Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/51l0ZaazViO-9DNCdW3GnWR4GwI.roa
File:                     51l0ZaazViO-9DNCdW3GnWR4GwI.roa (raw, json)
Hash identifier:          UwPqa23rEDmYBVT49o12uDR12sWWmyh1Kinzo0LGRpA=
Subject key identifier:   E7:59:74:65:A6:B3:56:23:BE:F4:33:42:75:6D:C6:9D:64:78:1B:02
Certificate issuer:       /CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
Certificate serial:       019421439372999A0D4667BFD27CD5404028
Authority key identifier: CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/51l0ZaazViO-9DNCdW3GnWR4GwI.roa
Signing time:             Wed 01 Jan 2025 09:47:44 +0000
ROA not before:           Wed 01 Jan 2025 09:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        2a07:e00:19f::/48 maxlen: 48
                          2a07:e02:41::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 03:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:93:72:99:9a:0d:46:67:bf:d2:7c:d5:40:40:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc2eb5b38bb62ede5c98cbfbcff9532852180516
        Validity
            Not Before: Jan  1 09:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7597465a6b35623bef43342756dc69d64781b02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:13:ef:ff:ac:54:91:a0:f7:34:ae:1c:48:ef:
                    31:a4:6e:6e:1b:fb:1a:f1:01:b1:07:4a:6d:c1:08:
                    a5:bb:46:14:2e:bb:c6:85:7d:7e:0d:aa:72:ff:46:
                    19:ac:71:a7:00:97:dc:c9:11:ad:ae:d8:bf:76:5f:
                    1d:7a:c1:07:0e:fe:57:d1:c0:b4:d1:92:9d:95:db:
                    34:65:8a:04:e2:d1:76:8e:85:9f:cc:0b:ac:65:bf:
                    ca:bb:fa:45:8f:a2:d7:7f:3f:e8:b9:ab:67:6a:f0:
                    d9:1e:4a:5c:6c:75:4e:5e:c6:e3:2b:b1:10:e4:68:
                    d2:a8:ef:a6:41:28:27:96:ab:37:dd:24:d6:d4:4f:
                    20:51:59:88:6d:af:da:16:2e:c5:3c:ce:83:1c:87:
                    cb:cf:5f:26:5a:61:d1:c2:0e:52:36:3d:bc:83:41:
                    0c:88:ba:8c:4d:8c:4b:f9:6d:c3:c4:3e:28:93:a1:
                    c5:55:50:90:8c:d7:2c:7d:6a:7e:f7:cc:2c:c9:c2:
                    23:47:cd:95:64:e8:46:10:81:34:99:e0:b7:7b:fc:
                    e4:d2:19:9a:e3:62:53:1f:bf:84:96:e0:8c:82:dd:
                    27:74:e2:68:ff:12:2b:9d:3f:67:df:61:37:41:15:
                    0d:1a:b6:f8:ba:e4:d2:60:c9:00:86:4d:4d:75:60:
                    e6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:59:74:65:A6:B3:56:23:BE:F4:33:42:75:6D:C6:9D:64:78:1B:02
            X509v3 Authority Key Identifier:
                keyid:CC:2E:B5:B3:8B:B6:2E:DE:5C:98:CB:FB:CF:F9:53:28:52:18:05:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zC61s4u2Lt5cmMv7z_lTKFIYBRY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/51l0ZaazViO-9DNCdW3GnWR4GwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/6f0269-834e-47c5-98e1-f1f802e6613b/1/zC61s4u2Lt5cmMv7z_lTKFIYBRY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:e00:19f::/48
