Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7F5qeh919eExQwFbm-w1EaqUst0.roa
File:                     7F5qeh919eExQwFbm-w1EaqUst0.roa (raw, json)
Hash identifier:          ZGTYNPwBVYnc70EKud9FJ83l4zWHCLjBURr5v4i3NkY=
Subject key identifier:   EC:5E:6A:7A:1F:75:F5:E1:31:43:01:5B:9B:EC:35:11:AA:94:B2:DD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425224524C13EC6D907FACA3E5570B750
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7F5qeh919eExQwFbm-w1EaqUst0.roa
Signing time:             Thu 02 Jan 2025 03:49:50 +0000
ROA not before:           Thu 02 Jan 2025 03:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210836
IP address blocks:        2a0e:97c0:750::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:45:24:c1:3e:c6:d9:07:fa:ca:3e:55:70:b7:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec5e6a7a1f75f5e13143015b9bec3511aa94b2dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:15:37:dd:c0:b4:4d:30:c4:7e:8f:67:d5:ed:
                    20:b3:a1:ca:9d:74:82:26:8d:63:5c:39:d7:64:b6:
                    91:85:17:1e:1b:e9:67:c6:3f:d3:4c:78:24:e4:56:
                    fc:51:ca:ff:bf:82:6e:36:09:24:1e:42:63:ad:ac:
                    b1:92:32:56:6e:88:31:b8:f2:9c:9b:a2:52:08:a8:
                    e7:98:64:41:0b:6e:4a:a7:5b:cb:9a:df:97:ff:ff:
                    02:7d:7f:07:c4:e0:6e:3d:8e:ba:d1:3d:3a:fe:6b:
                    a4:f4:70:64:0c:0d:74:c6:f9:d1:34:b5:b0:f0:e8:
                    50:25:69:0f:ae:6c:48:9a:67:cd:49:39:dd:8c:9d:
                    79:fd:b1:ca:ea:70:e0:f1:62:ac:1d:8d:74:08:01:
                    fb:df:16:a4:83:9a:83:6b:4e:57:2b:f3:54:a9:9d:
                    7d:1f:48:30:1f:e4:a3:9e:39:93:24:d4:8e:56:0b:
                    56:a1:2c:51:d2:d1:45:a1:34:fe:fb:23:e4:02:a7:
                    d6:07:ef:5d:a1:bc:16:80:ba:9b:57:d8:08:ea:4c:
                    3c:d3:7b:3f:30:9e:8a:47:c4:08:d6:c2:75:6a:f1:
                    f4:87:b5:05:8c:95:19:bd:23:70:96:7d:c8:d8:af:
                    c1:39:ee:08:e2:b9:d4:d1:6d:15:1b:21:35:6b:55:
                    55:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:5E:6A:7A:1F:75:F5:E1:31:43:01:5B:9B:EC:35:11:AA:94:B2:DD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7F5qeh919eExQwFbm-w1EaqUst0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:750::/44

    Signature Algorithm: sha256WithRSAEncryption
         52:8d:d5:af:03:d5:4b:26:12:4a:00:0e:0c:b9:87:56:96:c9:
         59:22:44:3d:c1:69:1f:d7:28:af:1f:a2:8b:be:c6:50:7f:5c:
         95:7a:dc:13:f8:51:9c:22:00:9e:0d:cf:9d:fe:e0:4d:be:c7:
         07:9c:35:98:d0:1e:30:9f:2b:72:3d:1f:1e:60:96:3f:3b:94:
         fc:95:70:3b:04:b3:97:c8:ff:69:c0:36:29:4f:23:3a:8f:ad:
         bc:39:e1:54:cb:6d:ae:f5:82:87:f3:de:77:83:8c:d8:37:e4:
         7c:8e:e4:60:64:1c:c8:4d:52:94:95:dd:2d:f7:fc:88:82:44:
         8f:99:34:14:b6:7f:db:2c:18:9c:2c:8f:7b:f6:b6:7b:d4:ba:
         ff:3e:01:e4:d0:e8:d3:bf:91:65:81:84:79:81:f9:9b:a9:f7:
         68:56:28:45:88:cc:d2:5d:1a:38:c1:4b:b7:f1:23:f9:26:f5:
         77:b3:e7:ab:3f:2b:d4:0f:25:ab:5d:da:42:6d:a4:d2:d3:21:
         11:a0:59:a9:7f:d3:02:26:17:8b:11:20:c4:78:ec:a0:0f:1c:
         58:cf:2d:18:3f:fd:ad:c6:33:15:74:16:43:86:5c:93:9c:25:
         47:75:11:40:dc:d5:70:6b:93:89:6b:8c:fb:93:98:42:35:18:
         77:bf:50:9d
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkUkwT7G2Qf6yj5VcLdQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzVlNmE3YTFmNzVmNWUxMzE0MzAxNWI5YmVjMzUxMWFhOTRiMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwxU33cC0TTDEfo9n1e0gs6HKnXSC
Jo1jXDnXZLaRhRceG+lnxj/TTHgk5Fb8Ucr/v4JuNgkkHkJjrayxkjJWbogxuPKc
m6JSCKjnmGRBC25Kp1vLmt+X//8CfX8HxOBuPY660T06/muk9HBkDA10xvnRNLWw
8OhQJWkPrmxImmfNSTndjJ15/bHK6nDg8WKsHY10CAH73xakg5qDa05XK/NUqZ19
H0gwH+SjnjmTJNSOVgtWoSxR0tFFoTT++yPkAqfWB+9dobwWgLqbV9gI6kw803s/
MJ6KR8QI1sJ1avH0h7UFjJUZvSNwln3I2K/BOe4I4rnU0W0VGyE1a1VVXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOxeanofdfXhMUMBW5vsNRGqlLLdMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN0Y1cWVoOTE5ZUV4UXdGYm0tdzFFYXFVc3QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAdQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBSjdWvA9VLJhJKAA4MuYdWlslZIkQ9wWkf1yiv
H6KLvsZQf1yVetwT+FGcIgCeDc+d/uBNvscHnDWY0B4wnytyPR8eYJY/O5T8lXA7
BLOXyP9pwDYpTyM6j628OeFUy22u9YKH8953g4zYN+R8juRgZBzITVKUld0t9/yI
gkSPmTQUtn/bLBicLI979rZ71Lr/PgHk0OjTv5FlgYR5gfmbqfdoVihFiMzSXRo4
wUu38SP5JvV3s+erPyvUDyWrXdpCbaTS0yERoFmpf9MCJheLESDEeOygDxxYzy0Y
P/2txjMVdBZDhlyTnCVHdRFA3NVwa5OJa4z7k5hCNRh3v1Cd
-----END CERTIFICATE-----