Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/H4qwuwTJtmY6j49lstAPSK0-0bo.roa
File:                     H4qwuwTJtmY6j49lstAPSK0-0bo.roa (raw, json)
Hash identifier:          RVam47SKdnoa9WQo6ysXJoY2sId51Pu3nNdo/2aG2TM=
Subject key identifier:   1F:8A:B0:BB:04:C9:B6:66:3A:8F:8F:65:B2:D0:0F:48:AD:3E:D1:BA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD457294F800DC97E25770E2B8B1B2
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/H4qwuwTJtmY6j49lstAPSK0-0bo.roa
Signing time:             Tue 02 Jan 2024 10:34:33 +0000
ROA not before:           Tue 02 Jan 2024 10:34:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212504
IP address blocks:        2a0e:97c0:9f0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:45:72:94:f8:00:dc:97:e2:57:70:e2:b8:b1:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1f8ab0bb04c9b6663a8f8f65b2d00f48ad3ed1ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:bf:c1:0d:a6:15:f9:e8:fa:42:7e:70:19:0f:
                    d8:27:62:2b:bd:de:e0:48:52:af:cf:54:42:3c:d4:
                    c5:b1:7b:b3:2e:71:d4:45:6f:30:3b:19:b5:2b:6c:
                    b6:cd:c1:66:7f:f8:a5:f7:13:ac:9e:30:b1:7b:0a:
                    94:c6:4d:46:59:e2:62:6e:23:6a:96:d5:78:ac:5c:
                    c8:4a:52:1c:39:10:15:c8:12:8a:25:91:f3:13:98:
                    fd:09:a9:02:44:39:8a:5b:8a:3b:9b:3d:8d:4e:35:
                    b5:e2:2f:6a:b2:d7:b0:cc:05:5e:9d:f5:02:1c:f9:
                    68:22:91:60:a7:0f:d5:22:fe:d8:22:1a:4a:76:9c:
                    73:46:23:f9:59:8a:6d:1b:be:9a:09:c1:9a:be:fb:
                    ce:f0:90:ba:4d:6e:40:92:42:14:27:d2:b3:86:60:
                    d7:72:c3:ef:e7:ad:6c:9a:6f:c9:82:4d:fa:d4:ca:
                    cf:96:06:e2:69:ce:fa:00:3b:68:0c:a3:52:a1:e1:
                    75:31:93:63:50:1b:83:03:00:c0:42:e8:3a:ce:c1:
                    6d:a8:57:68:51:bd:83:04:b3:31:95:24:df:8f:e3:
                    66:d3:21:f1:0f:e1:86:51:d7:d6:ad:f7:5f:8e:8c:
                    fa:62:5c:d0:eb:6e:fe:61:85:a8:5d:5f:30:73:d0:
                    31:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:8A:B0:BB:04:C9:B6:66:3A:8F:8F:65:B2:D0:0F:48:AD:3E:D1:BA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/H4qwuwTJtmY6j49lstAPSK0-0bo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:9f0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6a:b5:35:c1:24:55:c5:64:ae:a8:86:b7:9b:04:6c:e9:3f:46:
         e8:ea:c8:3e:d5:19:99:ef:2e:3b:b1:34:90:32:65:1c:e9:de:
         37:46:06:3a:56:47:5e:d8:c8:75:1c:9b:64:24:f9:7b:e6:4a:
         f4:6c:3c:cc:1d:65:29:9e:24:6d:62:4e:02:90:1e:f3:d3:13:
         3c:0f:05:8c:15:64:e9:ca:d4:4a:d0:b2:71:f4:90:c9:9c:9e:
         dc:ff:64:92:b0:50:3f:f6:79:98:90:53:b2:bd:1b:c9:45:25:
         3e:d9:ef:34:47:4f:0a:e1:82:d2:07:50:d3:7d:16:33:1c:e3:
         93:fd:d1:de:bb:53:79:9c:16:c7:56:6f:96:32:61:c2:08:52:
         b7:70:63:89:80:90:c0:66:3a:78:4e:9e:63:79:b1:82:5c:64:
         37:14:e7:e5:5f:69:94:45:d7:05:c7:a0:90:f5:5c:ea:78:77:
         9d:96:41:4d:d9:84:ce:87:d0:90:2f:d0:38:3f:cf:6e:e0:96:
         b3:48:fc:ff:48:b9:a4:5a:cd:ac:f4:7a:83:9d:22:96:6e:2f:
         55:79:fe:f5:13:e7:2e:08:55:8e:13:73:64:43:13:f7:2b:03:
         20:57:53:c2:d0:2d:69:95:a3:3d:6e:87:38:0c:8c:70:20:c4:
         ba:12:a6:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvUVylPgA3JfiV3DiuLGyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjhhYjBiYjA0YzliNjY2M2E4ZjhmNjViMmQwMGY0OGFkM2VkMWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1r/BDaYV+ej6Qn5wGQ/YJ2Irvd7g
SFKvz1RCPNTFsXuzLnHURW8wOxm1K2y2zcFmf/il9xOsnjCxewqUxk1GWeJibiNq
ltV4rFzISlIcORAVyBKKJZHzE5j9CakCRDmKW4o7mz2NTjW14i9qstewzAVenfUC
HPloIpFgpw/VIv7YIhpKdpxzRiP5WYptG76aCcGavvvO8JC6TW5AkkIUJ9KzhmDX
csPv561smm/Jgk361MrPlgbiac76ADtoDKNSoeF1MZNjUBuDAwDAQug6zsFtqFdo
Ub2DBLMxlSTfj+Nm0yHxD+GGUdfWrfdfjoz6YlzQ627+YYWoXV8wc9AxOQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB+KsLsEybZmOo+PZbLQD0itPtG6MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSDRxd3V3VEp0bVk2ajQ5bHN0QVBTSzAtMGJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAnw
MA0GCSqGSIb3DQEBCwUAA4IBAQBqtTXBJFXFZK6ohrebBGzpP0bo6sg+1RmZ7y47
sTSQMmUc6d43RgY6Vkde2Mh1HJtkJPl75kr0bDzMHWUpniRtYk4CkB7z0xM8DwWM
FWTpytRK0LJx9JDJnJ7c/2SSsFA/9nmYkFOyvRvJRSU+2e80R08K4YLSB1DTfRYz
HOOT/dHeu1N5nBbHVm+WMmHCCFK3cGOJgJDAZjp4Tp5jebGCXGQ3FOflX2mURdcF
x6CQ9VzqeHedlkFN2YTOh9CQL9A4P89u4JazSPz/SLmkWs2s9HqDnSKWbi9Vef71
E+cuCFWOE3NkQxP3KwMgV1PC0C1plaM9boc4DIxwIMS6Eqas
-----END CERTIFICATE-----