Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KOU_Kw70WNSyM-Kuat3h7pjYs84.roa
File:                     KOU_Kw70WNSyM-Kuat3h7pjYs84.roa (raw, json)
Hash identifier:          4iXOitYR6o/dzVCHpfTVixYI+HdZTgzxeTj1uQkJPII=
Subject key identifier:   28:E5:3F:2B:0E:F4:58:D4:B2:33:E2:AE:6A:DD:E1:EE:98:D8:B3:CE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252248194C56AB88210049D8D57F1372
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KOU_Kw70WNSyM-Kuat3h7pjYs84.roa
Signing time:             Thu 02 Jan 2025 03:49:51 +0000
ROA not before:           Thu 02 Jan 2025 03:49:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210965
IP address blocks:        2a0e:b107:1f60::/44 maxlen: 48
                          2a0e:b107:1f60::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:48:19:4c:56:ab:88:21:00:49:d8:d5:7f:13:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28e53f2b0ef458d4b233e2ae6adde1ee98d8b3ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a7:ae:1b:27:3f:20:3f:e8:c3:91:62:03:9b:
                    ad:69:bd:d3:7c:41:31:12:3e:a3:53:ca:a6:b0:45:
                    ba:9e:1b:51:98:93:5b:21:d5:d5:22:3f:a1:0a:b5:
                    13:8b:26:de:aa:e2:c4:7e:01:64:79:3f:e8:43:15:
                    76:ac:6e:7b:af:fc:14:23:10:9c:4b:ae:5a:02:d7:
                    60:3f:79:83:4f:44:60:e5:c0:b5:af:37:5a:f0:85:
                    ec:11:4c:72:16:d4:cf:6a:03:bc:a5:89:21:7d:3d:
                    c1:f1:73:99:c5:8d:c0:70:c4:4b:1d:4e:3e:66:b7:
                    02:6e:35:99:c2:75:c7:a6:ff:2f:f1:78:dc:fa:4e:
                    33:e9:c8:6f:a3:06:b6:b8:ce:22:60:5e:d5:70:83:
                    1a:a0:84:3f:11:4b:49:bd:58:5b:e1:f8:62:e4:27:
                    61:7a:1f:15:9b:81:ae:a7:39:f5:12:ad:aa:7e:16:
                    70:b6:9d:ac:60:5b:ce:50:e3:f2:c6:45:e5:77:4b:
                    71:9d:08:60:03:36:b4:90:32:e1:2d:1b:23:99:59:
                    c9:01:17:bd:70:3c:5f:8a:15:43:eb:e5:09:3d:a9:
                    7e:04:45:78:04:06:0e:c0:90:01:49:cd:e4:cf:05:
                    62:97:98:4b:47:47:89:15:f4:fd:8a:d1:df:ba:a8:
                    b6:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:E5:3F:2B:0E:F4:58:D4:B2:33:E2:AE:6A:DD:E1:EE:98:D8:B3:CE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/KOU_Kw70WNSyM-Kuat3h7pjYs84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1f60::/44

    Signature Algorithm: sha256WithRSAEncryption
         b4:48:65:b1:dc:60:56:6d:11:af:40:de:3c:a2:4c:41:cf:ec:
         29:ac:8d:46:75:94:12:61:60:64:a0:86:3e:3b:11:8b:9b:d9:
         86:d0:6d:81:b3:b9:1f:2d:6a:42:de:5c:60:fa:11:fc:b6:58:
         76:60:76:77:58:aa:cb:c3:b9:c9:5f:13:f7:fe:25:08:76:66:
         e3:0a:e6:90:84:60:51:26:c8:22:44:17:57:aa:3a:a8:fd:44:
         2b:34:31:5e:d0:95:42:16:df:94:7a:5d:40:99:9f:e3:81:b4:
         1f:1b:ab:3f:37:5c:77:85:35:fa:5f:c8:60:c3:08:f9:36:a4:
         d0:ef:5a:3c:02:2d:a6:c7:f6:fd:31:ab:43:3d:31:a9:89:6d:
         ea:bf:ee:2a:9f:cc:26:73:20:9a:28:76:4a:86:ff:e6:45:be:
         f6:ad:c2:b6:c9:94:f5:8c:b7:2a:14:d6:70:0b:47:72:3e:88:
         8a:a9:80:d0:57:72:08:5f:e6:c9:81:54:ae:a9:c1:87:cf:0c:
         79:08:18:a3:a7:4d:a4:eb:b3:2e:0b:d9:38:6a:f6:fd:cd:a2:
         69:f0:5b:5f:23:d5:8e:f3:66:d0:38:8f:3e:82:2b:d4:fa:bb:
         e8:65:bd:14:95:77:50:63:21:80:d6:3e:0f:15:d8:82:c8:10:
         49:cc:b7:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkgZTFariCEASdjVfxNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGU1M2YyYjBlZjQ1OGQ0YjIzM2UyYWU2YWRkZTFlZTk4ZDhiM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqeuGyc/ID/ow5FiA5utab3TfEEx
Ej6jU8qmsEW6nhtRmJNbIdXVIj+hCrUTiybequLEfgFkeT/oQxV2rG57r/wUIxCc
S65aAtdgP3mDT0Rg5cC1rzda8IXsEUxyFtTPagO8pYkhfT3B8XOZxY3AcMRLHU4+
ZrcCbjWZwnXHpv8v8Xjc+k4z6chvowa2uM4iYF7VcIMaoIQ/EUtJvVhb4fhi5Cdh
eh8Vm4Gupzn1Eq2qfhZwtp2sYFvOUOPyxkXld0txnQhgAza0kDLhLRsjmVnJARe9
cDxfihVD6+UJPal+BEV4BAYOwJABSc3kzwVil5hLR0eJFfT9itHfuqi2DwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCjlPysO9FjUsjPirmrd4e6Y2LPOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvS09VX0t3NzBXTlN5TS1LdWF0M2g3cGpZczg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBx9g
MA0GCSqGSIb3DQEBCwUAA4IBAQC0SGWx3GBWbRGvQN48okxBz+wprI1GdZQSYWBk
oIY+OxGLm9mG0G2Bs7kfLWpC3lxg+hH8tlh2YHZ3WKrLw7nJXxP3/iUIdmbjCuaQ
hGBRJsgiRBdXqjqo/UQrNDFe0JVCFt+Uel1AmZ/jgbQfG6s/N1x3hTX6X8hgwwj5
NqTQ71o8Ai2mx/b9MatDPTGpiW3qv+4qn8wmcyCaKHZKhv/mRb72rcK2yZT1jLcq
FNZwC0dyPoiKqYDQV3IIX+bJgVSuqcGHzwx5CBijp02k67MuC9k4avb9zaJp8Ftf
I9WO82bQOI8+givU+rvoZb0UlXdQYyGA1j4PFdiCyBBJzLf5
-----END CERTIFICATE-----