Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/II_FLsZyf2aduTXLxebVY1aNYGo.roa
File:                     II_FLsZyf2aduTXLxebVY1aNYGo.roa (raw, json)
Hash identifier:          Jsi+WEIylqswHU6DWedWZGmOG8YR3q/E4iE3hTj2fK8=
Subject key identifier:   20:8F:C5:2E:C6:72:7F:66:9D:B9:35:CB:C5:E6:D5:63:56:8D:60:6A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425226EAE54AA7DE7C0706086974BF30C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/II_FLsZyf2aduTXLxebVY1aNYGo.roa
Signing time:             Thu 02 Jan 2025 03:50:01 +0000
ROA not before:           Thu 02 Jan 2025 03:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213215
IP address blocks:        2a0e:b107:6e3::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:6e:ae:54:aa:7d:e7:c0:70:60:86:97:4b:f3:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=208fc52ec6727f669db935cbc5e6d563568d606a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:9e:b5:b3:eb:32:13:5c:f9:25:2f:af:1b:75:
                    77:3c:56:15:37:88:d5:22:c3:16:6f:1a:d3:8e:f7:
                    f7:2e:84:67:65:1f:8c:b4:8b:31:6f:9b:dc:48:db:
                    ed:74:bf:9b:51:ff:b2:79:e6:bc:59:07:96:af:d2:
                    39:3f:3c:c7:51:16:5d:68:9f:5a:24:7c:36:64:22:
                    d7:c9:fe:01:30:ba:ac:25:9c:5d:1c:da:92:c2:98:
                    32:af:e8:ad:18:19:b7:41:3a:4b:3e:c0:0a:0b:7f:
                    39:1c:b6:5c:1a:50:ba:82:81:42:a8:c0:9c:bc:57:
                    3a:c1:bf:dc:5d:c4:92:bc:67:03:6d:3d:57:e1:cc:
                    8a:da:3d:04:19:ea:05:e1:40:bc:f8:07:69:64:0f:
                    8d:66:22:ef:24:27:2c:a1:df:a7:b6:3e:2c:18:bc:
                    85:c1:71:30:74:56:ca:2f:e1:50:6b:3c:e2:62:83:
                    75:61:9b:24:7e:b5:aa:4c:d4:29:df:57:f6:36:3d:
                    1e:10:2e:29:0f:d7:d7:c7:0e:fa:0a:70:45:a1:6b:
                    2d:1a:e0:f0:84:e6:d7:81:6b:5d:25:a4:e9:e4:3a:
                    18:c0:b4:d5:64:75:ce:a2:b1:2a:20:4b:8d:06:4c:
                    be:4d:8f:91:82:55:48:5c:62:4f:e8:3d:ea:5a:e1:
                    bc:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:8F:C5:2E:C6:72:7F:66:9D:B9:35:CB:C5:E6:D5:63:56:8D:60:6A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/II_FLsZyf2aduTXLxebVY1aNYGo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:6e3::/48

    Signature Algorithm: sha256WithRSAEncryption
         c1:be:eb:f5:82:bd:65:25:52:aa:f8:24:d3:ee:70:64:fb:a2:
         25:7a:7d:64:cb:9e:a0:49:fb:8c:84:b6:1a:df:e3:14:f3:74:
         53:d3:91:6e:70:fe:c9:90:b8:1e:7c:a5:b0:1e:fd:03:d5:8d:
         0d:83:b8:79:ff:64:e9:aa:c0:bf:3a:8c:d6:0a:91:78:a3:f4:
         6f:4d:5c:0b:01:50:36:a2:b4:41:19:ee:bd:c7:e3:bf:32:c7:
         d7:09:ad:26:58:bb:e0:69:e0:f8:12:62:70:1d:f3:5c:8c:ef:
         db:92:ab:9c:ad:28:03:c1:78:00:a6:21:97:95:fc:45:fe:b6:
         df:1a:b8:92:e4:10:27:cc:b6:2c:77:84:e9:7d:6d:a1:ad:5b:
         ce:10:75:6a:78:af:6c:64:26:f1:52:e5:06:c3:58:27:ed:40:
         61:b2:46:88:86:1c:93:5b:63:8d:20:48:d5:cd:56:e9:7b:ed:
         03:32:72:72:31:c7:e0:06:cd:4e:31:ed:aa:2e:74:2d:f7:95:
         36:d4:d5:96:14:3a:f5:a8:ad:1a:7a:d6:07:64:6b:db:64:42:
         59:5d:ed:66:72:87:52:3c:a0:a7:1d:ac:76:c2:69:18:3f:40:
         bf:d2:45:58:71:6b:1f:94:6e:88:2d:90:fb:ed:e8:22:4a:da:
         b8:29:35:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIm6uVKp958BwYIaXS/MMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDhmYzUyZWM2NzI3ZjY2OWRiOTM1Y2JjNWU2ZDU2MzU2OGQ2MDZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwp61s+syE1z5JS+vG3V3PFYVN4jV
IsMWbxrTjvf3LoRnZR+MtIsxb5vcSNvtdL+bUf+yeea8WQeWr9I5PzzHURZdaJ9a
JHw2ZCLXyf4BMLqsJZxdHNqSwpgyr+itGBm3QTpLPsAKC385HLZcGlC6goFCqMCc
vFc6wb/cXcSSvGcDbT1X4cyK2j0EGeoF4UC8+AdpZA+NZiLvJCcsod+ntj4sGLyF
wXEwdFbKL+FQazziYoN1YZskfrWqTNQp31f2Nj0eEC4pD9fXxw76CnBFoWstGuDw
hObXgWtdJaTp5DoYwLTVZHXOorEqIEuNBky+TY+RglVIXGJP6D3qWuG81wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCCPxS7Gcn9mnbk1y8Xm1WNWjWBqMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSUlfRkxzWnlmMmFkdVRYTHhlYlZZMWFOWUdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwbj
MA0GCSqGSIb3DQEBCwUAA4IBAQDBvuv1gr1lJVKq+CTT7nBk+6Ilen1ky56gSfuM
hLYa3+MU83RT05FucP7JkLgefKWwHv0D1Y0Ng7h5/2TpqsC/OozWCpF4o/RvTVwL
AVA2orRBGe69x+O/MsfXCa0mWLvgaeD4EmJwHfNcjO/bkqucrSgDwXgApiGXlfxF
/rbfGriS5BAnzLYsd4TpfW2hrVvOEHVqeK9sZCbxUuUGw1gn7UBhskaIhhyTW2ON
IEjVzVbpe+0DMnJyMcfgBs1OMe2qLnQt95U21NWWFDr1qK0aetYHZGvbZEJZXe1m
codSPKCnHax2wmkYP0C/0kVYcWsflG6ILZD77egiStq4KTWL
-----END CERTIFICATE-----