Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Bw5tdFHxvHze-3B482aMPGIaAI0.roa
File:                     Bw5tdFHxvHze-3B482aMPGIaAI0.roa (raw, json)
Hash identifier:          eO0tX32tvqYREmuWJH8BPrpystlTpfU5zlqvlNERjXA=
Subject key identifier:   07:0E:6D:74:51:F1:BC:7C:DE:FB:70:78:F3:66:8C:3C:62:1A:00:8D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190B0B81E9BBDCD8725CCD76DDA01FA9434
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Bw5tdFHxvHze-3B482aMPGIaAI0.roa
Signing time:             Sun 14 Jul 2024 10:09:34 +0000
ROA not before:           Sun 14 Jul 2024 10:09:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212948
IP address blocks:        2a0e:b107:27a0::/45 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:b0:b8:1e:9b:bd:cd:87:25:cc:d7:6d:da:01:fa:94:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 14 10:09:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=070e6d7451f1bc7cdefb7078f3668c3c621a008d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:97:d0:15:6b:af:49:5a:9b:5d:2c:a3:b8:c0:
                    10:ea:3c:5d:3c:bc:df:c1:18:4a:17:a5:a7:54:9a:
                    d0:11:33:74:8c:ce:33:e7:34:1d:64:ec:4e:7f:58:
                    7a:af:6c:7a:60:71:26:ae:aa:d0:cd:6e:52:16:46:
                    c4:8b:36:ea:6a:d8:0c:46:ad:c8:ee:b7:0a:58:9c:
                    bc:f2:2f:0f:2b:aa:a7:f0:e8:a8:0b:b0:7e:11:e7:
                    5f:95:44:b0:65:37:71:11:31:03:b7:60:4f:ad:32:
                    7f:cb:f5:1e:d6:2b:29:17:74:70:7a:21:ed:a6:f1:
                    9c:3c:6c:d8:0e:90:04:2f:29:94:e0:3f:1a:9c:a3:
                    4c:b4:21:fe:3a:91:9e:1c:a7:4f:a7:7a:85:d0:72:
                    44:bf:46:1e:2c:3e:05:7f:05:ef:d7:f8:b1:a1:63:
                    ea:e5:35:33:e6:1b:e8:66:33:61:95:88:3f:03:5e:
                    d6:76:1d:15:0c:19:d7:36:f3:05:a5:94:51:88:8e:
                    69:22:38:5b:e6:a5:e9:a4:8b:dc:c5:12:e2:58:37:
                    d8:ef:37:8b:f8:02:76:84:37:91:ee:a7:c5:c4:64:
                    16:e9:6f:e4:8c:aa:85:cd:70:00:b2:11:f6:a1:f2:
                    bd:11:2a:65:62:7f:1b:57:f7:1f:3a:5d:43:fd:06:
                    ca:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:0E:6D:74:51:F1:BC:7C:DE:FB:70:78:F3:66:8C:3C:62:1A:00:8D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Bw5tdFHxvHze-3B482aMPGIaAI0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:27a0::/45

    Signature Algorithm: sha256WithRSAEncryption
         63:a2:b2:bb:ff:4d:e2:3b:f7:8f:c4:20:d5:55:44:1d:ad:3f:
         b1:4a:ab:f2:e3:72:95:bb:55:e0:2d:73:10:d8:c6:a3:dd:92:
         60:c9:51:24:58:b4:f3:6f:44:bf:28:1b:d8:3c:19:ed:94:46:
         4b:e6:12:2d:e0:84:e1:75:92:f2:03:b2:34:04:dd:36:2e:00:
         db:b4:08:22:9f:60:93:4d:68:71:b8:ba:5e:88:77:cd:02:f0:
         e4:03:95:7c:58:af:da:2b:bc:cc:73:d8:1e:a4:2a:08:8a:fc:
         0b:53:01:9c:a1:35:b6:b1:3d:22:5d:d8:c2:b5:c2:62:a9:b4:
         97:3e:da:2d:f5:05:c9:71:ec:d6:d2:e7:16:2d:6a:e9:3d:ee:
         11:cf:eb:4d:ef:79:b9:47:28:bb:8c:f2:29:44:86:92:51:b5:
         cc:72:f2:68:93:44:bf:12:b0:45:29:f5:bb:73:bd:8e:56:79:
         ea:e3:0a:cd:bc:94:4c:6f:9a:5f:7b:0f:79:cd:bf:52:07:4c:
         0c:ce:2d:35:e9:60:12:09:38:4d:21:ee:96:4c:f0:ee:53:b9:
         df:da:46:1f:83:af:3d:88:a0:10:16:f7:33:fb:07:87:68:19:
         6c:c0:a2:21:ea:5d:fa:01:74:85:bd:9a:78:0b:e6:1e:44:78:
         d8:b3:d5:22
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZCwuB6bvc2HJczXbdoB+pQ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNzE0MTAwOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzBlNmQ3NDUxZjFiYzdjZGVmYjcwNzhmMzY2OGMzYzYyMWEwMDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmJfQFWuvSVqbXSyjuMAQ6jxdPLzf
wRhKF6WnVJrQETN0jM4z5zQdZOxOf1h6r2x6YHEmrqrQzW5SFkbEizbqatgMRq3I
7rcKWJy88i8PK6qn8OioC7B+EedflUSwZTdxETEDt2BPrTJ/y/Ue1ispF3RweiHt
pvGcPGzYDpAELymU4D8anKNMtCH+OpGeHKdPp3qF0HJEv0YeLD4FfwXv1/ixoWPq
5TUz5hvoZjNhlYg/A17Wdh0VDBnXNvMFpZRRiI5pIjhb5qXppIvcxRLiWDfY7zeL
+AJ2hDeR7qfFxGQW6W/kjKqFzXAAshH2ofK9ESplYn8bV/cfOl1D/QbKwwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAcObXRR8bx83vtwePNmjDxiGgCNMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQnc1dGRGSHh2SHplLTNCNDgyYU1QR0lhQUkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcDKg6xByeg
MA0GCSqGSIb3DQEBCwUAA4IBAQBjorK7/03iO/ePxCDVVUQdrT+xSqvy43KVu1Xg
LXMQ2Maj3ZJgyVEkWLTzb0S/KBvYPBntlEZL5hIt4IThdZLyA7I0BN02LgDbtAgi
n2CTTWhxuLpeiHfNAvDkA5V8WK/aK7zMc9gepCoIivwLUwGcoTW2sT0iXdjCtcJi
qbSXPtot9QXJcezW0ucWLWrpPe4Rz+tN73m5Ryi7jPIpRIaSUbXMcvJok0S/ErBF
KfW7c72OVnnq4wrNvJRMb5pfew95zb9SB0wMzi016WASCThNIe6WTPDuU7nf2kYf
g689iKAQFvcz+weHaBlswKIh6l36AXSFvZp4C+YeRHjYs9Ui
-----END CERTIFICATE-----