Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5lS2Fdd8_rffKP51R8domm7ylYA.roa
File:                     5lS2Fdd8_rffKP51R8domm7ylYA.roa (raw, json)
Hash identifier:          iyvR8KY3yxE9jhtdFlPICVLrZt7qbNGMbSveYWus3JI=
Subject key identifier:   E6:54:B6:15:D7:7C:FE:B7:DF:28:FE:75:47:C7:68:9A:6E:F2:95:80
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252273443395659C5FB24924529BCBE9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5lS2Fdd8_rffKP51R8domm7ylYA.roa
Signing time:             Thu 02 Jan 2025 03:50:02 +0000
ROA not before:           Thu 02 Jan 2025 03:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213372
IP address blocks:        2a0e:b107:8e0::/44 maxlen: 48
                          2a10:2f00:128::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:73:44:33:95:65:9c:5f:b2:49:24:52:9b:cb:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e654b615d77cfeb7df28fe7547c7689a6ef29580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ba:76:f5:7a:fb:55:91:1f:83:39:42:f7:e1:
                    0c:fc:42:12:76:4d:8e:c9:bb:9b:1b:85:d0:58:f2:
                    92:43:ac:0d:4d:27:96:a3:19:2e:8a:2c:d7:df:1f:
                    3a:2f:a4:f4:95:e7:62:18:97:5f:84:4a:43:16:0b:
                    b5:9c:07:a8:32:89:48:8c:82:40:58:df:f0:1e:24:
                    03:6d:03:47:4e:42:0a:93:37:71:f1:e1:76:cd:5a:
                    4e:71:19:1e:28:80:74:25:23:28:ea:3e:27:74:19:
                    28:6b:3f:7c:31:a4:ad:35:00:a8:b3:ef:a2:46:1a:
                    2c:a2:f6:82:0a:85:23:f4:ca:d2:f3:21:83:13:87:
                    3c:0d:1f:63:d2:e9:df:34:4d:ae:0a:d9:3e:9e:0e:
                    7d:99:ff:a9:51:56:74:3b:2a:9c:25:54:f4:f4:64:
                    e3:67:67:24:66:5b:71:84:e9:5b:21:60:b3:7a:d7:
                    01:6f:ee:c6:18:01:81:ae:47:b9:fc:e8:05:53:52:
                    31:54:b4:c1:56:a2:8a:69:78:86:4f:b2:b3:09:9d:
                    27:6c:52:4b:04:76:17:38:93:7f:17:8f:1e:45:36:
                    e3:c7:46:c1:d1:5e:66:5c:75:73:68:16:50:73:fc:
                    26:dd:a2:74:07:b1:6f:82:4b:94:50:4e:9a:b0:ac:
                    ed:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:54:B6:15:D7:7C:FE:B7:DF:28:FE:75:47:C7:68:9A:6E:F2:95:80
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/5lS2Fdd8_rffKP51R8domm7ylYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:8e0::/44
                  2a10:2f00:128::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:9c:1e:ad:de:96:fc:12:f9:36:36:36:5d:70:d5:51:b3:5f:
         60:42:7f:80:1d:0a:59:31:ea:a0:7d:62:d2:10:67:a0:2d:f7:
         1e:79:2f:02:3a:ec:0f:e5:a2:c6:3c:f8:4a:15:8c:c8:97:ab:
         0d:75:16:12:b0:d2:aa:67:4c:6c:95:85:e6:11:6e:e9:d3:6a:
         3a:58:59:c0:56:ca:44:29:a0:ff:82:0c:b6:73:d1:5f:80:05:
         9b:1a:3a:24:9f:e4:84:f4:90:de:a9:ac:ca:1a:b7:8c:de:b7:
         de:ca:14:6a:91:d3:e2:a4:16:82:a2:1e:e8:c6:bf:ad:43:08:
         03:82:15:72:d9:2a:80:33:b9:f5:0b:17:04:2c:57:af:f6:b2:
         ec:2f:9d:c5:31:2b:9c:07:3c:74:ef:ef:6d:85:a7:87:5e:d3:
         2b:2b:87:ef:4a:84:c1:99:dd:eb:51:bf:14:c6:46:45:bc:15:
         3e:b7:d9:11:5d:8e:6e:87:33:82:60:b9:3f:27:e2:eb:80:7d:
         05:a5:45:0e:33:71:f8:5f:8d:65:19:0c:07:bc:48:0b:1c:f8:
         a2:40:a5:f8:37:3f:66:af:0e:c0:52:d5:f8:6f:6a:fc:5f:8c:
         cb:3d:9d:9f:2a:9d:a4:ff:99:95:09:53:10:25:13:59:45:9c:
         60:85:08:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlInNEM5VlnF+ySSRSm8vpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjU0YjYxNWQ3N2NmZWI3ZGYyOGZlNzU0N2M3Njg5YTZlZjI5NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrp29Xr7VZEfgzlC9+EM/EISdk2O
ybubG4XQWPKSQ6wNTSeWoxkuiizX3x86L6T0lediGJdfhEpDFgu1nAeoMolIjIJA
WN/wHiQDbQNHTkIKkzdx8eF2zVpOcRkeKIB0JSMo6j4ndBkoaz98MaStNQCos++i
RhosovaCCoUj9MrS8yGDE4c8DR9j0unfNE2uCtk+ng59mf+pUVZ0OyqcJVT09GTj
Z2ckZltxhOlbIWCzetcBb+7GGAGBrke5/OgFU1IxVLTBVqKKaXiGT7KzCZ0nbFJL
BHYXOJN/F48eRTbjx0bB0V5mXHVzaBZQc/wm3aJ0B7FvgkuUUE6asKztnwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOZUthXXfP633yj+dUfHaJpu8pWAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvNWxTMkZkZDhfcmZmS1A1MVI4ZG9tbTd5bFlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBwjg
AwcAKhAvAAEoMA0GCSqGSIb3DQEBCwUAA4IBAQBsnB6t3pb8Evk2NjZdcNVRs19g
Qn+AHQpZMeqgfWLSEGegLfceeS8COuwP5aLGPPhKFYzIl6sNdRYSsNKqZ0xslYXm
EW7p02o6WFnAVspEKaD/ggy2c9FfgAWbGjokn+SE9JDeqazKGreM3rfeyhRqkdPi
pBaCoh7oxr+tQwgDghVy2SqAM7n1CxcELFev9rLsL53FMSucBzx07+9thaeHXtMr
K4fvSoTBmd3rUb8UxkZFvBU+t9kRXY5uhzOCYLk/J+LrgH0FpUUOM3H4X41lGQwH
vEgLHPiiQKX4Nz9mrw7AUtX4b2r8X4zLPZ2fKp2k/5mVCVMQJRNZRZxghQh3
-----END CERTIFICATE-----