kw2ODPSF+Vy9ATAWbWdUpjasJC3LeWRwnPsqjKe7XpfkzW+izxixDua
8lZvvJP6Uk8JUgw5BS4+IceKWOAfxs/FrsjfDp/nkwqUJtNb7KDJa6m9OJ8k4tMu
Yc40iGu6XXvXjroEoaT4fh4tkXuLcf/eTwSnUtFohTi018WsvyduwhlOnMVEmsIx
XuFrpTDX4F0cG2nJv+HF/SwV5qXGe6+BQ6qq2Pco2OoVMDbJjhXwxyhkmU/Z9nYl
u0w5qXQ=
-----END CERTIFICATE-----