Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zYb6n_UxNGfOi-aQ5zCoIcXkBO8.roa
File:                     zYb6n_UxNGfOi-aQ5zCoIcXkBO8.roa (raw, json)
Hash identifier:          bKnHlGslIdqxXHxOGlw7bm+ci6CLSeVT80SfoeMCOgk=
Subject key identifier:   CD:86:FA:9F:F5:31:34:67:CE:8B:E6:90:E7:30:A8:21:C5:E4:04:EF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018F617F8215CDA125D57CA810695D631B2E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zYb6n_UxNGfOi-aQ5zCoIcXkBO8.roa
Signing time:             Fri 10 May 2024 07:54:57 +0000
ROA not before:           Fri 10 May 2024 07:54:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215131
IP address blocks:        2a10:ccc5:2a10::/44 maxlen: 44
                          2a10:ccc5:2a10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:61:7f:82:15:cd:a1:25:d5:7c:a8:10:69:5d:63:1b:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: May 10 07:54:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cd86fa9ff5313467ce8be690e730a821c5e404ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b7:c5:6f:ea:bd:28:1c:cd:c4:86:ff:23:8e:
                    91:68:96:78:e1:11:c2:91:9e:bf:35:3d:ca:df:9b:
                    89:78:00:bd:15:53:e5:6a:13:fd:b3:bb:36:69:b1:
                    05:7f:db:77:5e:9c:f9:ee:f2:c8:8f:aa:32:41:71:
                    6f:82:79:a6:7d:48:08:c6:1a:2a:c9:05:bb:de:31:
                    30:2a:dd:b1:be:bf:80:53:db:1b:de:04:63:5b:22:
                    d3:3a:f3:c9:e1:0b:90:6a:da:9d:60:20:a0:4a:8d:
                    9d:0d:28:4d:fc:3a:e8:5f:76:e2:a0:aa:c3:47:03:
                    4c:06:88:68:38:f6:24:f4:9f:53:40:28:5e:31:50:
                    c2:a1:7a:95:5f:a9:60:09:82:fc:0f:a3:63:ef:62:
                    7a:b7:35:f5:61:30:80:27:2f:3b:91:1f:11:1e:cb:
                    a2:78:bd:6c:6b:66:d3:55:1b:90:62:10:78:1d:fa:
                    69:03:19:4b:20:bc:88:f1:00:32:c8:db:1f:d4:9c:
                    b1:01:d1:fb:ec:e1:ea:c1:1e:a4:2a:72:a5:3c:93:
                    41:d9:aa:da:31:cd:e9:7d:b0:03:50:45:d9:98:13:
                    01:f0:23:f0:c8:0b:2a:d5:a0:0d:e4:87:6a:13:f2:
                    99:f4:e1:18:b0:ad:00:de:94:ee:5c:e9:e4:51:b6:
                    91:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:86:FA:9F:F5:31:34:67:CE:8B:E6:90:E7:30:A8:21:C5:E4:04:EF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zYb6n_UxNGfOi-aQ5zCoIcXkBO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc5:2a10::/44

    Signature Algorithm: sha256WithRSAEncryption
         98:dc:74:c3:b4:5b:5a:00:dc:74:a5:d5:7b:75:95:88:19:08:
         8e:0b:13:de:a8:2e:2c:b8:40:ca:09:aa:26:5e:9d:3c:ca:50:
         aa:c9:6e:34:ae:98:55:18:e7:a8:c8:c5:9f:57:6e:43:d5:4f:
         51:39:7f:a0:8e:ff:2c:36:83:56:03:43:16:cb:80:66:89:ea:
         66:39:f8:0f:61:98:b1:82:a5:a2:33:d3:ac:a8:e9:be:02:8c:
         c8:cc:5d:c3:f9:24:e7:fe:c5:8d:67:86:c1:3e:fc:98:ca:8e:
         82:47:38:17:7a:1a:f1:35:23:8a:ac:d7:1d:b3:95:01:87:fa:
         d5:f3:f3:0b:13:89:46:0a:9c:0b:34:bf:5f:a1:44:be:6c:4b:
         1e:b1:ec:3c:88:b4:3a:00:fb:db:15:ed:6f:56:60:61:b3:c0:
         c3:83:40:88:bf:79:aa:04:80:06:fd:1e:e7:97:52:c5:ee:d1:
         df:82:a4:86:cd:22:d5:88:37:13:79:98:dd:8f:9b:fa:a0:d9:
         06:3a:01:9f:ff:99:7f:68:f0:df:8b:a9:83:89:73:e2:f6:63:
         1e:c7:0d:8b:38:d2:89:5c:19:c9:54:96:f9:96:71:2d:b9:88:
         aa:0e:b6:a2:6c:29:94:dd:f3:51:92:f8:d7:7b:01:d4:4e:f3:
         0b:e1:f0:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY9hf4IVzaEl1XyoEGldYxsuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNTEwMDc1NDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDg2ZmE5ZmY1MzEzNDY3Y2U4YmU2OTBlNzMwYTgyMWM1ZTQwNGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrfFb+q9KBzNxIb/I46RaJZ44RHC
kZ6/NT3K35uJeAC9FVPlahP9s7s2abEFf9t3Xpz57vLIj6oyQXFvgnmmfUgIxhoq
yQW73jEwKt2xvr+AU9sb3gRjWyLTOvPJ4QuQatqdYCCgSo2dDShN/DroX3bioKrD
RwNMBohoOPYk9J9TQCheMVDCoXqVX6lgCYL8D6Nj72J6tzX1YTCAJy87kR8RHsui
eL1sa2bTVRuQYhB4HfppAxlLILyI8QAyyNsf1JyxAdH77OHqwR6kKnKlPJNB2ara
Mc3pfbADUEXZmBMB8CPwyAsq1aAN5IdqE/KZ9OEYsK0A3pTuXOnkUbaRwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM2G+p/1MTRnzovmkOcwqCHF5ATvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvelliNm5fVXhOR2ZPaS1hUTV6Q29JY1hrQk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhDMxSoQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCY3HTDtFtaANx0pdV7dZWIGQiOCxPeqC4suEDK
CaomXp08ylCqyW40rphVGOeoyMWfV25D1U9ROX+gjv8sNoNWA0MWy4BmiepmOfgP
YZixgqWiM9OsqOm+AozIzF3D+STn/sWNZ4bBPvyYyo6CRzgXehrxNSOKrNcds5UB
h/rV8/MLE4lGCpwLNL9foUS+bEsesew8iLQ6APvbFe1vVmBhs8DDg0CIv3mqBIAG
/R7nl1LF7tHfgqSGzSLViDcTeZjdj5v6oNkGOgGf/5l/aPDfi6mDiXPi9mMexw2L
ONKJXBnJVJb5lnEtuYiqDraibCmU3fNRkvjXewHUTvML4fAj
-----END CERTIFICATE-----