Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EbmzEB4N8jeOEX49STiYfFOXKT4.roa
File:                     EbmzEB4N8jeOEX49STiYfFOXKT4.roa (raw, json)
Hash identifier:          v6orAwLYEa+G0FLQVRnLAijWT1fhSvhtZXszzRUS5FU=
Subject key identifier:   11:B9:B3:10:1E:0D:F2:37:8E:11:7E:3D:49:38:98:7C:53:97:29:3E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252248F101B6D2B4DF136CD78614DA62
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EbmzEB4N8jeOEX49STiYfFOXKT4.roa
Signing time:             Thu 02 Jan 2025 03:49:51 +0000
ROA not before:           Thu 02 Jan 2025 03:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211013
IP address blocks:        2a0e:b107:1580::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:48:f1:01:b6:d2:b4:df:13:6c:d7:86:14:da:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11b9b3101e0df2378e117e3d4938987c5397293e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:ce:e6:d5:f6:04:d9:33:f3:51:12:3f:4f:ad:
                    1d:d5:14:a2:22:35:47:23:9a:00:3f:6f:f7:51:d7:
                    97:78:c2:51:4f:69:9f:7e:47:cd:d7:bb:d6:b2:be:
                    f7:b0:30:97:ad:d8:de:ed:1e:c0:c6:9a:4e:eb:ab:
                    26:fd:f3:81:20:e4:db:6b:49:7e:1b:5b:3c:31:80:
                    ca:67:17:a1:f2:f5:8c:9a:90:4a:de:3c:d4:c4:78:
                    71:bd:68:02:41:45:82:9e:40:a5:f3:c0:95:c9:23:
                    41:39:30:f1:a6:17:db:fa:35:cb:9f:26:20:9d:d8:
                    a4:0a:a3:80:f6:44:9f:27:fa:46:e8:c3:9d:f9:f6:
                    18:09:f7:68:d7:8f:19:87:62:1a:bb:18:7f:ce:cb:
                    6e:fe:55:f0:11:b1:5b:f5:0a:ca:31:b3:03:39:2f:
                    0c:9b:58:cb:53:06:6b:2a:95:af:f2:0e:46:81:68:
                    a5:54:b3:72:a9:36:26:43:56:c0:94:9c:49:f2:cd:
                    a5:4f:ba:c7:63:2e:df:62:7b:2b:ab:eb:59:cc:e2:
                    5e:c3:cc:fc:7a:a8:e0:f6:97:ae:32:06:15:df:8a:
                    85:17:cd:e3:3d:91:cc:5d:8c:a5:f7:7b:99:90:01:
                    af:f2:ca:49:8a:42:04:4b:71:60:6e:98:fd:17:00:
                    12:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B9:B3:10:1E:0D:F2:37:8E:11:7E:3D:49:38:98:7C:53:97:29:3E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/EbmzEB4N8jeOEX49STiYfFOXKT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1580::/48

    Signature Algorithm: sha256WithRSAEncryption
         6b:c8:2e:48:00:72:ff:91:a6:6c:8b:23:1e:ce:30:0c:67:22:
         52:90:7c:1b:f9:82:ed:c6:12:a4:6b:0b:14:20:09:dc:a1:87:
         90:4b:83:5e:8c:f2:1f:dc:fd:ec:cf:4d:e0:05:b4:83:f7:13:
         e0:5a:70:14:b9:17:6d:96:7d:1a:54:a5:4b:e7:b9:6b:e9:78:
         f8:76:46:7d:c6:bd:c2:e4:dc:42:2f:d7:d4:81:44:30:34:c7:
         f8:95:c1:08:4c:7a:9a:44:56:51:6b:a7:f3:26:a4:c9:f1:d7:
         36:ba:b0:9f:a0:18:08:19:f1:b0:50:88:d4:10:1d:a9:01:72:
         48:a3:d5:1e:10:22:76:d3:cf:54:67:a2:93:58:4a:72:aa:1d:
         26:61:dd:33:12:63:f3:e8:3c:92:8d:fa:e0:0c:e3:9e:aa:ac:
         0d:a4:30:3b:47:c0:97:71:69:f7:b6:74:ff:31:fe:f1:69:d7:
         f0:d7:d9:b2:8a:7a:67:40:2e:0c:de:24:3d:a4:51:c5:38:a4:
         ab:cc:dc:e9:96:ac:6c:88:95:3e:4d:8f:82:09:ec:7d:3c:21:
         11:95:1d:df:6a:01:9a:69:75:0f:a7:82:48:33:28:da:ae:65:
         4e:f4:e6:f9:f9:ad:83:f1:e7:f6:8c:2d:ae:74:7e:1b:0c:d9:
         a9:65:4e:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkjxAbbStN8TbNeGFNpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI5YjMxMDFlMGRmMjM3OGUxMTdlM2Q0OTM4OTg3YzUzOTcyOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx87m1fYE2TPzURI/T60d1RSiIjVH
I5oAP2/3UdeXeMJRT2mffkfN17vWsr73sDCXrdje7R7AxppO66sm/fOBIOTba0l+
G1s8MYDKZxeh8vWMmpBK3jzUxHhxvWgCQUWCnkCl88CVySNBOTDxphfb+jXLnyYg
ndikCqOA9kSfJ/pG6MOd+fYYCfdo148Zh2Iauxh/zstu/lXwEbFb9QrKMbMDOS8M
m1jLUwZrKpWv8g5GgWilVLNyqTYmQ1bAlJxJ8s2lT7rHYy7fYnsrq+tZzOJew8z8
eqjg9peuMgYV34qFF83jPZHMXYyl93uZkAGv8spJikIES3Fgbpj9FwASgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBG5sxAeDfI3jhF+PUk4mHxTlyk+MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRWJtekVCNE44amVPRVg0OVNUaVlmRk9YS1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxWA
MA0GCSqGSIb3DQEBCwUAA4IBAQBryC5IAHL/kaZsiyMezjAMZyJSkHwb+YLtxhKk
awsUIAncoYeQS4NejPIf3P3sz03gBbSD9xPgWnAUuRdtln0aVKVL57lr6Xj4dkZ9
xr3C5NxCL9fUgUQwNMf4lcEITHqaRFZRa6fzJqTJ8dc2urCfoBgIGfGwUIjUEB2p
AXJIo9UeECJ2089UZ6KTWEpyqh0mYd0zEmPz6DySjfrgDOOeqqwNpDA7R8CXcWn3
tnT/Mf7xadfw19myinpnQC4M3iQ9pFHFOKSrzNzplqxsiJU+TY+CCex9PCERlR3f
agGaaXUPp4JIMyjarmVO9Ob5+a2D8ef2jC2udH4bDNmpZU65
-----END CERTIFICATE-----