Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/6x1tWIXawD8Riqi1QgPxJwArGQA.roa
File:                     6x1tWIXawD8Riqi1QgPxJwArGQA.roa (raw, json)
Hash identifier:          ZkQHVdarUIUp1voSPC7ADD2JtVlZaBPISLsacFmKkAY=
Subject key identifier:   EB:1D:6D:58:85:DA:C0:3F:11:8A:A8:B5:42:03:F1:27:00:2B:19:00
Certificate issuer:       /CN=c3042f5c4789c97c4f92ef2177e7b8938c8dd5c4
Certificate serial:       01975A5A522D6947062BACC30AEDCFCE2BB8
Authority key identifier: C3:04:2F:5C:47:89:C9:7C:4F:92:EF:21:77:E7:B8:93:8C:8D:D5:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wwQvXEeJyXxPku8hd-e4k4yN1cQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/6x1tWIXawD8Riqi1QgPxJwArGQA.roa
Signing time:             Tue 10 Jun 2025 14:59:18 +0000
ROA not before:           Tue 10 Jun 2025 14:59:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        89.145.174.0/23 maxlen: 23
                          185.177.66.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/wwQvXEeJyXxPku8hd-e4k4yN1cQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/wwQvXEeJyXxPku8hd-e4k4yN1cQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wwQvXEeJyXxPku8hd-e4k4yN1cQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Jun 2025 07:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:5a:52:2d:69:47:06:2b:ac:c3:0a:ed:cf:ce:2b:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3042f5c4789c97c4f92ef2177e7b8938c8dd5c4
        Validity
            Not Before: Jun 10 14:59:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb1d6d5885dac03f118aa8b54203f127002b1900
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5d:df:9a:f8:4a:c8:76:0c:5f:8a:c2:1a:0e:
                    55:f7:ce:ff:09:96:7d:76:6b:63:f0:6d:7c:77:c5:
                    64:6f:2b:af:9b:8d:ca:90:82:02:fb:0e:24:a6:7c:
                    a7:9d:af:3e:65:56:5f:e8:41:be:01:e1:5c:32:7d:
                    8b:30:02:dd:be:de:80:08:6b:18:af:12:ed:78:d2:
                    cc:e9:ab:eb:3d:8f:2e:28:ae:be:44:2e:0d:43:3a:
                    bf:17:80:7c:c1:09:41:87:9e:a5:e3:93:75:4d:5b:
                    06:d4:13:3a:b2:90:34:b8:6e:a9:65:7e:52:b9:ac:
                    7f:bb:95:2b:0b:4c:1f:07:fb:29:cd:b4:9f:61:b4:
                    bd:3f:93:17:c3:25:5a:ff:f3:91:c2:35:6b:4f:69:
                    41:32:4b:d3:3c:35:06:af:00:4e:9a:1d:56:ab:dd:
                    2b:eb:5e:08:98:3c:1d:6b:01:29:da:61:61:b9:8d:
                    26:77:6d:a0:b3:af:9f:a2:d1:5c:50:64:91:e9:a7:
                    92:09:05:a6:fb:94:30:5b:98:71:5a:f8:37:e2:48:
                    d5:de:4b:91:50:50:9a:66:61:4a:4a:22:7f:a5:98:
                    2e:ef:fe:f6:65:03:f4:ac:37:c9:3c:7a:eb:d8:ad:
                    7f:19:84:0c:1e:63:17:3d:96:6a:7c:21:89:fd:4a:
                    6f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:1D:6D:58:85:DA:C0:3F:11:8A:A8:B5:42:03:F1:27:00:2B:19:00
            X509v3 Authority Key Identifier:
