Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1RacMw0Kno4F4E0hDYB7grmsakM.roa
File:                     1RacMw0Kno4F4E0hDYB7grmsakM.roa (raw, json)
Hash identifier:          qj4CvLWxvn2lZy9xxiAz4kTRZbYMV5Mj672REpRjE+g=
Subject key identifier:   D5:16:9C:33:0D:0A:9E:8E:05:E0:4D:21:0D:80:7B:82:B9:AC:6A:43
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425225BA5818EA15C7E5EC9D6681BA62A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1RacMw0Kno4F4E0hDYB7grmsakM.roa
Signing time:             Thu 02 Jan 2025 03:49:56 +0000
ROA not before:           Thu 02 Jan 2025 03:49:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212194
IP address blocks:        2a10:2f00:15f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:5b:a5:81:8e:a1:5c:7e:5e:c9:d6:68:1b:a6:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5169c330d0a9e8e05e04d210d807b82b9ac6a43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:b8:8c:27:3c:96:0e:c6:0b:14:8e:1c:fc:14:
                    b9:35:e8:d9:e4:35:ae:d6:9a:3b:d1:af:f1:d1:7f:
                    cc:12:4b:57:fd:84:df:3a:fd:33:f5:94:35:69:ed:
                    01:a7:f4:a6:4f:e6:9c:c7:ac:09:e4:fd:fa:e6:2a:
                    0b:91:cd:6f:23:80:db:42:21:86:fa:2f:03:37:e6:
                    a4:c1:61:08:34:dd:72:61:0f:78:09:94:81:70:08:
                    da:d2:df:03:95:f7:42:75:1c:86:bb:81:7e:f2:91:
                    5d:c2:0e:de:5e:74:6a:95:8f:6d:c6:44:66:96:52:
                    e3:f6:a4:1d:b2:73:f0:4e:09:ed:84:57:8b:cb:34:
                    7b:e2:9e:c4:a2:a3:1d:5e:2f:5b:0b:aa:6f:97:dd:
                    9e:0e:37:92:06:a4:3a:33:e6:fe:5d:ac:28:10:ee:
                    5a:ca:27:c9:4d:31:35:74:fe:b6:32:04:23:25:f4:
                    4c:5c:4b:df:36:00:4c:6a:7f:df:47:7c:13:d4:23:
                    fb:fa:ce:5a:00:7e:67:42:76:0b:38:8d:93:5a:84:
                    2e:2e:b9:d3:04:08:5b:b8:97:65:35:30:5d:80:e4:
                    cd:bb:0e:ff:c6:89:d9:66:ef:a2:10:c1:9c:de:ea:
                    c7:8d:73:31:9a:1b:0c:43:6e:46:41:76:b8:5c:1a:
                    a4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:16:9C:33:0D:0A:9E:8E:05:E0:4D:21:0D:80:7B:82:B9:AC:6A:43
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/1RacMw0Kno4F4E0hDYB7grmsakM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:15f::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:a9:cd:85:7f:17:c7:0a:9a:20:43:77:8f:62:67:e3:70:4b:
         2d:86:fd:3a:83:fa:f7:62:15:9c:3c:22:e7:9a:5e:99:b5:98:
         74:d9:54:53:56:0c:cc:05:b6:5f:01:b2:e6:82:9f:06:d4:c6:
         bf:9a:de:4f:c7:4b:2b:e0:e0:84:6c:39:42:00:7a:3c:77:25:
         df:77:49:a5:ba:33:5a:b5:84:1a:66:c3:7c:4a:be:f3:2e:55:
         fd:2e:e4:e8:1e:19:da:46:aa:79:69:f9:ae:d8:8b:ba:3b:b8:
         cb:86:ab:c4:2b:73:5c:ff:eb:82:d7:b4:25:a3:72:bf:86:cc:
         a6:30:31:55:cb:c8:31:9b:ab:3c:e9:3c:4d:a1:7e:4e:c1:07:
         28:d6:62:67:13:b5:47:7a:79:47:d8:b9:94:9a:f5:fa:c6:62:
         14:5e:a2:24:96:63:c4:51:88:22:5b:72:16:6e:97:5a:91:9f:
         9f:d6:bd:b1:e0:fe:ca:d0:d0:62:fa:5e:68:9a:78:01:d7:c0:
         3b:7c:79:f3:73:0d:90:c1:f1:59:f7:b8:3f:df:6d:c3:e7:4c:
         c4:12:d4:d6:2a:19:e8:6c:3a:31:5e:e7:3a:32:2f:d9:8c:e9:
         c4:16:56:7e:11:1d:f8:26:0a:ff:cc:eb:d0:c9:3f:7f:b5:59:
         7d:f2:73:9d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIlulgY6hXH5eydZoG6YqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTE2OWMzMzBkMGE5ZThlMDVlMDRkMjEwZDgwN2I4MmI5YWM2YTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4LiMJzyWDsYLFI4c/BS5NejZ5DWu
1po70a/x0X/MEktX/YTfOv0z9ZQ1ae0Bp/SmT+acx6wJ5P365ioLkc1vI4DbQiGG
+i8DN+akwWEINN1yYQ94CZSBcAja0t8DlfdCdRyGu4F+8pFdwg7eXnRqlY9txkRm
llLj9qQdsnPwTgnthFeLyzR74p7EoqMdXi9bC6pvl92eDjeSBqQ6M+b+XawoEO5a
yifJTTE1dP62MgQjJfRMXEvfNgBMan/fR3wT1CP7+s5aAH5nQnYLOI2TWoQuLrnT
BAhbuJdlNTBdgOTNuw7/xonZZu+iEMGc3urHjXMxmhsMQ25GQXa4XBqk5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNUWnDMNCp6OBeBNIQ2Ae4K5rGpDMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvMVJhY013MEtubzRGNEUwaERZQjdncm1zYWtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFf
MA0GCSqGSIb3DQEBCwUAA4IBAQBXqc2FfxfHCpogQ3ePYmfjcEsthv06g/r3YhWc
PCLnml6ZtZh02VRTVgzMBbZfAbLmgp8G1Ma/mt5Px0sr4OCEbDlCAHo8dyXfd0ml
ujNatYQaZsN8Sr7zLlX9LuToHhnaRqp5afmu2Iu6O7jLhqvEK3Nc/+uC17Qlo3K/
hsymMDFVy8gxm6s86TxNoX5OwQco1mJnE7VHenlH2LmUmvX6xmIUXqIklmPEUYgi
W3IWbpdakZ+f1r2x4P7K0NBi+l5omngB18A7fHnzcw2QwfFZ97g/323D50zEEtTW
KhnobDoxXuc6Mi/ZjOnEFlZ+ER34Jgr/zOvQyT9/tVl98nOd
-----END CERTIFICATE-----