Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7H1fh4GQX7W9643gvOZZ1IGrTsM.roa
File:                     7H1fh4GQX7W9643gvOZZ1IGrTsM.roa (raw, json)
Hash identifier:          fI1KYuUJhFt9EiMW16G9AwYWUpXsHPN1qgWNU0gmQYY=
Subject key identifier:   EC:7D:5F:87:81:90:5F:B5:BD:EB:8D:E0:BC:E6:59:D4:81:AB:4E:C3
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252230D085392B04B63AEDB992654698
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7H1fh4GQX7W9643gvOZZ1IGrTsM.roa
Signing time:             Thu 02 Jan 2025 03:49:45 +0000
ROA not before:           Thu 02 Jan 2025 03:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208717
IP address blocks:        2a0e:b107:220::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:30:d0:85:39:2b:04:b6:3a:ed:b9:92:65:46:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec7d5f8781905fb5bdeb8de0bce659d481ab4ec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:47:d2:2b:9d:f1:7f:73:3b:3c:75:61:ef:92:
                    06:37:95:ab:14:e1:90:84:bd:a8:43:55:d5:6a:6e:
                    4a:fa:86:62:22:75:82:05:4b:64:29:f2:02:cc:48:
                    7d:37:0e:fb:61:1e:a5:e2:ff:84:29:23:e6:4b:0b:
                    91:22:79:f1:ac:34:01:93:26:24:10:47:16:4d:60:
                    d8:39:90:cb:ce:d6:8e:ef:f2:82:76:13:73:18:e0:
                    d0:83:42:37:3d:f2:cf:7f:94:37:06:3e:db:bd:14:
                    bf:15:e8:8f:94:d1:a8:d0:c5:d9:da:4f:45:4d:d5:
                    8b:a8:a1:a3:aa:32:bc:c7:2e:56:b0:a7:03:b3:c1:
                    1b:f8:49:6d:26:5e:74:ca:b6:00:79:07:12:5a:c6:
                    ff:e4:f5:3f:0c:87:cf:48:0a:cc:1e:fd:61:82:79:
                    7f:f7:bc:61:e8:59:fa:43:aa:8d:c4:5e:6d:1b:5c:
                    40:88:b4:ac:ad:12:54:a1:3d:5a:a0:8b:5c:49:a6:
                    64:5c:2b:24:69:66:21:2d:c9:17:fa:08:a6:b4:50:
                    93:f2:6b:c4:0b:3d:a9:43:7a:67:03:bc:e5:da:00:
                    23:a4:73:38:4e:ec:86:f1:04:29:e8:0a:b2:08:66:
                    5e:6b:ce:85:2c:8f:a8:c7:f7:da:79:a4:00:d3:4c:
                    21:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:7D:5F:87:81:90:5F:B5:BD:EB:8D:E0:BC:E6:59:D4:81:AB:4E:C3
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7H1fh4GQX7W9643gvOZZ1IGrTsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:220::/44

    Signature Algorithm: sha256WithRSAEncryption
         67:0a:81:72:bd:01:04:5f:04:6a:fe:d4:04:8d:ec:7f:f8:81:
         36:a0:93:51:70:18:d7:07:9c:d8:51:b9:19:fd:a2:ab:7c:bf:
         3a:06:a5:d3:43:9e:41:fd:5f:0b:3f:9d:92:b1:1f:67:18:81:
         e6:e8:3e:89:f1:00:e2:66:ac:47:62:8c:ff:48:a0:06:95:bc:
         8f:1b:cb:35:55:ab:61:b1:92:38:c7:b8:1b:c5:69:f5:a8:45:
         a4:c9:b1:53:43:1b:f6:bf:8f:16:c7:27:20:a9:6c:fa:a7:de:
         13:eb:c7:0b:bb:5f:04:55:0b:87:a5:11:ca:f7:fd:cd:fc:45:
         cc:c1:88:d4:01:a3:aa:4a:11:40:83:4c:e7:77:9b:31:fa:57:
         f2:a0:d2:64:ed:d7:1d:41:22:76:a3:0a:d5:74:8c:98:01:f5:
         aa:89:6e:60:15:ff:d0:1d:aa:77:d7:69:0b:0e:62:c3:a3:b3:
         fa:42:af:65:4d:d1:d5:32:e3:20:87:e9:66:0e:ca:13:0a:ac:
         f2:c0:2b:f9:5a:bf:12:4f:96:f4:9c:46:6f:12:aa:5c:50:2f:
         4f:7e:1b:a6:58:c1:30:2a:b5:5d:32:67:ec:fe:1e:32:58:0e:
         64:08:51:33:c2:bc:3e:1d:0d:d9:6a:74:4e:61:be:cb:6d:ac:
         14:0b:b4:f7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIjDQhTkrBLY67bmSZUaYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzdkNWY4NzgxOTA1ZmI1YmRlYjhkZTBiY2U2NTlkNDgxYWI0ZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0fSK53xf3M7PHVh75IGN5WrFOGQ
hL2oQ1XVam5K+oZiInWCBUtkKfICzEh9Nw77YR6l4v+EKSPmSwuRInnxrDQBkyYk
EEcWTWDYOZDLztaO7/KCdhNzGODQg0I3PfLPf5Q3Bj7bvRS/FeiPlNGo0MXZ2k9F
TdWLqKGjqjK8xy5WsKcDs8Eb+EltJl50yrYAeQcSWsb/5PU/DIfPSArMHv1hgnl/
97xh6Fn6Q6qNxF5tG1xAiLSsrRJUoT1aoItcSaZkXCskaWYhLckX+gimtFCT8mvE
Cz2pQ3pnA7zl2gAjpHM4TuyG8QQp6AqyCGZea86FLI+ox/faeaQA00whtwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOx9X4eBkF+1veuN4LzmWdSBq07DMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN0gxZmg0R1FYN1c5NjQzZ3ZPWloxSUdyVHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwIg
MA0GCSqGSIb3DQEBCwUAA4IBAQBnCoFyvQEEXwRq/tQEjex/+IE2oJNRcBjXB5zY
UbkZ/aKrfL86BqXTQ55B/V8LP52SsR9nGIHm6D6J8QDiZqxHYoz/SKAGlbyPG8s1
VathsZI4x7gbxWn1qEWkybFTQxv2v48WxycgqWz6p94T68cLu18EVQuHpRHK9/3N
/EXMwYjUAaOqShFAg0znd5sx+lfyoNJk7dcdQSJ2owrVdIyYAfWqiW5gFf/QHap3
12kLDmLDo7P6Qq9lTdHVMuMgh+lmDsoTCqzywCv5Wr8ST5b0nEZvEqpcUC9Pfhum
WMEwKrVdMmfs/h4yWA5kCFEzwrw+HQ3ZanROYb7LbawUC7T3
-----END CERTIFICATE-----