Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RW6hGiFU2aHItYq7v-mhQ9bhpBU.roa
File:                     RW6hGiFU2aHItYq7v-mhQ9bhpBU.roa (raw, json)
Hash identifier:          pIvhgJUuxXen9mbix2Kq0LiVpzAWjsulGeDnEkJsyGQ=
Subject key identifier:   45:6E:A1:1A:21:54:D9:A1:C8:B5:8A:BB:BF:E9:A1:43:D6:E1:A4:15
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD4085D2F4991F6F44F0F6F5420535
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RW6hGiFU2aHItYq7v-mhQ9bhpBU.roa
Signing time:             Tue 02 Jan 2024 10:34:32 +0000
ROA not before:           Tue 02 Jan 2024 10:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212154
IP address blocks:        2a0e:b107:1c00::/48 maxlen: 48
                          2a0e:b107:1c0f::/48 maxlen: 48
                          2a0e:b107:1c0e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:40:85:d2:f4:99:1f:6f:44:f0:f6:f5:42:05:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=456ea11a2154d9a1c8b58abbbfe9a143d6e1a415
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3c:e6:01:da:14:aa:94:13:a3:0e:b1:f8:9b:
                    18:10:28:36:50:58:6d:8e:94:38:94:db:00:d8:de:
                    10:13:61:2f:63:10:50:ec:59:18:11:d0:7e:b4:15:
                    d8:70:9e:8e:9d:d6:af:1a:b8:ec:cf:e7:b4:37:c0:
                    fa:92:55:72:40:cc:dd:d1:61:37:ea:3e:b2:49:d2:
                    03:45:24:81:b9:43:aa:d9:6f:d2:bb:b1:43:8a:6c:
                    12:f8:1e:55:91:4e:66:b3:5a:1e:12:1b:63:2b:2e:
                    65:c9:15:7f:b2:c2:fa:11:8b:3e:5b:cc:cc:4a:8e:
                    d4:87:ef:44:0c:20:20:7d:16:3d:7c:fd:df:6f:cc:
                    71:da:9c:35:af:0e:7b:d8:d1:bf:46:f2:9d:a1:14:
                    df:2f:e7:ca:4d:2c:09:db:66:ad:5d:86:7e:d9:7e:
                    de:57:21:3c:62:db:4b:b9:31:67:e7:6d:7a:c7:4f:
                    12:1a:27:e1:a1:f7:19:93:6b:28:d6:f4:7a:12:e9:
                    b2:e2:74:d8:ed:9f:48:91:ee:19:17:98:8f:b0:bb:
                    5c:b3:3e:1f:66:f6:24:f8:60:c5:b6:1f:af:8b:17:
                    72:15:cf:c8:ac:c1:b0:97:f5:2f:96:8b:d2:30:68:
                    c8:70:d3:37:76:0f:df:ee:56:3a:4a:5d:7d:d1:d3:
                    ec:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:6E:A1:1A:21:54:D9:A1:C8:B5:8A:BB:BF:E9:A1:43:D6:E1:A4:15
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/RW6hGiFU2aHItYq7v-mhQ9bhpBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1c00::/48
                  2a0e:b107:1c0e::/47

    Signature Algorithm: sha256WithRSAEncryption
         42:7f:fc:5b:dc:d2:1e:ce:cf:06:a1:5b:8f:c0:5d:a0:98:58:
         7d:e4:d2:f0:7b:b4:4f:9f:51:e8:cb:d5:02:61:e2:f8:fd:ca:
         d7:f9:a2:49:72:f5:d6:43:1f:05:ff:ff:2e:6d:47:c4:e2:30:
         46:ef:da:c3:66:04:b4:72:1e:eb:40:a6:b5:1c:c7:37:cc:c6:
         01:56:1c:24:9e:52:f8:55:41:7a:ae:c1:4d:7b:05:5f:55:37:
         67:5d:b2:bd:c6:5f:ff:9f:04:92:c0:c1:8c:96:16:24:71:1b:
         34:ce:31:a9:df:d0:6a:74:de:2a:20:8b:e9:ce:13:05:5c:e3:
         fc:49:39:34:51:b0:8e:25:fe:5c:73:08:7c:07:86:58:fc:9b:
         e9:bb:48:c4:e8:e8:fc:68:b7:3a:2f:01:c8:d1:a0:71:42:c5:
         30:c8:d4:d1:fd:1b:67:7b:34:59:6d:11:2c:44:b1:5f:00:02:
         84:70:21:9c:a2:51:14:38:d9:76:a0:9e:77:55:45:6e:fe:2c:
         1f:de:23:95:4b:8c:b5:7a:94:93:b2:9d:96:07:aa:91:d5:ba:
         90:28:c3:1f:71:2e:23:1e:2a:81:26:1b:06:91:18:b3:a1:b2:
         d6:f1:8d:7a:d0:e0:ad:f9:e8:b0:49:f0:c4:a1:15:2d:00:22:
         e1:7c:18:9e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvUCF0vSZH29E8Pb1QgU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTZlYTExYTIxNTRkOWExYzhiNThhYmJiZmU5YTE0M2Q2ZTFhNDE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTzmAdoUqpQTow6x+JsYECg2UFht
jpQ4lNsA2N4QE2EvYxBQ7FkYEdB+tBXYcJ6OndavGrjsz+e0N8D6klVyQMzd0WE3
6j6ySdIDRSSBuUOq2W/Su7FDimwS+B5VkU5ms1oeEhtjKy5lyRV/ssL6EYs+W8zM
So7Uh+9EDCAgfRY9fP3fb8xx2pw1rw572NG/RvKdoRTfL+fKTSwJ22atXYZ+2X7e
VyE8YttLuTFn5216x08SGifhofcZk2so1vR6Eumy4nTY7Z9Ike4ZF5iPsLtcsz4f
ZvYk+GDFth+vixdyFc/IrMGwl/UvlovSMGjIcNM3dg/f7lY6Sl190dPsxQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEVuoRohVNmhyLWKu7/poUPW4aQVMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUlc2aEdpRlUyYUhJdFlxN3YtbWhROWJocEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBxwA
AwcBKg6xBxwOMA0GCSqGSIb3DQEBCwUAA4IBAQBCf/xb3NIezs8GoVuPwF2gmFh9
5NLwe7RPn1Hoy9UCYeL4/crX+aJJcvXWQx8F//8ubUfE4jBG79rDZgS0ch7rQKa1
HMc3zMYBVhwknlL4VUF6rsFNewVfVTdnXbK9xl//nwSSwMGMlhYkcRs0zjGp39Bq
dN4qIIvpzhMFXOP8STk0UbCOJf5ccwh8B4ZY/Jvpu0jE6Oj8aLc6LwHI0aBxQsUw
yNTR/RtnezRZbREsRLFfAAKEcCGcolEUONl2oJ53VUVu/iwf3iOVS4y1epSTsp2W
B6qR1bqQKMMfcS4jHiqBJhsGkRizobLW8Y160OCt+eiwSfDEoRUtACLhfBie
-----END CERTIFICATE-----