Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ood29xFNabufS0MiC2ue8CFyD80.roa
File:                     Ood29xFNabufS0MiC2ue8CFyD80.roa (raw, json)
Hash identifier:          1R69ZEYlvpdB5cciAJmrktcQGkZkhTsDnvS/sLEZ9Ic=
Subject key identifier:   3A:87:76:F7:11:4D:69:BB:9F:4B:43:22:0B:6B:9E:F0:21:72:0F:CD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD32F6E85AC5AC2D81A08F48D382AC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ood29xFNabufS0MiC2ue8CFyD80.roa
Signing time:             Tue 02 Jan 2024 10:34:28 +0000
ROA not before:           Tue 02 Jan 2024 10:34:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211242
IP address blocks:        2a0e:b107:13c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:32:f6:e8:5a:c5:ac:2d:81:a0:8f:48:d3:82:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a8776f7114d69bb9f4b43220b6b9ef021720fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:c0:9f:88:a9:67:ec:bb:fe:0c:e2:ef:9a:59:
                    c7:f5:f9:d5:1c:26:5d:f4:49:29:ad:06:03:81:d5:
                    c5:e8:93:6c:01:a8:4a:41:e0:10:91:aa:a6:27:c1:
                    3b:0f:2e:b7:c2:b2:92:b1:67:c3:fd:ec:a1:f5:29:
                    eb:fe:cf:2e:42:f8:15:1b:a4:5e:5c:dc:0e:23:3d:
                    fe:dc:f6:ec:55:0d:ff:4e:84:a1:5a:5e:ca:18:f1:
                    ab:8d:88:29:44:85:0e:bc:b7:db:1e:bb:af:cb:63:
                    55:a3:7b:14:37:f9:13:9d:c9:d5:e1:33:c2:2d:15:
                    2c:3f:70:a6:70:8c:74:05:4e:16:82:35:99:f4:59:
                    0e:ba:1b:be:57:e7:bf:e7:3e:a7:d3:95:99:ff:0f:
                    1d:da:da:8e:c4:3d:c2:1c:04:c8:dd:e1:79:ea:1d:
                    19:a9:84:2b:d4:62:eb:5a:50:06:23:d0:41:ef:34:
                    1c:94:e3:c8:1f:67:a5:1f:6c:8d:6f:79:51:0f:ab:
                    b1:fd:9d:37:95:0d:bb:6f:32:0d:8f:13:34:e1:34:
                    14:9c:5e:ef:a3:ac:6c:1f:cd:1a:02:c1:42:2e:42:
                    90:15:17:cc:35:af:88:28:e3:69:32:db:6f:ae:50:
                    fd:84:c8:96:12:70:30:ce:c9:48:de:d4:a3:cc:56:
                    14:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:87:76:F7:11:4D:69:BB:9F:4B:43:22:0B:6B:9E:F0:21:72:0F:CD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Ood29xFNabufS0MiC2ue8CFyD80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:13c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         14:48:93:fd:99:e2:7f:7f:e5:72:e2:3e:6e:77:41:c7:c1:03:
         72:12:67:17:c6:01:46:b8:31:6b:6a:4f:51:53:f4:39:ba:26:
         72:b2:72:6b:95:0f:b8:cb:21:c5:6f:f4:c0:1e:e4:0d:91:b9:
         76:38:63:6f:8f:75:0e:52:12:1f:e0:4f:97:02:ab:7e:e8:17:
         8a:c4:e5:a1:ee:8e:07:78:85:0a:aa:d3:6f:61:9a:57:10:c8:
         4f:3b:48:dd:17:54:85:52:43:41:68:52:01:62:97:a7:2f:73:
         d9:b8:a6:83:3b:c9:4f:be:41:79:dc:b1:98:4d:dc:b4:88:1b:
         46:fb:95:1e:bc:89:57:05:51:a6:ae:d6:1e:be:ae:a5:80:b1:
         e5:9b:90:f3:2d:c2:60:96:23:ce:34:d9:be:f3:c4:06:5a:26:
         6a:d0:25:24:e0:85:00:bb:5b:2c:c8:d5:63:19:61:7a:90:5b:
         fc:a6:4a:e0:2d:56:b7:e3:ea:99:03:ef:c3:53:ce:71:de:a3:
         65:d0:10:fd:30:a5:1e:92:7a:71:00:90:a0:11:6f:86:76:ee:
         d0:15:3a:6f:58:e3:52:ca:db:eb:9a:87:72:87:2c:ef:f7:b3:
         06:63:f1:fb:fe:c4:b2:28:64:67:5b:a8:2e:3e:9c:2d:99:b7:
         d5:8a:ab:18
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvTL26FrFrC2BoI9I04KsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTg3NzZmNzExNGQ2OWJiOWY0YjQzMjIwYjZiOWVmMDIxNzIwZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg8CfiKln7Lv+DOLvmlnH9fnVHCZd
9EkprQYDgdXF6JNsAahKQeAQkaqmJ8E7Dy63wrKSsWfD/eyh9Snr/s8uQvgVG6Re
XNwOIz3+3PbsVQ3/ToShWl7KGPGrjYgpRIUOvLfbHruvy2NVo3sUN/kTncnV4TPC
LRUsP3CmcIx0BU4WgjWZ9FkOuhu+V+e/5z6n05WZ/w8d2tqOxD3CHATI3eF56h0Z
qYQr1GLrWlAGI9BB7zQclOPIH2elH2yNb3lRD6ux/Z03lQ27bzINjxM04TQUnF7v
o6xsH80aAsFCLkKQFRfMNa+IKONpMttvrlD9hMiWEnAwzslI3tSjzFYUvwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDqHdvcRTWm7n0tDIgtrnvAhcg/NMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvT29kMjl4Rk5hYnVmUzBNaUMydWU4Q0Z5RDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxPA
MA0GCSqGSIb3DQEBCwUAA4IBAQAUSJP9meJ/f+Vy4j5ud0HHwQNyEmcXxgFGuDFr
ak9RU/Q5uiZysnJrlQ+4yyHFb/TAHuQNkbl2OGNvj3UOUhIf4E+XAqt+6BeKxOWh
7o4HeIUKqtNvYZpXEMhPO0jdF1SFUkNBaFIBYpenL3PZuKaDO8lPvkF53LGYTdy0
iBtG+5UevIlXBVGmrtYevq6lgLHlm5DzLcJgliPONNm+88QGWiZq0CUk4IUAu1ss
yNVjGWF6kFv8pkrgLVa34+qZA+/DU85x3qNl0BD9MKUeknpxAJCgEW+Gdu7QFTpv
WONSytvrmodyhyzv97MGY/H7/sSyKGRnW6guPpwtmbfViqsY
-----END CERTIFICATE-----