Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Fczv3mcWBLzsc6NznHF_YpxZYA.roa
File:                     9Fczv3mcWBLzsc6NznHF_YpxZYA.roa (raw, json)
Hash identifier:          VYw1842kDQNXUK0JixzcthHq9fUtFD3HAdft/PEyrHo=
Subject key identifier:   F4:57:33:BF:79:9C:58:12:F3:B1:CE:8D:CE:71:C5:FD:8A:71:65:80
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425224FD3362DC57369F45A644E8DDD9A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Fczv3mcWBLzsc6NznHF_YpxZYA.roa
Signing time:             Thu 02 Jan 2025 03:49:53 +0000
ROA not before:           Thu 02 Jan 2025 03:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211284
IP address blocks:        2a0e:b107:13e0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:4f:d3:36:2d:c5:73:69:f4:5a:64:4e:8d:dd:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f45733bf799c5812f3b1ce8dce71c5fd8a716580
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:42:c9:8a:b7:f3:cb:0c:42:aa:2a:15:2d:fc:
                    ed:4d:c5:f7:3a:29:7f:8e:ab:23:06:c9:ff:81:30:
                    5d:95:3f:20:4d:57:b4:d5:13:50:06:17:07:63:0e:
                    53:15:f7:e0:1e:6a:c1:58:0b:16:21:79:22:30:eb:
                    af:7a:2d:45:ea:82:24:2b:e9:ba:94:d4:95:16:88:
                    ee:14:b4:ea:23:a1:fc:55:6c:f9:3c:a0:56:98:c3:
                    6f:98:d1:c1:4f:42:e7:ac:a3:34:c2:cb:d7:53:8b:
                    08:ab:26:34:b5:1b:d5:8b:e7:5d:02:1b:ec:6a:02:
                    10:82:45:26:15:6c:b0:87:1d:d3:1a:cb:d4:d9:fd:
                    af:94:63:ad:35:30:ee:22:6e:c2:9c:45:9e:2a:38:
                    60:76:e6:42:af:48:b2:24:8f:2f:fd:9b:4b:be:f5:
                    65:50:7b:76:1c:e4:36:51:89:eb:99:6a:2a:a6:88:
                    b0:b7:ec:da:c5:78:f3:b8:19:ac:34:e6:ef:f0:2d:
                    cc:e3:94:b4:cf:b6:97:c4:3b:e9:bf:4a:35:9e:7e:
                    e2:9a:a7:53:a9:18:71:29:c9:ff:67:67:da:84:0d:
                    65:57:f5:7f:b6:d4:d5:e9:1e:12:18:9f:c3:d1:14:
                    4f:6a:5f:29:5a:24:89:1a:b5:12:28:0f:85:9d:b5:
                    06:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:57:33:BF:79:9C:58:12:F3:B1:CE:8D:CE:71:C5:FD:8A:71:65:80
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/9Fczv3mcWBLzsc6NznHF_YpxZYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:13e0::/44

    Signature Algorithm: sha256WithRSAEncryption
         06:a3:3b:7c:9f:2e:31:99:d9:8a:d7:8e:a7:e6:20:68:94:8b:
         a4:d3:d0:ca:22:fd:42:1a:c5:b9:75:cc:13:96:14:a8:9f:4f:
         f1:01:e1:e6:fd:5c:69:65:da:de:70:8c:0d:9e:e7:ef:ca:df:
         26:d0:93:91:b5:03:69:69:a0:b7:79:27:b5:30:1a:76:75:42:
         0c:2f:b2:85:8e:8c:3d:c0:6c:20:8f:96:b0:20:73:f6:12:5c:
         50:90:a2:90:12:ed:7a:45:50:39:f2:77:57:31:bf:ed:4c:90:
         85:a6:71:1e:f1:b8:64:67:08:8b:06:a5:c6:c9:2e:47:2d:4c:
         b5:98:46:f6:4c:55:e9:42:82:9e:8c:16:ec:44:d9:55:1f:58:
         5d:e7:41:db:5d:ea:84:1d:45:84:70:08:af:18:ec:dd:ee:67:
         41:66:d6:79:de:41:2b:d2:2b:8e:c6:d0:b0:79:e6:ca:3a:2e:
         44:c2:ed:88:aa:67:e5:80:4f:62:13:b2:e6:fa:1b:d9:ce:48:
         bf:dc:69:cf:be:24:07:ae:e0:ef:47:06:ce:05:25:c8:74:78:
         ac:31:cb:75:70:d4:3e:5a:01:6d:b0:54:7b:a9:87:20:41:4d:
         2d:b1:c9:7d:be:e7:46:79:90:76:c6:8d:3f:61:9d:11:df:77:
         5d:ec:0a:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIk/TNi3Fc2n0WmROjd2aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDU3MzNiZjc5OWM1ODEyZjNiMWNlOGRjZTcxYzVmZDhhNzE2NTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkLJirfzywxCqioVLfztTcX3Oil/
jqsjBsn/gTBdlT8gTVe01RNQBhcHYw5TFffgHmrBWAsWIXkiMOuvei1F6oIkK+m6
lNSVFojuFLTqI6H8VWz5PKBWmMNvmNHBT0LnrKM0wsvXU4sIqyY0tRvVi+ddAhvs
agIQgkUmFWywhx3TGsvU2f2vlGOtNTDuIm7CnEWeKjhgduZCr0iyJI8v/ZtLvvVl
UHt2HOQ2UYnrmWoqpoiwt+zaxXjzuBmsNObv8C3M45S0z7aXxDvpv0o1nn7imqdT
qRhxKcn/Z2fahA1lV/V/ttTV6R4SGJ/D0RRPal8pWiSJGrUSKA+FnbUGNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPRXM795nFgS87HOjc5xxf2KcWWAMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvOUZjenYzbWNXQkx6c2M2TnpuSEZfWXB4WllBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxPg
MA0GCSqGSIb3DQEBCwUAA4IBAQAGozt8ny4xmdmK146n5iBolIuk09DKIv1CGsW5
dcwTlhSon0/xAeHm/VxpZdrecIwNnufvyt8m0JORtQNpaaC3eSe1MBp2dUIML7KF
jow9wGwgj5awIHP2ElxQkKKQEu16RVA58ndXMb/tTJCFpnEe8bhkZwiLBqXGyS5H
LUy1mEb2TFXpQoKejBbsRNlVH1hd50HbXeqEHUWEcAivGOzd7mdBZtZ53kEr0iuO
xtCweebKOi5Ewu2IqmflgE9iE7Lm+hvZzki/3GnPviQHruDvRwbOBSXIdHisMct1
cNQ+WgFtsFR7qYcgQU0tscl9vudGeZB2xo0/YZ0R33dd7ArU
-----END CERTIFICATE-----