Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/C300i3eRrBcSY4hzmPNsfZuUr9A.roa
File:                     C300i3eRrBcSY4hzmPNsfZuUr9A.roa (raw, json)
Hash identifier:          rUf0DM6h9FVIpEVffJcbI1QG/hXmyLs2s5twJHHrHS4=
Subject key identifier:   0B:7D:34:8B:77:91:AC:17:12:63:88:73:98:F3:6C:7D:9B:94:AF:D0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252241642EE122DB7896B5ABAB66E9A6
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/C300i3eRrBcSY4hzmPNsfZuUr9A.roa
Signing time:             Thu 02 Jan 2025 03:49:49 +0000
ROA not before:           Thu 02 Jan 2025 03:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210623
IP address blocks:        2a0e:b107:1780::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:41:64:2e:e1:22:db:78:96:b5:ab:ab:66:e9:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0b7d348b7791ac171263887398f36c7d9b94afd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:9c:ea:74:66:4d:d1:d2:64:07:be:54:fc:87:
                    8a:e4:49:4a:7e:73:d5:20:6e:b5:e3:60:a4:fd:4d:
                    1b:99:63:57:4c:8b:89:d3:34:0b:58:fc:9d:4c:28:
                    80:8c:b7:41:56:ae:49:4c:32:1b:d8:43:7a:80:a1:
                    f3:1b:85:18:6e:81:71:cf:9c:ee:07:aa:f9:ed:24:
                    1b:e7:34:dd:24:94:ba:14:db:79:05:9e:e4:c6:15:
                    bd:4b:ef:b1:e8:a8:17:8d:0b:6a:3b:4e:d4:c8:52:
                    96:4c:a5:6c:17:20:30:3a:64:fa:ff:a1:47:ee:d2:
                    89:35:34:72:64:d9:a8:eb:21:c7:94:90:d9:fc:17:
                    65:75:0b:b5:50:17:ac:c3:8d:7c:c8:ac:ee:ec:66:
                    b4:6a:77:9a:c2:6e:5d:14:31:31:9f:76:e2:4c:d8:
                    42:31:1f:43:5d:b7:c1:0c:48:f6:66:05:e5:75:44:
                    e0:1f:12:9a:e9:09:82:29:4f:c7:61:59:b3:3a:28:
                    23:91:77:12:78:2b:74:37:eb:58:2c:0b:87:1b:50:
                    55:a9:c9:51:13:d2:dd:7c:27:48:8a:51:9a:dc:cb:
                    ed:45:d0:13:53:f0:3e:e8:71:9c:cc:4c:d1:75:de:
                    29:64:92:27:f2:24:46:f4:d8:b6:e2:0b:3e:d6:44:
                    d1:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:7D:34:8B:77:91:AC:17:12:63:88:73:98:F3:6C:7D:9B:94:AF:D0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/C300i3eRrBcSY4hzmPNsfZuUr9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1780::/46

    Signature Algorithm: sha256WithRSAEncryption
         30:96:13:50:22:b7:5c:d0:e2:a8:91:d0:be:55:af:44:f7:bd:
         87:e2:b0:a7:87:3c:42:d9:9c:70:49:2f:88:52:ff:11:e8:61:
         75:07:72:08:d8:34:cc:a5:50:14:0a:20:a4:c4:d2:ed:b9:c2:
         c0:77:46:84:d1:22:df:b7:da:37:16:2f:c7:99:d3:21:da:bc:
         a4:6a:be:2e:b4:3d:cb:2f:73:71:08:cf:98:54:0b:bf:2f:1c:
         e9:0d:5a:7a:02:19:0a:6a:f4:07:38:cd:bc:63:f6:fa:28:51:
         27:a7:90:39:ae:a0:3b:35:6f:db:0e:c5:69:d4:22:59:5b:66:
         e4:ce:6c:2c:54:95:b8:f4:cd:ce:0d:0d:99:73:b0:48:7d:0c:
         ae:1e:67:00:d7:14:fe:06:2c:d1:db:9a:42:77:16:7e:fa:4a:
         40:62:b3:31:d1:16:48:74:72:ba:25:22:76:15:af:fa:04:e1:
         fb:f0:0e:38:2b:b3:d0:d2:e8:9f:00:e1:ea:89:8f:4d:ea:4f:
         85:f8:12:5e:e9:2d:cb:f2:fc:e7:1b:0a:ef:30:43:e0:61:29:
         14:b9:93:b7:d3:9b:c9:f4:29:45:cb:36:5b:c3:2a:86:9a:4b:
         e5:8e:4f:50:e4:75:2b:37:d7:54:ca:9d:58:16:e6:1b:bc:20:
         b1:9c:dc:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkFkLuEi23iWtaurZummMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjdkMzQ4Yjc3OTFhYzE3MTI2Mzg4NzM5OGYzNmM3ZDliOTRhZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuJzqdGZN0dJkB75U/IeK5ElKfnPV
IG6142Ck/U0bmWNXTIuJ0zQLWPydTCiAjLdBVq5JTDIb2EN6gKHzG4UYboFxz5zu
B6r57SQb5zTdJJS6FNt5BZ7kxhW9S++x6KgXjQtqO07UyFKWTKVsFyAwOmT6/6FH
7tKJNTRyZNmo6yHHlJDZ/BdldQu1UBesw418yKzu7Ga0aneawm5dFDExn3biTNhC
MR9DXbfBDEj2ZgXldUTgHxKa6QmCKU/HYVmzOigjkXcSeCt0N+tYLAuHG1BVqclR
E9LdfCdIilGa3MvtRdATU/A+6HGczEzRdd4pZJIn8iRG9Ni24gs+1kTRrQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAt9NIt3kawXEmOIc5jzbH2blK/QMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQzMwMGkzZVJyQmNTWTRoem1QTnNmWnVVcjlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6xBxeA
MA0GCSqGSIb3DQEBCwUAA4IBAQAwlhNQIrdc0OKokdC+Va9E972H4rCnhzxC2Zxw
SS+IUv8R6GF1B3II2DTMpVAUCiCkxNLtucLAd0aE0SLft9o3Fi/HmdMh2rykar4u
tD3LL3NxCM+YVAu/LxzpDVp6AhkKavQHOM28Y/b6KFEnp5A5rqA7NW/bDsVp1CJZ
W2bkzmwsVJW49M3ODQ2Zc7BIfQyuHmcA1xT+BizR25pCdxZ++kpAYrMx0RZIdHK6
JSJ2Fa/6BOH78A44K7PQ0uifAOHqiY9N6k+F+BJe6S3L8vznGwrvMEPgYSkUuZO3
05vJ9ClFyzZbwyqGmkvljk9Q5HUrN9dUyp1YFuYbvCCxnNz0
-----END CERTIFICATE-----