Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EMOVQCNP21sgTcp5T5X3QXbiODE.roa
File:                     EMOVQCNP21sgTcp5T5X3QXbiODE.roa (raw, json)
Hash identifier:          sVL/A1ezlydb1+Fig7zGp2DlvUspZ461/TntFkq0Pmg=
Subject key identifier:   10:C3:95:40:23:4F:DB:5B:20:4D:CA:79:4F:95:F7:41:76:E2:38:31
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425222BFE3FFE410757524DA9C7793F5A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EMOVQCNP21sgTcp5T5X3QXbiODE.roa
Signing time:             Thu 02 Jan 2025 03:49:44 +0000
ROA not before:           Thu 02 Jan 2025 03:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208059
IP address blocks:        2a0e:b107:2b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:2b:fe:3f:fe:41:07:57:52:4d:a9:c7:79:3f:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10c39540234fdb5b204dca794f95f74176e23831
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:ac:cb:8e:4a:b4:63:af:8b:11:51:f6:66:fc:
                    8e:96:6c:a5:b9:d7:ca:a3:24:e3:ef:17:de:9e:3a:
                    c2:4d:79:86:24:d5:ec:7c:b5:c7:6d:12:70:73:0c:
                    9f:6d:3a:2d:33:a5:a2:ce:aa:17:49:ea:ab:58:ef:
                    4c:fd:52:ad:32:a3:88:79:c0:87:25:e7:15:f7:ce:
                    4e:1d:45:5d:23:02:18:42:a4:b2:33:68:1b:ae:bc:
                    5b:62:ff:80:b6:7a:3b:4a:b3:e8:78:8a:09:b4:82:
                    3a:78:77:8c:b4:e8:b7:f7:51:b7:f9:a6:f2:fd:66:
                    f5:51:de:25:47:63:97:a5:4a:c7:2e:26:73:4e:1d:
                    91:f2:12:3c:5b:82:ef:5d:36:5a:a3:f0:05:d8:bd:
                    28:9c:4e:bf:2b:34:d2:05:aa:08:32:9d:82:87:41:
                    07:e8:3f:88:2d:60:e5:9f:e0:1b:f1:7b:02:88:96:
                    69:0c:a6:1a:f3:b5:61:d6:75:a8:44:2f:b9:82:ac:
                    88:97:8b:cd:ae:2c:8d:50:a5:c0:1d:af:20:f4:7e:
                    46:de:01:3a:57:64:d7:fc:67:75:8b:b1:66:8b:fa:
                    41:a1:c7:69:9a:60:18:40:f3:15:11:6a:f9:cf:fd:
                    00:56:b9:df:51:1a:ba:64:49:0f:5a:bd:86:92:ae:
                    b5:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C3:95:40:23:4F:DB:5B:20:4D:CA:79:4F:95:F7:41:76:E2:38:31
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EMOVQCNP21sgTcp5T5X3QXbiODE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2b::/48

    Signature Algorithm: sha256WithRSAEncryption
         21:06:bb:bb:e1:e4:6b:06:97:42:e2:db:9c:36:70:be:ad:b0:
         0c:11:29:a4:66:25:0c:f1:6a:9b:6d:d6:9d:55:b0:24:d9:12:
         f5:dd:f6:bd:00:0f:13:6e:48:7d:68:0f:32:bf:49:55:e0:0c:
         04:3c:de:42:4b:9d:54:bb:1f:7e:d0:5a:e8:e4:b0:fd:77:c0:
         08:7e:70:f6:58:dc:c1:29:f5:c6:e4:4f:79:12:f2:1c:9c:19:
         26:92:26:e6:a3:d7:11:2a:77:a5:36:08:02:e5:87:b9:a0:5f:
         06:97:f5:3b:bb:0f:06:51:00:10:b6:4b:ec:a3:53:51:ea:e5:
         e3:59:0a:73:c7:8d:6a:ba:03:6c:cf:7a:f0:d7:38:b9:28:db:
         fb:52:c8:c7:dd:db:61:94:4a:00:0f:de:77:cb:fe:72:19:44:
         6e:17:e8:3c:70:d4:33:e6:24:61:da:1e:42:1f:03:2a:af:06:
         be:4b:1b:c5:e8:30:6f:75:4e:f1:05:aa:c8:aa:18:ba:3a:34:
         e2:e3:90:a4:76:c0:f7:9d:8d:c6:7d:0e:e5:fa:33:a4:8b:f0:
         32:bb:45:3d:07:3f:1c:c8:b6:e0:bd:51:ea:54:99:e9:68:69:
         ac:c2:04:a7:39:c7:b8:de:95:af:38:fc:5a:68:07:5b:43:d7:
         70:f6:14:d6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIiv+P/5BB1dSTanHeT9aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGMzOTU0MDIzNGZkYjViMjA0ZGNhNzk0Zjk1Zjc0MTc2ZTIzODMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuazLjkq0Y6+LEVH2ZvyOlmyludfK
oyTj7xfenjrCTXmGJNXsfLXHbRJwcwyfbTotM6WizqoXSeqrWO9M/VKtMqOIecCH
JecV985OHUVdIwIYQqSyM2gbrrxbYv+Atno7SrPoeIoJtII6eHeMtOi391G3+aby
/Wb1Ud4lR2OXpUrHLiZzTh2R8hI8W4LvXTZao/AF2L0onE6/KzTSBaoIMp2Ch0EH
6D+ILWDln+Ab8XsCiJZpDKYa87Vh1nWoRC+5gqyIl4vNriyNUKXAHa8g9H5G3gE6
V2TX/Gd1i7Fmi/pBocdpmmAYQPMVEWr5z/0AVrnfURq6ZEkPWr2Gkq61lwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBDDlUAjT9tbIE3KeU+V90F24jgxMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRU1PVlFDTlAyMXNnVGNwNVQ1WDNRWGJpT0RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwAr
MA0GCSqGSIb3DQEBCwUAA4IBAQAhBru74eRrBpdC4tucNnC+rbAMESmkZiUM8Wqb
bdadVbAk2RL13fa9AA8Tbkh9aA8yv0lV4AwEPN5CS51Uux9+0Fro5LD9d8AIfnD2
WNzBKfXG5E95EvIcnBkmkibmo9cRKnelNggC5Ye5oF8Gl/U7uw8GUQAQtkvso1NR
6uXjWQpzx41qugNsz3rw1zi5KNv7UsjH3dthlEoAD953y/5yGURuF+g8cNQz5iRh
2h5CHwMqrwa+SxvF6DBvdU7xBarIqhi6OjTi45CkdsD3nY3GfQ7l+jOki/Ayu0U9
Bz8cyLbgvVHqVJnpaGmswgSnOce43pWvOPxaaAdbQ9dw9hTW
-----END CERTIFICATE-----