Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/A3hdvO_BYUNG1VkNGJTwZPjk2lc.roa
File:                     A3hdvO_BYUNG1VkNGJTwZPjk2lc.roa (raw, json)
Hash identifier:          gbVOg/ct/Ak81BimaIiqSk2jNxtPmzmkCDjwO/k9DoE=
Subject key identifier:   03:78:5D:BC:EF:C1:61:43:46:D5:59:0D:18:94:F0:64:F8:E4:DA:57
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DE2B7BCC51C29D299CC7423895A9C12F9
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/A3hdvO_BYUNG1VkNGJTwZPjk2lc.roa
Signing time:             Mon 26 Feb 2024 00:01:48 +0000
ROA not before:           Mon 26 Feb 2024 00:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204268
IP address blocks:        2a0e:b107:1fa0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:e2:b7:bc:c5:1c:29:d2:99:cc:74:23:89:5a:9c:12:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 26 00:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=03785dbcefc1614346d5590d1894f064f8e4da57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:c2:b6:55:1c:1a:d3:ea:a6:a2:e7:79:03:14:
                    77:97:34:d7:1c:d6:15:6e:96:4a:7e:6d:85:0f:24:
                    5d:ea:d2:9c:73:90:32:61:9b:0c:df:07:7e:d2:06:
                    be:fa:48:d2:dd:65:b6:e4:77:db:53:d6:ef:05:f0:
                    15:26:44:29:7b:d9:67:69:14:93:d2:02:3b:89:c3:
                    2f:1b:5a:0e:c6:2d:6c:7f:7f:8d:b0:a3:3f:b4:30:
                    54:62:89:c9:30:b4:65:7f:bd:54:c6:5c:81:41:5c:
                    c9:69:b0:76:46:ea:96:63:ca:b1:27:92:41:c9:58:
                    2b:be:d3:c1:4a:72:91:1b:14:03:69:11:35:11:6c:
                    f3:fd:3e:8d:b4:eb:95:77:58:96:cb:75:c2:8d:4c:
                    a9:4b:a9:54:58:08:8e:21:08:d8:30:cb:b4:d5:a9:
                    dd:21:01:6e:fb:21:65:78:0c:03:b2:e1:17:c1:a3:
                    7c:42:a1:b0:7e:ab:f3:6a:6b:bf:da:c9:c8:52:83:
                    59:3a:5d:6d:bd:59:8a:81:79:ad:a1:00:99:8d:02:
                    01:da:fb:1b:ad:ce:a5:0f:4f:50:05:d9:5f:24:50:
                    33:c4:47:1d:c2:6a:12:4a:6a:27:6c:f6:69:a9:db:
                    cc:76:a9:72:d4:16:83:1a:61:18:78:9b:9a:83:a9:
                    60:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:78:5D:BC:EF:C1:61:43:46:D5:59:0D:18:94:F0:64:F8:E4:DA:57
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/A3hdvO_BYUNG1VkNGJTwZPjk2lc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1fa0::/44

    Signature Algorithm: sha256WithRSAEncryption
         50:43:ec:58:b1:9d:fc:6c:3c:b6:d0:e1:95:43:6d:9d:d4:b7:
         b9:b9:6a:66:7c:6b:84:c5:41:ca:76:04:80:d6:1d:a6:97:28:
         45:07:a2:d4:0a:87:cb:9a:25:c1:61:31:34:52:ad:c2:bb:84:
         fe:07:6a:e8:a3:5c:89:59:f3:39:41:aa:5b:13:d4:6b:a0:89:
         a0:31:0c:2a:25:f3:89:ee:a3:43:8c:83:d0:df:6a:de:11:69:
         a0:50:79:4b:da:fc:50:6b:90:7f:37:06:1c:5f:67:d3:c3:49:
         98:84:57:a5:f6:a7:2b:71:61:b1:05:83:9b:5f:0c:62:f4:e5:
         ff:d0:a6:cd:c1:39:bf:d4:3c:0e:8b:af:77:3c:6a:93:6e:c6:
         64:ea:ed:02:dc:37:93:30:2f:10:ce:70:3f:bc:68:3b:51:f1:
         e0:17:2d:94:de:56:52:f0:50:4f:82:84:0d:7f:d4:fd:0a:28:
         95:45:d0:40:f1:58:54:44:45:9f:1f:32:45:98:3a:16:9f:5a:
         63:48:d3:c0:7b:be:4f:77:f6:3a:76:8b:6c:ae:c0:c7:fc:43:
         45:d4:cc:66:f1:ac:85:4d:ab:2f:67:5f:50:db:44:aa:dd:63:
         87:85:b3:32:1b:dc:7c:19:ad:24:2f:f6:a0:80:61:47:85:7b:
         60:79:b9:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3it7zFHCnSmcx0I4lanBL5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjI2MDAwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzc4NWRiY2VmYzE2MTQzNDZkNTU5MGQxODk0ZjA2NGY4ZTRkYTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAicK2VRwa0+qmoud5AxR3lzTXHNYV
bpZKfm2FDyRd6tKcc5AyYZsM3wd+0ga++kjS3WW25HfbU9bvBfAVJkQpe9lnaRST
0gI7icMvG1oOxi1sf3+NsKM/tDBUYonJMLRlf71UxlyBQVzJabB2RuqWY8qxJ5JB
yVgrvtPBSnKRGxQDaRE1EWzz/T6NtOuVd1iWy3XCjUypS6lUWAiOIQjYMMu01and
IQFu+yFleAwDsuEXwaN8QqGwfqvzamu/2snIUoNZOl1tvVmKgXmtoQCZjQIB2vsb
rc6lD09QBdlfJFAzxEcdwmoSSmonbPZpqdvMdqly1BaDGmEYeJuag6lgEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAN4XbzvwWFDRtVZDRiU8GT45NpXMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQTNoZHZPX0JZVU5HMVZrTkdKVHdaUGprMmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBx+g
MA0GCSqGSIb3DQEBCwUAA4IBAQBQQ+xYsZ38bDy20OGVQ22d1Le5uWpmfGuExUHK
dgSA1h2mlyhFB6LUCofLmiXBYTE0Uq3Cu4T+B2roo1yJWfM5QapbE9RroImgMQwq
JfOJ7qNDjIPQ32reEWmgUHlL2vxQa5B/NwYcX2fTw0mYhFel9qcrcWGxBYObXwxi
9OX/0KbNwTm/1DwOi693PGqTbsZk6u0C3DeTMC8QznA/vGg7UfHgFy2U3lZS8FBP
goQNf9T9CiiVRdBA8VhUREWfHzJFmDoWn1pjSNPAe75Pd/Y6dotsrsDH/ENF1Mxm
8ayFTasvZ19Q20Sq3WOHhbMyG9x8Ga0kL/aggGFHhXtgeblg
-----END CERTIFICATE-----