Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/2e6ee3-8158-458e-a0ac-ae81edc6fbd7/1/mTUK0_cMYs_FlNXkmrwcNZ-A9WU.roa
File:                     mTUK0_cMYs_FlNXkmrwcNZ-A9WU.roa (raw, json)
Hash identifier:          vFAKDgKtbcMdQ9fcPL7goyOKxpH3iASXmuoUDIoP9TQ=
Subject key identifier:   99:35:0A:D3:F7:0C:62:CF:C5:94:D5:E4:9A:BC:1C:35:9F:80:F5:65
Certificate issuer:       /CN=3ee0214c609c6cd67803ac7c736ef8da517ca59d
Certificate serial:       0197643004410B588EA75517C9D92E190F0F
Authority key identifier: 3E:E0:21:4C:60:9C:6C:D6:78:03:AC:7C:73:6E:F8:DA:51:7C:A5:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PuAhTGCcbNZ4A6x8c2742lF8pZ0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/2e6ee3-8158-458e-a0ac-ae81edc6fbd7/1/mTUK0_cMYs_FlNXkmrwcNZ-A9WU.roa
Signing time:             Thu 12 Jun 2025 12:49:17 +0000
ROA not before:           Thu 12 Jun 2025 12:49:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210536
IP address blocks:        109.71.185.0/24 maxlen: 24
                          2a14:c180::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/2e6ee3-8158-458e-a0ac-ae81edc6fbd7/1/PuAhTGCcbNZ4A6x8c2742lF8pZ0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/2e6ee3-8158-458e-a0ac-ae81edc6fbd7/1/PuAhTGCcbNZ4A6x8c2742lF8pZ0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PuAhTGCcbNZ4A6x8c2742lF8pZ0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Jun 2025 12:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:30:04:41:0b:58:8e:a7:55:17:c9:d9:2e:19:0f:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ee0214c609c6cd67803ac7c736ef8da517ca59d
        Validity
            Not Before: Jun 12 12:49:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=99350ad3f70c62cfc594d5e49abc1c359f80f565
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3f:c0:e8:03:fb:dc:3a:b6:a2:42:8d:db:f2:
                    97:bd:8e:33:80:9f:1f:aa:3b:df:d4:09:88:ff:09:
                    2c:a8:38:1c:ab:7d:27:08:ae:99:9c:ad:d9:6d:b0:
                    72:6f:d9:3f:78:1c:50:69:4d:08:4a:5a:30:9d:7d:
                    c0:f5:73:aa:b5:53:e0:13:6f:c0:e5:bd:1c:c3:e7:
                    83:28:f5:15:25:2a:79:e8:37:83:08:ee:90:70:79:
                    ad:c0:49:26:48:88:db:a0:4f:d0:6d:91:b2:02:99:
                    3e:ae:6c:d1:00:b3:f3:1d:6b:ba:b0:e4:5f:b5:10:
                    b1:5c:fd:f8:cc:33:34:ed:38:e6:b5:a6:d8:02:68:
                    95:3b:f6:15:72:41:5e:a6:6c:57:42:e3:74:f8:d2:
                    6f:1a:df:bf:81:22:cf:93:67:a7:d8:af:de:78:12:
                    c0:f1:1c:e4:fd:0a:2e:7b:81:f3:1c:02:fe:81:2e:
                    5b:8f:80:9c:b3:cc:49:92:7f:ef:53:84:16:93:2a:
                    52:f3:bc:de:12:9c:2a:ab:99:4c:4d:85:d7:d1:fe:
                    46:3d:cb:57:35:b1:bc:99:74:43:a5:9a:cb:e9:cf:
                    26:41:ed:86:29:3f:f2:48:78:c6:60:b0:89:55:c0:
                    9e:35:5d:f0:91:5b:05:b3:d5:75:9c:af:38:77:1e:
                    be:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:35:0A:D3:F7:0C:62:CF:C5:94:D5:E4:9A:BC:1C:35:9F:80:F5:65
            X509v3 Authority Key Identifier:
