Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7sx6XrK1OQY-O7ZhHvLS2DHcYaQ.roa
File:                     7sx6XrK1OQY-O7ZhHvLS2DHcYaQ.roa (raw, json)
Hash identifier:          u78BaAJU8OG5iGYVtALP6zICIG+1ipJMTDFIQ49Mwcg=
Subject key identifier:   EE:CC:7A:5E:B2:B5:39:06:3E:3B:B6:61:1E:F2:D2:D8:31:DC:61:A4
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCCD1B747196139A8519A9958D0CBA
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7sx6XrK1OQY-O7ZhHvLS2DHcYaQ.roa
Signing time:             Tue 02 Jan 2024 10:34:02 +0000
ROA not before:           Tue 02 Jan 2024 10:34:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47422
IP address blocks:        2a0e:b107:620::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:cd:1b:74:71:96:13:9a:85:19:a9:95:8d:0c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eecc7a5eb2b539063e3bb6611ef2d2d831dc61a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7c:82:ec:96:f9:f5:a1:ce:45:23:e6:b8:56:
                    84:83:c1:36:a0:4e:8d:27:40:d9:a7:22:b3:e1:ee:
                    4e:f7:80:a8:df:78:72:74:f9:58:f7:1e:1b:33:6b:
                    fe:eb:3d:a1:5e:01:b3:e7:6e:71:90:0d:5b:84:44:
                    10:9f:c0:69:b8:cd:78:d6:d7:87:c6:6a:f1:b6:de:
                    0e:b4:99:c7:54:0a:e1:3f:cc:0b:b4:2e:32:c1:43:
                    80:94:45:24:3f:f4:81:d5:7d:30:ec:f4:58:53:a9:
                    86:32:01:a6:bb:7a:0a:65:93:9f:8f:b2:dd:b1:88:
                    c8:bd:0c:3a:59:ab:d1:1b:70:14:d8:0c:5e:8b:95:
                    20:d4:bd:4c:53:84:b6:ba:71:cc:a9:c8:1f:0c:9b:
                    9e:0d:c8:8f:6f:6e:7e:6d:f2:35:f3:10:eb:70:f6:
                    e2:e9:0b:27:cb:e5:91:c3:e6:d3:02:2b:27:e3:2b:
                    c3:03:0f:2f:1e:60:14:15:36:3e:67:3c:ff:d5:47:
                    6f:c4:44:b6:49:42:a5:a3:37:59:6b:f0:eb:e3:48:
                    6f:cb:fe:f0:14:bd:7f:ee:cf:66:c6:18:18:2e:b4:
                    82:d9:8e:98:fd:e7:88:8b:ec:15:ea:af:5b:c0:d6:
                    73:93:68:b2:1d:c1:a1:a1:de:10:ab:04:ef:11:33:
                    cf:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:CC:7A:5E:B2:B5:39:06:3E:3B:B6:61:1E:F2:D2:D8:31:DC:61:A4
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/7sx6XrK1OQY-O7ZhHvLS2DHcYaQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:620::/44

    Signature Algorithm: sha256WithRSAEncryption
         57:a2:e3:73:3e:6c:de:d4:82:02:36:2d:39:15:37:a8:24:c6:
         b0:8d:ba:c9:99:7e:d8:7b:48:a5:0a:c4:4b:1f:80:c9:64:27:
         23:9c:f2:3a:e3:cc:8a:4a:1e:0e:54:b3:d5:40:35:0b:ee:b3:
         86:ed:bb:12:70:e8:32:80:6b:75:ce:2a:ae:ab:65:3a:6a:1c:
         a8:81:70:1a:35:c5:2f:5f:47:39:57:df:e6:ac:37:8f:f8:0a:
         39:22:5a:70:40:4d:e0:6c:11:e2:98:34:18:d7:55:2d:50:07:
         a2:25:43:49:59:8d:7b:a4:65:1f:8e:56:26:5f:a3:32:95:69:
         44:74:8e:43:90:8a:4f:59:1d:7c:bc:3c:c8:e4:59:c7:26:23:
         3b:77:88:6b:4e:93:b7:12:ee:28:7a:20:d2:6b:3b:c0:88:5d:
         50:b9:91:76:65:12:e8:6a:8d:74:65:d6:32:9e:22:ad:85:b0:
         39:0c:e1:84:59:f5:2c:5c:84:30:a7:17:ac:ed:76:c7:8d:78:
         21:8f:7f:81:db:a1:99:b0:eb:03:cf:7c:54:24:4c:cf:20:26:
         27:02:2e:0e:8f:a7:e9:df:e9:9c:29:27:19:20:e5:58:f4:b4:
         c6:33:b6:12:e1:9a:13:4f:41:ef:c6:56:d3:2d:79:8e:6a:53:
         2d:d0:6c:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvM0bdHGWE5qFGamVjQy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWNjN2E1ZWIyYjUzOTA2M2UzYmI2NjExZWYyZDJkODMxZGM2MWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXyC7Jb59aHORSPmuFaEg8E2oE6N
J0DZpyKz4e5O94Co33hydPlY9x4bM2v+6z2hXgGz525xkA1bhEQQn8BpuM141teH
xmrxtt4OtJnHVArhP8wLtC4ywUOAlEUkP/SB1X0w7PRYU6mGMgGmu3oKZZOfj7Ld
sYjIvQw6WavRG3AU2Axei5Ug1L1MU4S2unHMqcgfDJueDciPb25+bfI18xDrcPbi
6Qsny+WRw+bTAisn4yvDAw8vHmAUFTY+Zzz/1UdvxES2SUKlozdZa/Dr40hvy/7w
FL1/7s9mxhgYLrSC2Y6Y/eeIi+wV6q9bwNZzk2iyHcGhod4QqwTvETPPeQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFO7Mel6ytTkGPju2YR7y0tgx3GGkMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvN3N4NlhySzFPUVktTzdaaEh2TFMyREhjWWFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBwYg
MA0GCSqGSIb3DQEBCwUAA4IBAQBXouNzPmze1IICNi05FTeoJMawjbrJmX7Ye0il
CsRLH4DJZCcjnPI648yKSh4OVLPVQDUL7rOG7bsScOgygGt1ziquq2U6ahyogXAa
NcUvX0c5V9/mrDeP+Ao5IlpwQE3gbBHimDQY11UtUAeiJUNJWY17pGUfjlYmX6My
lWlEdI5DkIpPWR18vDzI5FnHJiM7d4hrTpO3Eu4oeiDSazvAiF1QuZF2ZRLoao10
ZdYyniKthbA5DOGEWfUsXIQwpxes7XbHjXghj3+B26GZsOsDz3xUJEzPICYnAi4O
j6fp3+mcKScZIOVY9LTGM7YS4ZoTT0HvxlbTLXmOalMt0Gw+
-----END CERTIFICATE-----