Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FL7xrr8TfkdXh3HgyYfpoA_SvBU.roa
File:                     FL7xrr8TfkdXh3HgyYfpoA_SvBU.roa (raw, json)
Hash identifier:          EV5C+MZDHXTU6G8o+0L/9sYeSWRqSqNHjOhzdKhkhdM=
Subject key identifier:   14:BE:F1:AE:BF:13:7E:47:57:87:71:E0:C9:87:E9:A0:0F:D2:BC:15
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0191E86F88F3865A5B704C55D22E7F42A407
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FL7xrr8TfkdXh3HgyYfpoA_SvBU.roa
Signing time:             Thu 12 Sep 2024 22:51:49 +0000
ROA not before:           Thu 12 Sep 2024 22:51:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205635
IP address blocks:        2a10:2f00:124::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:e8:6f:88:f3:86:5a:5b:70:4c:55:d2:2e:7f:42:a4:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 12 22:51:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=14bef1aebf137e47578771e0c987e9a00fd2bc15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:ec:cf:32:f9:32:73:98:c7:67:9e:0a:b8:6f:
                    e1:d1:7f:74:d6:72:4f:e6:63:d5:e4:03:a3:59:8f:
                    71:59:67:a8:f5:a1:0e:86:54:5c:b6:77:f3:c9:7d:
                    d5:0d:77:ec:6a:c7:8b:cd:9d:bf:3f:c9:ed:14:74:
                    51:00:42:02:15:4c:e9:d1:0c:48:ca:e9:0f:6d:76:
                    f1:8d:42:e3:59:9a:99:25:64:e4:6f:eb:3b:95:28:
                    32:a8:4e:08:35:d6:bd:7d:da:79:4b:6d:0e:00:cf:
                    25:60:86:a9:b5:22:42:a4:28:46:3b:bb:6b:3f:aa:
                    ed:94:d7:30:fe:c2:a5:d2:94:0d:f9:99:81:8a:d6:
                    cd:ac:46:cf:b9:05:32:86:be:a5:60:a6:9b:26:be:
                    da:ce:2f:8b:0a:78:8f:29:72:28:c4:f0:63:fd:14:
                    20:1a:cd:73:fd:9b:6a:8d:66:9a:54:17:62:80:b3:
                    bb:c7:c2:0e:b9:86:ff:66:26:76:07:b1:d3:3d:2d:
                    df:35:45:32:a1:46:8c:85:32:96:21:98:4c:4a:41:
                    53:e3:a9:13:eb:81:18:84:f5:31:70:ef:4b:11:d4:
                    fa:9f:f2:de:d6:26:de:a6:63:cd:ad:09:7b:1e:84:
                    36:8b:30:5a:56:b9:34:b7:03:be:d7:23:6e:09:06:
                    43:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:BE:F1:AE:BF:13:7E:47:57:87:71:E0:C9:87:E9:A0:0F:D2:BC:15
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/FL7xrr8TfkdXh3HgyYfpoA_SvBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:124::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:52:11:f2:83:5f:37:ea:20:90:f5:7d:03:dd:72:55:99:2a:
         a7:bd:30:8b:79:da:f9:d3:04:f5:9f:1f:85:c2:57:5e:4f:33:
         73:40:aa:fc:2d:49:70:1f:61:8d:e7:8d:57:f9:11:cd:9e:64:
         16:44:24:f3:f3:bc:29:58:17:45:cb:30:d7:97:32:08:39:cb:
         d6:10:73:4c:a6:b2:c9:ee:62:ec:e2:df:9b:28:c6:bf:15:a1:
         cf:e0:ae:e9:40:03:a5:94:cc:b0:a9:b3:a1:ab:a2:e7:39:48:
         8f:64:9c:c5:94:e2:28:3e:0f:1b:82:65:dc:d1:f4:1d:b8:84:
         04:6b:ea:5c:61:ec:b8:e0:32:85:fc:4b:67:16:ad:94:ee:d7:
         46:8b:4a:a0:41:74:19:20:c1:06:d5:0a:99:00:8e:4b:5b:b0:
         68:78:18:b4:b3:68:d7:a5:71:63:74:63:18:2d:6f:f0:7a:c1:
         1d:d6:7e:a8:ef:34:d7:a2:74:e0:b0:88:42:b6:bf:3b:e7:6f:
         7f:d9:3d:f2:39:60:ed:19:ac:e5:a8:68:c2:83:8a:50:59:7a:
         e8:13:dd:f5:de:6e:23:08:17:42:3d:be:64:82:c8:c8:2b:4c:
         f9:36:70:92:6e:f8:38:24:b2:dd:9d:a1:1d:40:df:87:0c:a1:
         f2:a3:f9:64
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZHob4jzhlpbcExV0i5/QqQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwOTEyMjI1MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGJlZjFhZWJmMTM3ZTQ3NTc4NzcxZTBjOTg3ZTlhMDBmZDJiYzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuuzPMvkyc5jHZ54KuG/h0X901nJP
5mPV5AOjWY9xWWeo9aEOhlRctnfzyX3VDXfsaseLzZ2/P8ntFHRRAEICFUzp0QxI
yukPbXbxjULjWZqZJWTkb+s7lSgyqE4INda9fdp5S20OAM8lYIaptSJCpChGO7tr
P6rtlNcw/sKl0pQN+ZmBitbNrEbPuQUyhr6lYKabJr7azi+LCniPKXIoxPBj/RQg
Gs1z/ZtqjWaaVBdigLO7x8IOuYb/ZiZ2B7HTPS3fNUUyoUaMhTKWIZhMSkFT46kT
64EYhPUxcO9LEdT6n/Le1ibepmPNrQl7HoQ2izBaVrk0twO+1yNuCQZDEwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBS+8a6/E35HV4dx4MmH6aAP0rwVMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvRkw3eHJyOFRma2RYaDNIZ3lZZnBvQV9TdkJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAEk
MA0GCSqGSIb3DQEBCwUAA4IBAQCuUhHyg1836iCQ9X0D3XJVmSqnvTCLedr50wT1
nx+FwldeTzNzQKr8LUlwH2GN541X+RHNnmQWRCTz87wpWBdFyzDXlzIIOcvWEHNM
prLJ7mLs4t+bKMa/FaHP4K7pQAOllMywqbOhq6LnOUiPZJzFlOIoPg8bgmXc0fQd
uIQEa+pcYey44DKF/EtnFq2U7tdGi0qgQXQZIMEG1QqZAI5LW7BoeBi0s2jXpXFj
dGMYLW/wesEd1n6o7zTXonTgsIhCtr87529/2T3yOWDtGazlqGjCg4pQWXroE931
3m4jCBdCPb5kgsjIK0z5NnCSbvg4JLLdnaEdQN+HDKHyo/lk
-----END CERTIFICATE-----