Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OkbDqOtIl_1BY2H-SDzDJulBxs4.roa
File:                     OkbDqOtIl_1BY2H-SDzDJulBxs4.roa (raw, json)
Hash identifier:          bJvz63GKlw8oI4fGGH4EiT39BCFdRai0umy0nqwsCEY=
Subject key identifier:   3A:46:C3:A8:EB:48:97:FD:41:63:61:FE:48:3C:C3:26:E9:41:C6:CE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521FB2BC9CCD3233E00DB01D9BFFF9F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OkbDqOtIl_1BY2H-SDzDJulBxs4.roa
Signing time:             Thu 02 Jan 2025 03:49:31 +0000
ROA not before:           Thu 02 Jan 2025 03:49:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199467
IP address blocks:        2a0e:b107:1f50::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:fb:2b:c9:cc:d3:23:3e:00:db:01:d9:bf:ff:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a46c3a8eb4897fd416361fe483cc326e941c6ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:93:57:80:34:9c:ad:28:3d:f3:fd:99:e6:4f:
                    b2:b7:57:9e:4e:4a:d4:26:40:f2:a2:49:56:b7:40:
                    e6:bd:b4:d4:69:8e:d5:03:41:77:ec:a9:90:f7:89:
                    e7:7f:a8:31:fd:45:56:da:7b:45:0a:b4:3a:29:ef:
                    99:7e:d3:0b:62:22:62:22:90:70:37:23:7b:2b:de:
                    48:a5:36:60:5e:3a:eb:92:16:e8:26:3e:4b:ef:09:
                    2a:16:f0:ae:24:71:e6:d9:c7:11:22:8f:9d:fd:d4:
                    07:9a:4b:4a:b7:8b:86:37:af:7d:45:13:63:4f:0c:
                    a2:e5:0a:72:82:5e:e0:6f:07:e7:1b:b8:d5:dd:ac:
                    c9:5d:08:5a:58:02:91:b9:84:a7:60:52:02:8a:8a:
                    0a:9b:09:85:c2:cb:a4:3e:c8:79:45:3e:88:bc:34:
                    ef:fc:11:b0:64:27:fd:a3:b8:51:ed:d5:1f:d0:7f:
                    97:78:bf:0d:12:9f:b9:01:b1:ab:0b:81:1a:af:cc:
                    ed:fb:83:6d:13:62:34:05:f1:ab:7c:a1:b2:c0:3f:
                    0d:05:e0:12:1d:17:a6:32:40:51:0d:b0:d3:34:d6:
                    5d:2e:69:db:e3:5e:f7:22:3b:90:1e:a3:c4:d7:14:
                    99:72:1a:cc:aa:e4:e2:03:e5:1c:55:80:87:c5:f6:
                    64:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:46:C3:A8:EB:48:97:FD:41:63:61:FE:48:3C:C3:26:E9:41:C6:CE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OkbDqOtIl_1BY2H-SDzDJulBxs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1f50::/44

    Signature Algorithm: sha256WithRSAEncryption
         8a:46:95:07:49:f7:11:39:a1:77:a1:72:43:65:e0:f8:5d:a6:
         89:7f:bb:f3:c8:5e:e2:04:32:03:0a:8e:27:bd:db:14:23:7c:
         d9:c1:ec:c4:61:ff:ac:66:06:d9:50:bd:ad:53:b3:a6:ae:77:
         e1:69:95:ab:fb:ff:ac:a9:aa:a2:f3:07:32:a8:0b:73:ea:77:
         e2:5b:76:fc:18:bb:53:ce:36:ca:e8:96:a4:af:bc:76:8d:9b:
         68:47:24:a2:0b:d8:8c:aa:0a:d0:52:58:21:c2:af:cf:fd:5f:
         80:dd:76:ba:60:f2:a8:35:75:58:67:0e:e2:2c:92:11:91:42:
         0d:cd:01:cb:83:9d:75:f4:cb:8b:48:31:25:28:f3:a6:79:4e:
         cf:3c:69:9a:59:dc:f8:4c:d0:59:d3:3d:c2:a9:fc:1b:46:c7:
         43:fe:04:7e:5b:a3:e2:48:3a:ec:41:1f:03:9b:fc:3e:8f:a0:
         a8:b9:1d:b5:4c:8c:05:fa:cf:c9:4d:96:fa:62:04:d6:f9:51:
         e6:e3:1c:5b:61:86:a2:71:5c:a1:f2:52:f3:3b:ad:b0:3b:b8:
         0d:99:f8:ef:fc:dc:75:67:9d:bb:fd:2e:66:3c:85:a7:51:97:
         57:14:fc:11:65:91:f8:94:db:a3:71:d3:82:ed:5b:be:3c:84:
         f8:22:a4:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIfsryczTIz4A2wHZv/+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTQ2YzNhOGViNDg5N2ZkNDE2MzYxZmU0ODNjYzMyNmU5NDFjNmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JNXgDScrSg98/2Z5k+yt1eeTkrU
JkDyoklWt0DmvbTUaY7VA0F37KmQ94nnf6gx/UVW2ntFCrQ6Ke+ZftMLYiJiIpBw
NyN7K95IpTZgXjrrkhboJj5L7wkqFvCuJHHm2ccRIo+d/dQHmktKt4uGN699RRNj
Twyi5Qpygl7gbwfnG7jV3azJXQhaWAKRuYSnYFICiooKmwmFwsukPsh5RT6IvDTv
/BGwZCf9o7hR7dUf0H+XeL8NEp+5AbGrC4Ear8zt+4NtE2I0BfGrfKGywD8NBeAS
HRemMkBRDbDTNNZdLmnb4173IjuQHqPE1xSZchrMquTiA+UcVYCHxfZkTwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDpGw6jrSJf9QWNh/kg8wybpQcbOMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT2tiRHFPdElsXzFCWTJILVNEekRKdWxCeHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBx9Q
MA0GCSqGSIb3DQEBCwUAA4IBAQCKRpUHSfcROaF3oXJDZeD4XaaJf7vzyF7iBDID
Co4nvdsUI3zZwezEYf+sZgbZUL2tU7OmrnfhaZWr+/+sqaqi8wcyqAtz6nfiW3b8
GLtTzjbK6Jakr7x2jZtoRySiC9iMqgrQUlghwq/P/V+A3Xa6YPKoNXVYZw7iLJIR
kUINzQHLg5119MuLSDElKPOmeU7PPGmaWdz4TNBZ0z3CqfwbRsdD/gR+W6PiSDrs
QR8Dm/w+j6CouR21TIwF+s/JTZb6YgTW+VHm4xxbYYaicVyh8lLzO62wO7gNmfjv
/Nx1Z527/S5mPIWnUZdXFPwRZZH4lNujcdOC7Vu+PIT4IqQ8
-----END CERTIFICATE-----