Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8EWSiIqWGLF7EDwpw9JxnciGOws.roa
File:                     8EWSiIqWGLF7EDwpw9JxnciGOws.roa (raw, json)
Hash identifier:          iaLCriYQRtSfOJX/TYXwXMfz7RZyF+WUZb/PO6bb8ns=
Subject key identifier:   F0:45:92:88:8A:96:18:B1:7B:10:3C:29:C3:D2:71:9D:C8:86:3B:0B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DAE4176E27BBF5DF259C5BEBA320974DB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8EWSiIqWGLF7EDwpw9JxnciGOws.roa
Signing time:             Thu 15 Feb 2024 19:32:22 +0000
ROA not before:           Thu 15 Feb 2024 19:32:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215492
IP address blocks:        2a0e:97c0:8e0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ae:41:76:e2:7b:bf:5d:f2:59:c5:be:ba:32:09:74:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 15 19:32:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f04592888a9618b17b103c29c3d2719dc8863b0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:02:59:6d:e0:7d:98:54:41:6f:68:f5:05:a5:
                    4d:22:e7:ec:ca:0a:3d:9b:3d:3b:2d:a5:3c:b3:02:
                    cd:13:90:5a:17:00:3e:63:d4:57:50:49:24:98:27:
                    51:36:a2:20:d7:86:39:51:a3:48:80:63:9a:09:f7:
                    9f:a0:18:54:27:62:26:4d:e9:f5:bc:20:0d:36:b6:
                    c1:82:fe:fe:c5:53:2c:0b:4c:f6:7e:82:b4:44:b5:
                    35:21:f5:e7:64:24:98:4f:cb:7c:28:80:21:52:7b:
                    9b:d2:0b:76:d2:f5:1d:6a:a8:d6:26:7f:38:01:0b:
                    29:17:30:d8:4b:dc:7e:76:df:05:5e:c7:49:29:eb:
                    3d:ff:67:ff:dc:7c:dd:4d:5c:ba:0e:6f:d5:79:4d:
                    14:97:43:51:62:9f:68:f6:10:cb:aa:f8:b6:d7:c0:
                    b2:1c:95:9f:2e:b3:74:f3:81:c3:d5:f1:8e:97:4d:
                    ae:76:c8:9a:d1:88:86:94:74:83:11:c2:1a:c5:7b:
                    08:a3:61:86:37:19:9d:60:d6:66:19:02:d9:27:a1:
                    dd:dc:8f:d8:b5:3b:4b:a2:03:e1:66:cb:44:1c:9d:
                    96:13:9a:f2:6d:78:0c:db:25:cd:bf:2d:73:e1:cf:
                    ca:eb:a3:a0:3f:bd:38:37:33:af:9b:5a:14:6a:32:
                    2b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:45:92:88:8A:96:18:B1:7B:10:3C:29:C3:D2:71:9D:C8:86:3B:0B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/8EWSiIqWGLF7EDwpw9JxnciGOws.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:8e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:99:76:8e:1d:13:4a:6f:9f:2c:0e:19:86:68:7b:15:00:23:
         16:dd:14:51:fc:d4:3e:93:83:0a:22:d3:38:01:70:0c:48:6c:
         35:07:10:cc:ed:ef:d3:95:48:16:ed:06:6a:0e:63:76:14:a7:
         cf:95:95:3e:5f:35:25:0c:21:1f:95:0f:9e:e6:1c:37:4d:53:
         82:a2:af:70:7c:4c:be:80:79:34:dc:fa:03:29:cf:ad:b5:d4:
         06:fe:d2:28:fd:25:67:89:98:54:c7:5e:b7:f0:cc:c5:3c:7d:
         9f:f2:d7:05:d6:72:30:52:6b:e9:e3:63:70:bb:2a:2e:9c:0f:
         3e:5b:07:4a:b4:93:2f:99:d8:45:11:30:40:bc:92:c8:5c:39:
         ee:04:de:de:14:92:f5:8d:14:b8:4c:56:55:c4:fe:31:fc:c4:
         1d:fa:6a:93:27:71:62:08:7d:16:79:36:32:ee:16:bb:60:02:
         ab:74:59:0c:f0:68:47:97:5a:31:cc:d1:f8:a8:66:75:9d:b2:
         e4:75:8b:45:f5:ed:b4:6b:85:93:3e:08:19:d5:90:ff:8a:7e:
         18:85:19:8e:b7:b5:0f:a6:7d:0e:c5:4c:05:44:ee:7d:e5:b2:
         aa:d7:83:a3:47:43:9c:57:31:c0:cf:22:34:ad:33:77:1b:71:
         7c:20:aa:00
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2uQXbie79d8lnFvroyCXTbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjE1MTkzMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQ1OTI4ODhhOTYxOGIxN2IxMDNjMjljM2QyNzE5ZGM4ODYzYjBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmwJZbeB9mFRBb2j1BaVNIufsygo9
mz07LaU8swLNE5BaFwA+Y9RXUEkkmCdRNqIg14Y5UaNIgGOaCfefoBhUJ2ImTen1
vCANNrbBgv7+xVMsC0z2foK0RLU1IfXnZCSYT8t8KIAhUnub0gt20vUdaqjWJn84
AQspFzDYS9x+dt8FXsdJKes9/2f/3HzdTVy6Dm/VeU0Ul0NRYp9o9hDLqvi218Cy
HJWfLrN084HD1fGOl02udsia0YiGlHSDEcIaxXsIo2GGNxmdYNZmGQLZJ6Hd3I/Y
tTtLogPhZstEHJ2WE5rybXgM2yXNvy1z4c/K66OgP704NzOvm1oUajIrNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPBFkoiKlhixexA8KcPScZ3IhjsLMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOEVXU2lJcVdHTEY3RUR3cHc5SnhuY2lHT3dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwAjg
MA0GCSqGSIb3DQEBCwUAA4IBAQBrmXaOHRNKb58sDhmGaHsVACMW3RRR/NQ+k4MK
ItM4AXAMSGw1BxDM7e/TlUgW7QZqDmN2FKfPlZU+XzUlDCEflQ+e5hw3TVOCoq9w
fEy+gHk03PoDKc+ttdQG/tIo/SVniZhUx1638MzFPH2f8tcF1nIwUmvp42Nwuyou
nA8+WwdKtJMvmdhFETBAvJLIXDnuBN7eFJL1jRS4TFZVxP4x/MQd+mqTJ3FiCH0W
eTYy7ha7YAKrdFkM8GhHl1oxzNH4qGZ1nbLkdYtF9e20a4WTPggZ1ZD/in4YhRmO
t7UPpn0OxUwFRO595bKq14OjR0OcVzHAzyI0rTN3G3F8IKoA
-----END CERTIFICATE-----