                keyid:C3:04:2F:5C:47:89:C9:7C:4F:92:EF:21:77:E7:B8:93:8C:8D:D5:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wwQvXEeJyXxPku8hd-e4k4yN1cQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/6x1tWIXawD8Riqi1QgPxJwArGQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/9e1d5b-de61-4d9a-84bd-02792f9cf07b/1/wwQvXEeJyXxPku8hd-e4k4yN1cQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.145.174.0/23
                  185.177.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:75:25:8b:e4:73:e2:28:76:79:26:d4:d8:30:87:76:0b:c8:
         4b:2e:50:a6:00:7d:78:93:2a:e5:15:19:bb:e3:20:3d:fa:c7:
         80:9d:9b:2b:9a:a1:8f:3c:35:61:36:e2:b0:1a:98:1b:4c:9b:
         19:b2:58:9f:97:3f:33:a6:5c:25:49:5f:31:cd:87:65:94:54:
         99:1f:cb:7e:2c:78:61:7d:c2:dd:77:a5:0a:a2:bc:f5:31:84:
         d1:74:8d:86:42:aa:fe:85:53:4a:39:df:71:81:ad:d6:5f:d4:
         10:47:ca:e9:d2:be:88:a0:0d:64:bc:a7:4e:46:57:e5:8c:06:
         ca:fe:96:a6:c0:04:3a:ba:05:48:1d:d1:52:1b:21:8e:ca:88:
         09:a3:c2:7e:64:f6:36:2d:04:68:1c:e7:ef:e8:31:5b:4a:e9:
         6b:3e:cb:86:6e:8b:79:c7:67:df:a8:0c:32:3d:c4:27:26:5e:
         b3:b3:50:51:16:dd:23:45:9f:1e:a4:94:35:c0:d6:e6:f6:9f:
         11:42:96:30:f5:18:0b:b5:1e:0b:85:91:a9:ba:bf:ff:5a:eb:
         1c:c2:f2:94:44:24:70:98:bf:67:a3:c7:28:88:80:22:0c:0d:
         b1:0a:8d:2e:80:33:06:2a:f3:d2:4a:a8:77:f9:fa:fc:f3:44:
         5d:10:b3:d7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdaWlItaUcGK6zDCu3Pziu4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzMDQyZjVjNDc4OWM5N2M0ZjkyZWYyMTc3ZTdiODkzOGM4
ZGQ1YzQwHhcNMjUwNjEwMTQ1OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjFkNmQ1ODg1ZGFjMDNmMTE4YWE4YjU0MjAzZjEyNzAwMmIxOTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsl3fmvhKyHYMX4rCGg5V987/CZZ9
dmtj8G18d8Vkbyuvm43KkIIC+w4kpnynna8+ZVZf6EG+AeFcMn2LMALdvt6ACGsY
rxLteNLM6avrPY8uKK6+RC4NQzq/F4B8wQlBh56l45N1TVsG1BM6spA0uG6pZX5S
uax/u5UrC0wfB/spzbSfYbS9P5MXwyVa//ORwjVrT2lBMkvTPDUGrwBOmh1Wq90r
614ImDwdawEp2mFhuY0md22gs6+fotFcUGSR6aeSCQWm+5QwW5hxWvg34kjV3kuR
UFCaZmFKSiJ/pZgu7/72ZQP0rDfJPHrr2K1/GYQMHmMXPZZqfCGJ/Upv7QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOsdbViF2sA/EYqotUID8ScAKxkAMB8GA1UdIwQY
MBaAFMMEL1xHicl8T5LvIXfnuJOMjdXEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3dRdlhFZUp5WHhQa3U4aGQtZTRrNHlOMWNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy85ZTFkNWItZGU2MS00ZDlhLTg0YmQt
MDI3OTJmOWNmMDdiLzEvNngxdFdJWGF3RDhSaXFpMVFnUHhKd0FyR1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy85ZTFkNWItZGU2MS00ZDlhLTg0YmQtMDI3OTJmOWNmMDdi
LzEvd3dRdlhFZUp5WHhQa3U4aGQtZTRrNHlOMWNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBWZGuAwQB
ubFCMA0GCSqGSIb3DQEBCwUAA4IBAQBydSWL5HPiKHZ5JtTYMId2C8hLLlCmAH14
kyrlFRm74yA9+seAnZsrmqGPPDVhNuKwGpgbTJsZsliflz8zplwlSV8xzYdllFSZ
H8t+LHhhfcLdd6UKorz1MYTRdI2GQqr+hVNKOd9xga3WX9QQR8rp0r6IoA1kvKdO
RlfljAbK/pamwAQ6ugVIHdFSGyGOyogJo8J+ZPY2LQRoHOfv6DFbSulrPsuGbot5
x2ffqAwyPcQnJl6zs1BRFt0jRZ8epJQ1wNbm9p8RQpYw9RgLtR4LhZGpur//Wusc
wvKURCRwmL9no8coiIAiDA2xCo0ugDMGKvPSSqh3+fr880RdELPX
-----END CERTIFICATE-----