Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JrFCZ1lER5Ve-tiCeGgFuRZ9aQ4.roa
File:                     JrFCZ1lER5Ve-tiCeGgFuRZ9aQ4.roa (raw, json)
Hash identifier:          1ToG5MXBBWE9q5Kx/NGJhwsRxIzlGEtn21FlSi0A6a0=
Subject key identifier:   26:B1:42:67:59:44:47:95:5E:FA:D8:82:78:68:05:B9:16:7D:69:0E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942EA170C0CD057BA485463067750B0B04
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JrFCZ1lER5Ve-tiCeGgFuRZ9aQ4.roa
Signing time:             Sat 04 Jan 2025 00:05:19 +0000
ROA not before:           Sat 04 Jan 2025 00:05:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213641
IP address blocks:        2a0e:97c0:680::/44 maxlen: 48
                          2a0e:97c0:681::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2e:a1:70:c0:cd:05:7b:a4:85:46:30:67:75:0b:0b:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  4 00:05:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=26b14267594447955efad882786805b9167d690e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:db:0c:ed:2f:30:50:68:83:94:05:0c:12:08:
                    92:b2:ee:30:7e:72:41:2f:ec:5e:d9:b2:1a:09:55:
                    2b:a8:89:1d:6d:04:a9:8c:27:d1:f5:2c:2b:6f:a9:
                    9e:7e:29:fa:f4:c4:fb:8d:01:8a:8b:22:03:5c:48:
                    af:e1:74:02:70:c6:ac:3b:ec:00:bb:31:1d:41:3b:
                    a1:e6:49:68:85:22:c9:54:94:23:4b:0e:12:96:d1:
                    71:ad:f3:7f:91:45:a5:3a:2a:4a:18:e1:d9:9c:1a:
                    1a:f8:85:95:a1:9c:28:5a:d6:e1:ec:fe:45:fb:72:
                    9a:e9:b8:a7:98:81:61:5e:a8:5d:23:61:2e:b9:fb:
                    ac:f5:e6:6c:c7:5e:bb:eb:1a:17:17:aa:e9:12:de:
                    8e:9e:c1:3a:18:3e:1c:82:e6:f8:28:ba:13:65:0f:
                    26:d4:5f:ab:d5:78:75:a7:0b:e2:f3:8d:fe:c7:30:
                    b7:45:ea:0f:84:d4:eb:0f:5c:f2:49:9b:76:0c:66:
                    10:81:4d:8a:25:1f:89:ff:3f:2d:5c:cc:bd:97:9e:
                    33:75:a4:7d:5b:d5:93:9f:28:1a:d0:19:7f:4f:c4:
                    df:5f:00:34:ec:d9:4d:b5:4f:09:e7:62:97:fe:92:
                    db:f3:0a:49:2a:1d:f5:a9:ad:2b:e1:78:23:3f:f1:
                    b6:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:B1:42:67:59:44:47:95:5E:FA:D8:82:78:68:05:B9:16:7D:69:0E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/JrFCZ1lER5Ve-tiCeGgFuRZ9aQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:680::/44

    Signature Algorithm: sha256WithRSAEncryption
         a4:78:d7:12:f8:1b:5c:05:8f:b5:c8:17:cb:7f:f8:b5:2c:77:
         35:75:bc:1b:56:46:0f:35:4e:44:9b:85:46:0b:45:cf:98:d2:
         1d:18:91:84:1c:19:aa:c2:e1:26:9f:ae:e7:45:70:bf:92:09:
         e7:6a:78:99:b6:78:2f:18:01:e8:40:5f:ff:97:98:29:c7:74:
         bd:23:9d:b5:10:cc:fa:b9:9d:44:27:b6:19:a6:42:16:b2:c3:
         ae:dc:bd:eb:35:53:ae:12:22:4f:4f:5e:05:59:55:2e:66:0f:
         a1:c1:21:d8:8d:69:f7:35:9f:a3:f1:5d:e9:c2:b3:ac:9f:2a:
         8c:b8:f6:03:f4:4c:ba:03:75:e9:26:61:91:93:75:5e:ee:9f:
         68:31:f6:88:63:33:e7:58:b6:bd:ab:63:7b:61:6c:97:49:9e:
         17:c4:03:79:e1:8f:0b:0d:59:c5:b1:ec:7b:09:a4:75:b0:d3:
         04:2f:47:59:9a:ea:cb:6b:c0:5b:cd:d7:2e:4a:4f:6f:3b:0d:
         eb:b8:71:40:87:5a:a6:9f:25:d2:a3:db:b8:34:b9:28:ee:27:
         51:93:cc:ed:2a:9b:fb:fa:ab:a2:58:01:4a:f3:02:41:b9:4c:
         c7:9b:b3:a3:56:12:df:93:52:db:58:cf:88:dc:29:63:c3:d7:
         e0:86:76:23
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQuoXDAzQV7pIVGMGd1CwsEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTA0MDAwNTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmIxNDI2NzU5NDQ0Nzk1NWVmYWQ4ODI3ODY4MDViOTE2N2Q2OTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvNsM7S8wUGiDlAUMEgiSsu4wfnJB
L+xe2bIaCVUrqIkdbQSpjCfR9Swrb6mefin69MT7jQGKiyIDXEiv4XQCcMasO+wA
uzEdQTuh5klohSLJVJQjSw4SltFxrfN/kUWlOipKGOHZnBoa+IWVoZwoWtbh7P5F
+3Ka6binmIFhXqhdI2Euufus9eZsx1676xoXF6rpEt6OnsE6GD4cgub4KLoTZQ8m
1F+r1Xh1pwvi843+xzC3ReoPhNTrD1zySZt2DGYQgU2KJR+J/z8tXMy9l54zdaR9
W9WTnyga0Bl/T8TfXwA07NlNtU8J52KX/pLb8wpJKh31qa0r4XgjP/G2MQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCaxQmdZREeVXvrYgnhoBbkWfWkOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvSnJGQ1oxbEVSNVZlLXRpQ2VHZ0Z1Ulo5YVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAaA
MA0GCSqGSIb3DQEBCwUAA4IBAQCkeNcS+BtcBY+1yBfLf/i1LHc1dbwbVkYPNU5E
m4VGC0XPmNIdGJGEHBmqwuEmn67nRXC/kgnnaniZtngvGAHoQF//l5gpx3S9I521
EMz6uZ1EJ7YZpkIWssOu3L3rNVOuEiJPT14FWVUuZg+hwSHYjWn3NZ+j8V3pwrOs
nyqMuPYD9Ey6A3XpJmGRk3Ve7p9oMfaIYzPnWLa9q2N7YWyXSZ4XxAN54Y8LDVnF
sex7CaR1sNMEL0dZmurLa8BbzdcuSk9vOw3ruHFAh1qmnyXSo9u4NLko7idRk8zt
Kpv7+quiWAFK8wJBuUzHm7OjVhLfk1LbWM+I3Cljw9fghnYj
-----END CERTIFICATE-----