                keyid:3E:E0:21:4C:60:9C:6C:D6:78:03:AC:7C:73:6E:F8:DA:51:7C:A5:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PuAhTGCcbNZ4A6x8c2742lF8pZ0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2e6ee3-8158-458e-a0ac-ae81edc6fbd7/1/mTUK0_cMYs_FlNXkmrwcNZ-A9WU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/2e6ee3-8158-458e-a0ac-ae81edc6fbd7/1/PuAhTGCcbNZ4A6x8c2742lF8pZ0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.185.0/24
                IPv6:
                  2a14:c180::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:5d:e2:92:d0:9d:a1:6e:64:15:71:b6:b5:21:ce:f2:49:3d:
         d3:b2:a0:1f:9d:b1:b6:17:51:bf:92:de:4a:1d:0d:bf:4e:67:
         3f:ae:75:82:c4:ab:65:cf:04:63:c8:d2:77:a4:d6:b7:bb:88:
         b6:9e:3f:d0:f6:dd:13:4c:9f:f3:ee:8d:94:c2:3e:fb:6e:8f:
         99:21:0b:31:29:2c:36:6d:9e:42:94:88:9f:19:bc:2d:60:8f:
         04:89:55:1f:8f:c6:bc:9f:02:4d:a8:80:d4:0c:f0:d8:72:3d:
         e5:d1:d3:18:04:67:90:05:2f:66:96:d6:cc:f6:97:52:4e:38:
         97:0b:d4:12:75:96:70:e7:33:53:79:f0:da:b4:6d:d6:83:a5:
         f3:f7:44:6b:b9:d2:c1:7b:d1:0d:e4:1b:66:bb:f2:0b:3f:53:
         80:30:0b:24:39:3d:2b:d3:60:54:1a:c5:dc:f6:23:dd:f8:e8:
         54:c5:1c:38:54:ab:79:22:70:6c:89:92:cf:28:fe:8b:56:c8:
         74:87:3e:73:2a:26:cf:e3:9f:29:24:69:6b:c8:9a:24:6f:69:
         62:71:e2:81:e8:a6:01:09:4c:b9:f5:a4:92:15:78:05:f4:45:
         1d:c2:2d:df:95:04:95:37:0c:9b:66:99:37:13:c7:41:71:45:
         9b:4c:89:58
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZdkMARBC1iOp1UXydkuGQ8PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZTAyMTRjNjA5YzZjZDY3ODAzYWM3YzczNmVmOGRhNTE3
Y2E1OWQwHhcNMjUwNjEyMTI0OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTM1MGFkM2Y3MGM2MmNmYzU5NGQ1ZTQ5YWJjMWMzNTlmODBmNTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz/A6AP73Dq2okKN2/KXvY4zgJ8f
qjvf1AmI/wksqDgcq30nCK6ZnK3ZbbByb9k/eBxQaU0ISlownX3A9XOqtVPgE2/A
5b0cw+eDKPUVJSp56DeDCO6QcHmtwEkmSIjboE/QbZGyApk+rmzRALPzHWu6sORf
tRCxXP34zDM07TjmtabYAmiVO/YVckFepmxXQuN0+NJvGt+/gSLPk2en2K/eeBLA
8Rzk/Qoue4HzHAL+gS5bj4Ccs8xJkn/vU4QWkypS87zeEpwqq5lMTYXX0f5GPctX
NbG8mXRDpZrL6c8mQe2GKT/ySHjGYLCJVcCeNV3wkVsFs9V1nK84dx6+SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJk1CtP3DGLPxZTV5Jq8HDWfgPVlMB8GA1UdIwQY
MBaAFD7gIUxgnGzWeAOsfHNu+NpRfKWdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHVBaFRHQ2NiTlo0QTZ4OGMyNzQybEY4cFowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS8yZTZlZTMtODE1OC00NThlLWEwYWMt
YWU4MWVkYzZmYmQ3LzEvbVRVSzBfY01Zc19GbE5Ya21yd2NOWi1BOVdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS8yZTZlZTMtODE1OC00NThlLWEwYWMtYWU4MWVkYzZmYmQ3
LzEvUHVBaFRHQ2NiTlo0QTZ4OGMyNzQybEY4cFowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAbUe5MA0E
AgACMAcDBQMqFMGAMA0GCSqGSIb3DQEBCwUAA4IBAQBPXeKS0J2hbmQVcba1Ic7y
ST3TsqAfnbG2F1G/kt5KHQ2/Tmc/rnWCxKtlzwRjyNJ3pNa3u4i2nj/Q9t0TTJ/z
7o2Uwj77bo+ZIQsxKSw2bZ5ClIifGbwtYI8EiVUfj8a8nwJNqIDUDPDYcj3l0dMY
BGeQBS9mltbM9pdSTjiXC9QSdZZw5zNTefDatG3Wg6Xz90RrudLBe9EN5Btmu/IL
P1OAMAskOT0r02BUGsXc9iPd+OhUxRw4VKt5InBsiZLPKP6LVsh0hz5zKibP458p
JGlryJokb2liceKB6KYBCUy59aSSFXgF9EUdwi3flQSVNwybZpk3E8dBcUWbTIlY
-----END CERTIFICATE-----