Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gAE8EhAh9tChPX-S_f4mB-tqh8I.roa
File:                     gAE8EhAh9tChPX-S_f4mB-tqh8I.roa (raw, json)
Hash identifier:          /3ddGzy+vUUTwVKZP1IMr9QzRcDaobn1n36TC84iIRI=
Subject key identifier:   80:01:3C:12:10:21:F6:D0:A1:3D:7F:92:FD:FE:26:07:EB:6A:87:C2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018F905E875B6334302F045ED7FDA33947BA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gAE8EhAh9tChPX-S_f4mB-tqh8I.roa
Signing time:             Sun 19 May 2024 10:21:05 +0000
ROA not before:           Sun 19 May 2024 10:21:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216107
IP address blocks:        2a0e:b107:2880::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:90:5e:87:5b:63:34:30:2f:04:5e:d7:fd:a3:39:47:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May 19 10:21:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80013c121021f6d0a13d7f92fdfe2607eb6a87c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:fc:11:dd:84:b8:bf:31:cc:76:60:e9:8e:e2:
                    09:8e:64:b5:62:7b:e4:41:10:f7:29:b7:c7:81:04:
                    cd:4e:95:a4:c5:f4:6a:cc:f3:d2:c7:4d:58:45:24:
                    3d:80:7a:15:c2:b8:ce:16:2b:ec:59:a2:72:47:a1:
                    6d:56:2b:dd:87:b7:ad:c2:24:ed:03:3b:79:8b:b2:
                    16:56:c2:f2:d6:18:4a:23:c2:02:25:0c:02:71:ff:
                    16:d5:3d:17:30:b7:d6:68:31:b7:06:dc:64:05:e9:
                    9d:39:76:17:96:60:b7:29:70:bb:51:41:e7:d6:76:
                    99:6b:50:f1:f6:ab:67:be:b2:a3:7e:3b:0b:6a:77:
                    fe:1b:0b:a7:84:b9:df:9e:af:7f:10:36:2c:0f:4c:
                    69:ee:ba:1e:91:0b:25:2d:5a:37:63:9b:c2:6a:09:
                    ce:e5:e5:e1:49:31:dc:94:2a:93:41:93:2c:20:bb:
                    76:5a:24:ed:eb:31:bb:15:a7:a3:5c:0a:bd:e1:9f:
                    d3:78:04:f4:91:9f:03:c3:62:46:69:f4:7c:31:94:
                    37:0d:21:96:ad:61:ff:39:24:28:7e:77:c8:35:2b:
                    f8:5c:6b:60:52:fe:3b:8b:6d:91:fc:f0:47:78:ec:
                    d0:ca:38:c1:44:ba:a6:2d:7b:4e:71:98:f2:61:f2:
                    a9:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:01:3C:12:10:21:F6:D0:A1:3D:7F:92:FD:FE:26:07:EB:6A:87:C2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gAE8EhAh9tChPX-S_f4mB-tqh8I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2880::/46

    Signature Algorithm: sha256WithRSAEncryption
         c4:bb:b3:a3:95:b4:bc:b8:e0:8f:6b:60:c8:2c:3b:8a:37:44:
         d9:a6:0a:22:60:c2:63:a5:11:b7:af:d6:f3:e3:7f:ea:71:84:
         8c:cd:69:5f:91:8a:23:e5:75:98:6f:05:6b:59:0a:88:9e:6b:
         d2:ef:1d:43:bc:85:21:56:82:9b:d8:52:55:56:15:31:47:85:
         cf:f7:95:26:8d:26:f6:30:df:b8:3f:d3:af:d3:9a:71:70:60:
         c6:8d:b9:49:db:8e:db:7d:08:de:31:66:c8:21:9d:b3:7f:ed:
         29:c4:bd:37:88:04:bc:1f:72:d7:32:91:4f:2a:dd:fa:05:7e:
         0d:cf:21:93:9e:1d:82:b9:97:1c:62:43:f7:88:44:96:20:fe:
         d5:6f:bf:cb:29:3a:00:14:80:36:b9:d4:b2:5b:b8:65:cc:3d:
         c7:ac:9d:cf:ec:80:79:57:1c:6a:b2:65:e8:77:eb:b2:f5:cb:
         b4:89:21:7b:b7:d9:ed:06:e8:61:07:50:fa:c9:cb:48:c7:48:
         99:0b:87:62:b8:8c:07:f0:d4:86:44:ea:a6:73:bf:58:81:7d:
         fd:f6:04:8a:81:5e:6f:41:99:53:86:e2:de:d8:58:b3:21:ba:
         65:61:7a:fa:ac:5b:25:5e:54:9b:ff:ce:db:0e:ce:2c:79:a4:
         36:31:34:bb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY+QXodbYzQwLwRe1/2jOUe6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNTE5MTAyMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDAxM2MxMjEwMjFmNmQwYTEzZDdmOTJmZGZlMjYwN2ViNmE4N2MyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7/wR3YS4vzHMdmDpjuIJjmS1Ynvk
QRD3KbfHgQTNTpWkxfRqzPPSx01YRSQ9gHoVwrjOFivsWaJyR6FtVivdh7etwiTt
Azt5i7IWVsLy1hhKI8ICJQwCcf8W1T0XMLfWaDG3BtxkBemdOXYXlmC3KXC7UUHn
1naZa1Dx9qtnvrKjfjsLanf+GwunhLnfnq9/EDYsD0xp7roekQslLVo3Y5vCagnO
5eXhSTHclCqTQZMsILt2WiTt6zG7FaejXAq94Z/TeAT0kZ8Dw2JGafR8MZQ3DSGW
rWH/OSQofnfINSv4XGtgUv47i22R/PBHeOzQyjjBRLqmLXtOcZjyYfKpHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIABPBIQIfbQoT1/kv3+JgfraofCMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZ0FFOEVoQWg5dENoUFgtU19mNG1CLXRxaDhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6xByiA
MA0GCSqGSIb3DQEBCwUAA4IBAQDEu7OjlbS8uOCPa2DILDuKN0TZpgoiYMJjpRG3
r9bz43/qcYSMzWlfkYoj5XWYbwVrWQqInmvS7x1DvIUhVoKb2FJVVhUxR4XP95Um
jSb2MN+4P9Ov05pxcGDGjblJ247bfQjeMWbIIZ2zf+0pxL03iAS8H3LXMpFPKt36
BX4NzyGTnh2CuZccYkP3iESWIP7Vb7/LKToAFIA2udSyW7hlzD3HrJ3P7IB5Vxxq
smXod+uy9cu0iSF7t9ntBuhhB1D6yctIx0iZC4diuIwH8NSGROqmc79YgX399gSK
gV5vQZlThuLe2FizIbplYXr6rFslXlSb/87bDs4seaQ2MTS7
-----END CERTIFICATE-----