Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OmgMloWJkeVbh0QbqEaS2-rUrSY.roa
File:                     OmgMloWJkeVbh0QbqEaS2-rUrSY.roa (raw, json)
Hash identifier:          aOoMparYUmiOUv/Y7WQTSG3fOnb/oMmYXtB/3hHfq/M=
Subject key identifier:   3A:68:0C:96:85:89:91:E5:5B:87:44:1B:A8:46:92:DB:EA:D4:AD:26
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252222EA6C1874A16D49422EDE5C27B1
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OmgMloWJkeVbh0QbqEaS2-rUrSY.roa
Signing time:             Thu 02 Jan 2025 03:49:41 +0000
ROA not before:           Thu 02 Jan 2025 03:49:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206290
IP address blocks:        2a0e:97c0:a20::/48 maxlen: 48
                          2a0e:97c0:a21::/48 maxlen: 48
                          2a0e:97c0:a22::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:22:ea:6c:18:74:a1:6d:49:42:2e:de:5c:27:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a680c96858991e55b87441ba84692dbead4ad26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:88:1c:a3:8c:85:59:d1:62:fa:26:0b:22:3f:
                    7e:1a:da:34:87:6e:a4:27:b4:5f:4d:8c:2d:24:be:
                    f7:43:99:3a:70:d9:77:54:c8:1e:68:0e:52:c7:18:
                    6e:6e:18:49:d9:a3:6b:f3:65:28:3e:40:7f:cb:a8:
                    ba:e1:41:da:7d:39:fe:10:a1:37:4c:b4:1f:47:24:
                    45:38:cd:b2:27:ed:ca:6f:97:f3:01:6b:54:8e:cd:
                    2c:51:28:83:42:77:4d:77:bd:4c:f5:66:be:9c:7e:
                    13:e4:79:2f:61:f0:1e:d5:f1:ef:37:f0:98:d4:7d:
                    68:5d:d8:64:4d:0b:d5:c3:51:72:b6:58:03:57:ca:
                    20:b7:c3:6c:b9:e0:3b:51:f0:a0:76:c4:81:b0:be:
                    c0:7a:53:4f:dd:b2:0c:02:fd:37:a5:89:27:87:c1:
                    28:30:75:78:2a:53:59:e4:8f:e7:b3:8e:44:cb:bb:
                    1b:39:64:d1:14:05:b3:0a:d7:12:2f:02:4b:c5:32:
                    5d:6e:34:bf:5a:60:47:15:97:02:6a:20:fe:ff:8a:
                    61:07:29:db:13:99:e3:42:a9:fe:8a:31:cb:2b:b5:
                    17:85:00:20:72:d2:65:be:fc:54:8e:e5:8d:d5:6d:
                    2c:c6:91:57:60:f4:b7:63:9b:9f:91:1d:1f:ee:07:
                    1d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:68:0C:96:85:89:91:E5:5B:87:44:1B:A8:46:92:DB:EA:D4:AD:26
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/OmgMloWJkeVbh0QbqEaS2-rUrSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:a20::-2a0e:97c0:a22:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         74:84:55:5c:73:7e:a3:d2:7d:1e:a5:a7:b9:7d:4b:7f:e7:8d:
         f3:f2:3f:3f:f3:1f:e7:99:59:57:b7:b1:5f:6f:0d:4e:2a:14:
         3d:db:a5:61:67:aa:15:39:4d:1f:bc:66:3a:95:53:3c:1b:b3:
         4a:e2:d8:11:3c:35:5d:b0:0a:95:21:12:8e:fa:90:b2:51:66:
         7b:f2:20:75:1b:ee:4a:69:3a:c9:3a:eb:de:3b:f1:97:b6:71:
         e6:7c:6c:b7:71:a4:40:f4:38:7f:ea:08:9f:22:a0:3e:84:f4:
         01:dc:d8:d5:62:f7:cc:9d:bc:12:6f:11:da:f1:55:d9:6f:af:
         40:64:74:25:c5:d4:95:0d:e1:33:47:10:d3:49:c3:fe:32:97:
         94:30:c6:4e:43:5b:c6:06:10:89:f7:14:f6:fe:a9:58:ea:fc:
         6a:e4:f1:e5:23:fe:3b:fe:41:76:e6:49:3c:4e:f9:6b:fe:4d:
         a6:aa:12:4b:48:b1:b5:1f:e2:d8:db:c0:27:61:81:e0:47:d9:
         e0:17:76:0f:8d:d8:5b:f5:b0:07:b5:39:39:35:6d:f9:b0:b3:
         3c:5d:3a:82:9d:78:20:0a:e7:1a:d2:e5:b0:c3:79:c9:6d:e1:
         32:d8:98:8c:a7:4f:31:84:22:1c:a3:1c:d2:22:a9:9b:0a:a5:
         3e:d4:58:65
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQlIiLqbBh0oW1JQi7eXCexMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTY4MGM5Njg1ODk5MWU1NWI4NzQ0MWJhODQ2OTJkYmVhZDRhZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4gco4yFWdFi+iYLIj9+Gto0h26k
J7RfTYwtJL73Q5k6cNl3VMgeaA5SxxhubhhJ2aNr82UoPkB/y6i64UHafTn+EKE3
TLQfRyRFOM2yJ+3Kb5fzAWtUjs0sUSiDQndNd71M9Wa+nH4T5HkvYfAe1fHvN/CY
1H1oXdhkTQvVw1FytlgDV8ogt8NsueA7UfCgdsSBsL7AelNP3bIMAv03pYknh8Eo
MHV4KlNZ5I/ns45Ey7sbOWTRFAWzCtcSLwJLxTJdbjS/WmBHFZcCaiD+/4phBynb
E5njQqn+ijHLK7UXhQAgctJlvvxUjuWN1W0sxpFXYPS3Y5ufkR0f7gcdFwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDpoDJaFiZHlW4dEG6hGktvq1K0mMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT21nTWxvV0prZVZiaDBRYnFFYVMyLXJVclNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwUqDpfA
CiADBwAqDpfACiIwDQYJKoZIhvcNAQELBQADggEBAHSEVVxzfqPSfR6lp7l9S3/n
jfPyPz/zH+eZWVe3sV9vDU4qFD3bpWFnqhU5TR+8ZjqVUzwbs0ri2BE8NV2wCpUh
Eo76kLJRZnvyIHUb7kppOsk669478Ze2ceZ8bLdxpED0OH/qCJ8ioD6E9AHc2NVi
98ydvBJvEdrxVdlvr0BkdCXF1JUN4TNHENNJw/4yl5Qwxk5DW8YGEIn3FPb+qVjq
/Grk8eUj/jv+QXbmSTxO+Wv+TaaqEktIsbUf4tjbwCdhgeBH2eAXdg+N2Fv1sAe1
OTk1bfmwszxdOoKdeCAK5xrS5bDDeclt4TLYmIynTzGEIhyjHNIiqZsKpT7UWGU=
-----END CERTIFICATE-----