Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CpXxv6n8bM_avaoQmSVPr-IXg0I.roa
File:                     CpXxv6n8bM_avaoQmSVPr-IXg0I.roa (raw, json)
Hash identifier:          CGxmqjTboU0UHSUEBjbSFG9C4W1BevwrsH4R/SI36zc=
Subject key identifier:   0A:95:F1:BF:A9:FC:6C:CF:DA:BD:AA:10:99:25:4F:AF:E2:17:83:42
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425220E2B4A67173CE54229D47ED3459C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CpXxv6n8bM_avaoQmSVPr-IXg0I.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202929
IP address blocks:        2a0e:97c0:510::/47 maxlen: 48
                          2a0e:97c0:512::/48 maxlen: 48
                          2a0e:97c0:513::/48 maxlen: 48
                          2a0e:97c0:514::/47 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0e:2b:4a:67:17:3c:e5:42:29:d4:7e:d3:45:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a95f1bfa9fc6ccfdabdaa1099254fafe2178342
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:a5:1f:3d:02:7f:12:27:5c:19:45:17:ce:05:
                    f1:96:cb:ee:ba:13:df:ac:50:1a:a6:ce:95:98:f7:
                    88:90:26:ec:78:9d:56:45:e3:16:d8:f0:a7:7a:3f:
                    00:b9:6e:f4:66:65:4f:96:75:33:1e:52:72:d1:11:
                    92:47:3c:13:90:37:eb:4d:9c:a0:8b:6b:c1:c4:58:
                    05:b8:f7:f1:8f:86:38:37:ee:ab:32:97:fe:5b:9c:
                    81:a8:74:fe:07:c3:54:39:68:7d:6f:7c:e2:5f:97:
                    6b:37:ca:61:2e:14:0c:54:1b:a5:c9:e4:3b:c8:64:
                    ae:d5:52:0c:e8:ef:04:db:06:1a:c5:eb:6a:8e:19:
                    5a:45:1f:f7:e2:73:ec:ae:27:ba:11:63:a0:94:d0:
                    dd:cc:f8:54:ad:09:58:b2:d1:81:03:fe:d0:a7:c3:
                    0a:3d:d9:84:88:08:c6:8f:7d:74:bd:cf:c6:ae:7b:
                    9a:7a:18:ed:5a:db:5f:c6:ce:0f:44:7e:b6:34:b5:
                    e2:8a:a4:6d:75:65:f6:a3:0b:81:7b:f0:5f:97:a2:
                    41:17:3e:c0:9d:9a:ea:36:2d:38:80:49:d3:c4:b7:
                    56:51:7c:61:14:01:d6:5e:d1:3e:c3:29:86:8e:7c:
                    65:aa:bd:54:b6:88:9f:67:c2:2b:4a:f4:f2:41:63:
                    99:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:95:F1:BF:A9:FC:6C:CF:DA:BD:AA:10:99:25:4F:AF:E2:17:83:42
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/CpXxv6n8bM_avaoQmSVPr-IXg0I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:510::-2a0e:97c0:515:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6a:c4:2e:ab:4c:89:0e:10:0b:9b:82:98:04:a4:70:8d:89:a7:
         06:01:42:31:cb:e3:3b:42:06:20:83:70:50:67:a4:a1:7f:93:
         d5:64:2a:17:7c:29:f7:82:82:54:97:3a:de:66:73:2f:9a:48:
         5e:67:e8:f8:5a:f2:77:29:86:0f:bc:d7:46:63:0e:55:97:de:
         02:6a:06:37:a7:cd:9f:12:33:75:9e:37:f4:bb:2c:cc:ec:08:
         54:46:0a:1b:c4:b9:45:6d:ae:f4:ad:01:e6:0f:62:53:87:cd:
         b7:79:e6:0c:ed:ba:dc:40:50:56:77:e3:fc:61:56:61:8c:95:
         31:d7:3c:e9:b3:74:4a:a9:3e:f3:ca:ee:94:41:d8:d1:9f:05:
         0a:02:41:39:ce:91:86:e3:86:2d:c1:eb:3a:7f:71:0f:bb:f8:
         20:a4:d0:2b:94:ac:ba:b1:8f:72:49:ad:d1:6d:02:ed:77:0f:
         55:5b:6d:af:d7:1f:cd:af:64:ab:c5:8b:bc:a0:fa:4e:57:3e:
         b3:33:36:3a:12:92:69:7c:7d:58:f7:ea:37:8e:d5:9c:88:5f:
         20:25:8a:5c:2f:28:f7:ab:e4:9f:41:9e:0b:9d:f5:59:ac:d2:
         ba:26:81:f4:d8:93:19:88:a6:0d:0a:41:35:05:5e:97:29:88:
         4d:e5:cb:f8
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQlIg4rSmcXPOVCKdR+00WcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTk1ZjFiZmE5ZmM2Y2NmZGFiZGFhMTA5OTI1NGZhZmUyMTc4MzQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6UfPQJ/EidcGUUXzgXxlsvuuhPf
rFAaps6VmPeIkCbseJ1WReMW2PCnej8AuW70ZmVPlnUzHlJy0RGSRzwTkDfrTZyg
i2vBxFgFuPfxj4Y4N+6rMpf+W5yBqHT+B8NUOWh9b3ziX5drN8phLhQMVBulyeQ7
yGSu1VIM6O8E2wYaxetqjhlaRR/34nPsrie6EWOglNDdzPhUrQlYstGBA/7Qp8MK
PdmEiAjGj310vc/GrnuaehjtWttfxs4PRH62NLXiiqRtdWX2owuBe/Bfl6JBFz7A
nZrqNi04gEnTxLdWUXxhFAHWXtE+wymGjnxlqr1UtoifZ8IrSvTyQWOZXQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFAqV8b+p/GzP2r2qEJklT6/iF4NCMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvQ3BYeHY2bjhiTV9hdmFvUW1TVlByLUlYZzBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqDpfA
BRADBwEqDpfABRQwDQYJKoZIhvcNAQELBQADggEBAGrELqtMiQ4QC5uCmASkcI2J
pwYBQjHL4ztCBiCDcFBnpKF/k9VkKhd8KfeCglSXOt5mcy+aSF5n6Pha8ncphg+8
10ZjDlWX3gJqBjenzZ8SM3WeN/S7LMzsCFRGChvEuUVtrvStAeYPYlOHzbd55gzt
utxAUFZ34/xhVmGMlTHXPOmzdEqpPvPK7pRB2NGfBQoCQTnOkYbjhi3B6zp/cQ+7
+CCk0CuUrLqxj3JJrdFtAu13D1Vbba/XH82vZKvFi7yg+k5XPrMzNjoSkml8fVj3
6jeO1ZyIXyAlilwvKPer5J9Bngud9Vms0romgfTYkxmIpg0KQTUFXpcpiE3ly/g=
-----END CERTIFICATE-----