                  2a07:e02:41::/48

    Signature Algorithm: sha256WithRSAEncryption
         12:6d:ab:b3:26:60:7e:04:d9:94:61:8a:e2:ec:63:a0:48:54:
         cd:97:c4:2e:eb:8d:0c:87:90:74:8e:f7:12:bc:9f:50:66:3a:
         fe:26:68:9d:c0:f3:a8:77:43:c5:20:3b:d2:e6:1e:4b:58:7a:
         e3:49:69:44:e8:af:fe:58:15:3c:c4:04:94:b6:6d:af:26:5c:
         19:44:97:fe:49:f7:d3:57:04:3e:05:3d:f9:98:96:62:1f:4c:
         01:4e:9b:e1:4e:e8:7a:88:dd:62:cd:30:71:1e:bc:2e:f0:17:
         48:72:06:22:30:b4:64:6e:f8:ca:71:0f:59:3e:c7:c0:a5:c4:
         59:33:20:42:f9:1f:38:7a:ca:fd:b3:62:b8:af:7a:55:1e:3e:
         25:a0:99:83:9f:9f:fe:65:8d:7c:2a:c8:e4:ee:4d:ac:51:52:
         f1:0e:32:c2:c6:db:80:7d:01:c7:89:38:5c:c0:0f:7a:e6:90:
         c9:3b:de:22:3f:da:88:94:eb:eb:d8:bc:0c:32:e3:b1:e1:fd:
         af:9f:d1:07:f5:81:10:d4:02:80:26:02:07:7b:19:cb:a4:cb:
         ca:01:8b:b1:aa:98:d1:26:ca:ae:4f:4c:61:78:20:f4:05:e0:
         2e:80:d1:0c:54:32:a9:db:5b:43:1c:ae:8b:9e:39:66:19:ba:
         f2:cf:f9:04
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhQ5NymZoNRme/0nzVQEAoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjMmViNWIzOGJiNjJlZGU1Yzk4Y2JmYmNmZjk1MzI4NTIx
ODA1MTYwHhcNMjUwMTAxMDk0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzU5NzQ2NWE2YjM1NjIzYmVmNDMzNDI3NTZkYzY5ZDY0NzgxYjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzRPv/6xUkaD3NK4cSO8xpG5uG/sa
8QGxB0ptwQilu0YULrvGhX1+Dapy/0YZrHGnAJfcyRGtrti/dl8desEHDv5X0cC0
0ZKdlds0ZYoE4tF2joWfzAusZb/Ku/pFj6LXfz/ouatnavDZHkpcbHVOXsbjK7EQ
5GjSqO+mQSgnlqs33STW1E8gUVmIba/aFi7FPM6DHIfLz18mWmHRwg5SNj28g0EM
iLqMTYxL+W3DxD4ok6HFVVCQjNcsfWp+98wsycIjR82VZOhGEIE0meC3e/zk0hma
42JTH7+EluCMgt0ndOJo/xIrnT9n32E3QRUNGrb4uuTSYMkAhk1NdWDmbwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOdZdGWms1YjvvQzQnVtxp1keBsCMB8GA1UdIwQY
MBaAFMwutbOLti7eXJjL+8/5UyhSGAUWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEt
ZjFmODAyZTY2MTNiLzEvNTFsMFphYXpWaU8tOUROQ2RXM0duV1I0R3dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC82ZjAyNjktODM0ZS00N2M1LTk4ZTEtZjFmODAyZTY2MTNi
LzEvekM2MXM0dTJMdDVjbU12N3pfbFRLRklZQlJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgcOAAGf
AwcAKgcOAgBBMA0GCSqGSIb3DQEBCwUAA4IBAQASbauzJmB+BNmUYYri7GOgSFTN
l8Qu640Mh5B0jvcSvJ9QZjr+JmidwPOod0PFIDvS5h5LWHrjSWlE6K/+WBU8xASU
tm2vJlwZRJf+SffTVwQ+BT35mJZiH0wBTpvhTuh6iN1izTBxHrwu8BdIcgYiMLRk
bvjKcQ9ZPsfApcRZMyBC+R84esr9s2K4r3pVHj4loJmDn5/+ZY18Ksjk7k2sUVLx
DjLCxtuAfQHHiThcwA965pDJO94iP9qIlOvr2LwMMuOx4f2vn9EH9YEQ1AKAJgIH
exnLpMvKAYuxqpjRJsquT0xheCD0BeAugNEMVDKp21tDHK6LnjlmGbryz/kE
-----END CERTIFICATE-----