Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TKcGfNDvkho3ji7ihmumeGbmoso.roa
File:                     TKcGfNDvkho3ji7ihmumeGbmoso.roa (raw, json)
Hash identifier:          cvNG6ZKKy9GEr7zkAq608M77QRBKV/tYhmclgQBmSQA=
Subject key identifier:   4C:A7:06:7C:D0:EF:92:1A:37:8E:2E:E2:86:6B:A6:78:66:E6:A2:CA
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425225A508C38E9B5C424FED5914CA9A8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TKcGfNDvkho3ji7ihmumeGbmoso.roa
Signing time:             Thu 02 Jan 2025 03:49:55 +0000
ROA not before:           Thu 02 Jan 2025 03:49:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212154
IP address blocks:        2a0e:b107:1c00::/48 maxlen: 48
                          2a0e:b107:1c0e::/48 maxlen: 48
                          2a0e:b107:1c0f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:5a:50:8c:38:e9:b5:c4:24:fe:d5:91:4c:a9:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ca7067cd0ef921a378e2ee2866ba67866e6a2ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4f:7f:07:91:13:4d:1f:8c:38:34:cf:b6:fe:
                    c6:df:75:4c:a1:71:b1:f2:08:ec:65:27:69:54:c4:
                    cd:33:87:b6:17:ac:a9:77:5b:4a:61:1e:14:1c:80:
                    a5:07:16:c2:fc:37:e1:94:04:92:b2:4d:08:bc:8f:
                    09:eb:3b:70:cc:fd:a0:b9:42:b5:0e:72:53:cc:86:
                    b3:18:c0:6a:e8:e2:4f:07:ff:72:d5:d8:b3:e6:a7:
                    5e:c2:e8:af:dd:8e:e0:d7:b7:a5:ee:f2:e9:64:dc:
                    fd:32:77:fb:e4:fb:c2:e5:c3:e2:8b:ac:ad:ed:df:
                    d3:1a:0c:a5:0f:9f:a8:a6:b1:03:de:2d:68:05:60:
                    08:ce:e3:61:63:4e:ea:76:f5:eb:ce:a8:ac:34:f2:
                    15:d1:d6:f3:02:79:fe:dc:59:a9:d9:88:15:4e:4d:
                    ca:40:9d:bf:62:ee:0b:90:51:f5:04:48:ef:cc:c7:
                    d5:2b:7e:41:b7:1e:2f:f8:8e:21:44:89:00:f4:44:
                    35:62:3f:a0:0a:a0:03:64:e6:c0:e3:4c:68:91:f6:
                    9d:35:a7:13:72:0a:e0:dc:e4:7e:ef:19:24:a0:42:
                    b4:e9:81:fd:5a:a3:80:9d:0a:65:1b:b0:8a:ec:61:
                    ee:23:07:ae:84:02:c9:45:fa:22:7f:56:6b:ed:c2:
                    b2:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:A7:06:7C:D0:EF:92:1A:37:8E:2E:E2:86:6B:A6:78:66:E6:A2:CA
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/TKcGfNDvkho3ji7ihmumeGbmoso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1c00::/48
                  2a0e:b107:1c0e::/47

    Signature Algorithm: sha256WithRSAEncryption
         b5:04:2c:2d:74:09:dd:e7:da:99:82:b7:10:db:8b:ee:68:40:
         c0:2a:85:cd:3e:fc:26:35:39:74:25:75:f0:08:ff:16:72:d2:
         b0:c6:b2:77:3f:dd:17:7a:5a:c1:f2:c5:48:9c:73:be:f8:e9:
         73:80:93:f4:91:c4:f0:1b:17:bc:40:3c:cd:9a:d7:3b:1c:42:
         d8:78:1c:a4:83:38:68:60:b5:61:20:e9:bd:a0:5d:e2:bd:77:
         a7:17:6d:53:fe:4d:b0:da:56:13:87:73:2a:ba:8b:b2:dc:21:
         60:04:b7:f3:33:d2:9e:c9:a5:8a:9b:38:d8:27:92:37:a2:cc:
         0d:84:16:3f:68:71:39:b7:43:87:53:6c:2c:08:c7:1e:80:55:
         c1:1b:81:51:43:fa:5d:e8:9a:eb:77:ad:ac:9a:d3:4b:0b:b8:
         45:90:52:bb:7f:f1:48:69:f4:95:31:79:6e:2f:f6:f5:40:0d:
         66:80:b4:08:7d:76:0e:14:35:ae:68:da:87:a8:f0:30:10:ee:
         de:d6:d6:3f:0f:a9:3c:44:64:bc:aa:41:fd:06:09:74:33:2f:
         37:f3:80:3c:d8:45:65:36:7b:ef:bc:48:da:57:84:ef:f7:32:
         5e:c1:24:b7:23:32:0e:53:0c:9b:36:01:cb:8d:c2:1c:d5:3e:
         b0:37:83:1f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIlpQjDjptcQk/tWRTKmoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2E3MDY3Y2QwZWY5MjFhMzc4ZTJlZTI4NjZiYTY3ODY2ZTZhMmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE9/B5ETTR+MODTPtv7G33VMoXGx
8gjsZSdpVMTNM4e2F6ypd1tKYR4UHIClBxbC/DfhlASSsk0IvI8J6ztwzP2guUK1
DnJTzIazGMBq6OJPB/9y1diz5qdewuiv3Y7g17el7vLpZNz9Mnf75PvC5cPii6yt
7d/TGgylD5+oprED3i1oBWAIzuNhY07qdvXrzqisNPIV0dbzAnn+3Fmp2YgVTk3K
QJ2/Yu4LkFH1BEjvzMfVK35Btx4v+I4hRIkA9EQ1Yj+gCqADZObA40xokfadNacT
cgrg3OR+7xkkoEK06YH9WqOAnQplG7CK7GHuIweuhALJRfoif1Zr7cKyHQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEynBnzQ75IaN44u4oZrpnhm5qLKMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVEtjR2ZORHZraG8zamk3aWhtdW1lR2Jtb3NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg6xBxwA
AwcBKg6xBxwOMA0GCSqGSIb3DQEBCwUAA4IBAQC1BCwtdAnd59qZgrcQ24vuaEDA
KoXNPvwmNTl0JXXwCP8WctKwxrJ3P90XelrB8sVInHO++OlzgJP0kcTwGxe8QDzN
mtc7HELYeBykgzhoYLVhIOm9oF3ivXenF21T/k2w2lYTh3Mquouy3CFgBLfzM9Ke
yaWKmzjYJ5I3oswNhBY/aHE5t0OHU2wsCMcegFXBG4FRQ/pd6Jrrd62smtNLC7hF
kFK7f/FIafSVMXluL/b1QA1mgLQIfXYOFDWuaNqHqPAwEO7e1tY/D6k8RGS8qkH9
Bgl0My8384A82EVlNnvvvEjaV4Tv9zJewSS3IzIOUwybNgHLjcIc1T6wN4Mf
-----END CERTIFICATE-----