Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6GekfhS8Gk9BGoFpJAM1Y8EINfY.roa
File:                     6GekfhS8Gk9BGoFpJAM1Y8EINfY.roa (raw, json)
Hash identifier:          DGOPyCENAITDoI424yhoC11ITRq80K/f4z/S2K0Wk+k=
Subject key identifier:   E8:67:A4:7E:14:BC:1A:4F:41:1A:81:69:24:03:35:63:C1:08:35:F6
Certificate issuer:       /CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
Certificate serial:       0196A5272F4293EA9D9B3EB6AE480B5B74A1
Authority key identifier: E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6GekfhS8Gk9BGoFpJAM1Y8EINfY.roa
Signing time:             Tue 06 May 2025 10:32:10 +0000
ROA not before:           Tue 06 May 2025 10:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35133
IP address blocks:        2a07:5500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a5:27:2f:42:93:ea:9d:9b:3e:b6:ae:48:0b:5b:74:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8bd26dce48161c7fbf9ff67b907f1e605c25a66
        Validity
            Not Before: May  6 10:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e867a47e14bc1a4f411a816924033563c10835f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:b3:93:d7:93:12:c8:bc:83:e4:54:e2:c6:24:
                    30:5e:47:3f:f4:e3:3a:15:e3:84:a1:dc:ee:12:06:
                    87:27:67:21:ad:ce:66:f5:0d:08:06:db:7c:85:2a:
                    68:f8:a9:d2:14:12:82:37:e2:75:b2:7e:ba:41:82:
                    bb:2a:90:be:99:ba:3b:2b:b4:4f:42:70:d2:85:37:
                    ef:25:4d:61:a0:10:c4:80:11:93:e0:5d:86:59:b9:
                    1e:e8:62:09:7d:41:59:ca:c9:74:d2:8a:6b:44:49:
                    e7:ad:9a:4a:95:81:a7:89:63:51:cb:89:2a:e6:99:
                    9b:c3:ec:c0:95:96:0a:1e:17:92:6a:2e:7c:58:84:
                    7f:ac:d1:fe:ec:38:f8:e5:39:bf:3a:ca:ec:32:c4:
                    b1:99:c3:af:b5:a4:f7:65:6b:de:7a:03:11:4d:ee:
                    6a:f8:f0:bf:62:67:9a:89:45:67:97:89:fe:70:57:
                    42:6e:89:bb:c5:e6:1a:17:10:b6:85:ed:2d:c3:7b:
                    10:e9:84:1f:f5:e1:09:4e:f6:16:20:c4:95:ce:f6:
                    fe:b3:cd:59:e8:ad:f4:2f:ff:79:fc:5d:38:d3:5a:
                    e2:74:a2:86:bd:1e:2d:12:e3:cc:0e:f3:7b:1f:b0:
                    2b:d5:5e:c9:95:dd:45:80:cb:53:c8:f9:ac:66:41:
                    8e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:67:A4:7E:14:BC:1A:4F:41:1A:81:69:24:03:35:63:C1:08:35:F6
            X509v3 Authority Key Identifier:
                keyid:E8:BD:26:DC:E4:81:61:C7:FB:F9:FF:67:B9:07:F1:E6:05:C2:5A:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6L0m3OSBYcf7-f9nuQfx5gXCWmY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6GekfhS8Gk9BGoFpJAM1Y8EINfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/bd9ca8-179b-4322-a094-50dd3a58154b/1/6L0m3OSBYcf7-f9nuQfx5gXCWmY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:5500::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:8d:1f:dd:b1:db:0f:0e:b0:97:6d:d6:ac:cd:0b:ae:dc:b6:
         ca:d2:22:3b:28:84:63:a0:98:6b:69:1c:cd:47:52:ab:a5:73:
         d5:85:26:be:19:4b:a0:9a:f6:09:e1:4d:1b:37:bb:62:37:a7:
         80:d3:4e:9a:e7:01:50:1b:42:dd:a2:de:b7:12:25:fb:71:ba:
         e0:b8:a4:d9:d7:04:57:a3:52:6f:da:fb:d3:84:54:61:46:4a:
         15:28:ca:db:e4:4e:90:50:42:f2:3c:49:41:56:8b:75:bb:be:
         4e:48:33:f8:de:12:de:30:98:c9:e4:91:70:ee:00:ff:c3:a6:
         72:f6:d3:9e:19:db:bf:aa:b2:29:da:84:11:9d:90:4e:86:03:
         f0:ed:e6:4a:f0:e5:92:60:41:63:95:05:7a:c5:56:38:c7:38:
         df:73:3e:6f:19:e2:d4:54:c2:7f:e8:5a:c8:8c:68:e9:84:2e:
         16:4c:83:87:65:59:87:c8:cb:80:56:55:b8:6d:8b:3b:5c:63:
         fd:78:70:d5:18:9e:79:df:4d:a7:2f:90:91:1d:c2:55:5b:82:
         32:62:71:7e:33:b7:2a:c6:8a:10:aa:ca:d6:76:ea:64:af:09:
         2c:8d:f3:90:2f:22:0f:12:ed:86:82:c8:e8:b2:55:4d:0d:63:
         2e:0d:26:2a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZalJy9Ck+qdmz62rkgLW3ShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YmQyNmRjZTQ4MTYxYzdmYmY5ZmY2N2I5MDdmMWU2MDVj
MjVhNjYwHhcNMjUwNTA2MTAzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODY3YTQ3ZTE0YmMxYTRmNDExYTgxNjkyNDAzMzU2M2MxMDgzNWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rOT15MSyLyD5FTixiQwXkc/9OM6
FeOEodzuEgaHJ2chrc5m9Q0IBtt8hSpo+KnSFBKCN+J1sn66QYK7KpC+mbo7K7RP
QnDShTfvJU1hoBDEgBGT4F2GWbke6GIJfUFZysl00oprREnnrZpKlYGniWNRy4kq
5pmbw+zAlZYKHheSai58WIR/rNH+7Dj45Tm/OsrsMsSxmcOvtaT3ZWveegMRTe5q
+PC/YmeaiUVnl4n+cFdCbom7xeYaFxC2he0tw3sQ6YQf9eEJTvYWIMSVzvb+s81Z
6K30L/95/F0401ridKKGvR4tEuPMDvN7H7Ar1V7Jld1FgMtTyPmsZkGO0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOhnpH4UvBpPQRqBaSQDNWPBCDX2MB8GA1UdIwQY
MBaAFOi9JtzkgWHH+/n/Z7kH8eYFwlpmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQt
NTBkZDNhNTgxNTRiLzEvNkdla2ZoUzhHazlCR29GcEpBTTFZOEVJTmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9iZDljYTgtMTc5Yi00MzIyLWEwOTQtNTBkZDNhNTgxNTRi
LzEvNkwwbTNPU0JZY2Y3LWY5bnVRZng1Z1hDV21ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdVADAN
BgkqhkiG9w0BAQsFAAOCAQEAPI0f3bHbDw6wl23WrM0Lrty2ytIiOyiEY6CYa2kc
zUdSq6Vz1YUmvhlLoJr2CeFNGze7YjengNNOmucBUBtC3aLetxIl+3G64Lik2dcE
V6NSb9r704RUYUZKFSjK2+ROkFBC8jxJQVaLdbu+Tkgz+N4S3jCYyeSRcO4A/8Om
cvbTnhnbv6qyKdqEEZ2QToYD8O3mSvDlkmBBY5UFesVWOMc433M+bxni1FTCf+ha
yIxo6YQuFkyDh2VZh8jLgFZVuG2LO1xj/Xhw1Rieed9Npy+QkR3CVVuCMmJxfjO3
KsaKEKrK1nbqZK8JLI3zkC8iDxLthoLI6LJVTQ1jLg0mKg==
-----END CERTIFICATE-----