Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UOyst8LJnELlXMxc-9V_8hV-uTA.roa
File:                     UOyst8LJnELlXMxc-9V_8hV-uTA.roa (raw, json)
Hash identifier:          NaMLjomnG9g2qMzVZJ+QJjMF46mw7FbXQjgw0/ZPmAc=
Subject key identifier:   50:EC:AC:B7:C2:C9:9C:42:E5:5C:CC:5C:FB:D5:7F:F2:15:7E:B9:30
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCD58BF7E65F00E31C89085D244101
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UOyst8LJnELlXMxc-9V_8hV-uTA.roa
Signing time:             Tue 02 Jan 2024 10:34:05 +0000
ROA not before:           Tue 02 Jan 2024 10:34:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58133
IP address blocks:        2a10:2f00:123::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:10:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d5:8b:f7:e6:5f:00:e3:1c:89:08:5d:24:41:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=50ecacb7c2c99c42e55ccc5cfbd57ff2157eb930
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:36:62:f3:01:6c:55:5c:73:3f:2b:64:65:a1:
                    4a:64:e0:dd:f1:bc:e0:ca:b6:a9:9e:b1:a9:af:c8:
                    05:b5:28:a3:3d:62:bd:08:2e:9f:d1:33:dc:1f:98:
                    8a:3d:af:f6:71:40:7b:6b:21:49:57:d5:a1:0d:15:
                    d4:37:f4:86:3c:13:b7:e9:dc:14:71:bb:05:1f:c8:
                    bd:2a:f0:4f:dd:0d:41:0c:c8:bb:94:54:8a:8e:8d:
                    7a:fe:a6:48:d9:a6:47:46:00:1f:62:cd:de:62:5a:
                    ff:f0:8f:52:27:25:34:46:c6:4c:f3:94:1c:ba:0c:
                    d4:46:a1:b0:46:60:62:c5:13:0a:c2:b0:f5:a4:2b:
                    df:62:3e:81:57:7e:1f:75:ba:8c:ae:5c:f8:6e:ca:
                    14:91:dc:6b:83:b8:4f:e0:93:eb:ee:82:ce:00:27:
                    a8:fe:9b:24:59:86:88:4e:2c:b4:b8:a4:5d:18:47:
                    9e:ed:a3:e1:09:df:d4:aa:a0:47:77:b2:f7:0e:4a:
                    73:fb:8f:19:45:49:b7:c0:50:a5:6b:24:c6:ca:6e:
                    16:6e:81:7e:d0:88:0f:b6:5d:ab:06:f5:9f:45:87:
                    fb:53:f3:f3:a0:41:74:68:1c:63:24:02:7e:7b:99:
                    fd:ee:8f:73:c8:cc:29:67:68:ca:21:9d:0a:00:59:
                    eb:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:EC:AC:B7:C2:C9:9C:42:E5:5C:CC:5C:FB:D5:7F:F2:15:7E:B9:30
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/UOyst8LJnELlXMxc-9V_8hV-uTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:123::/48

    Signature Algorithm: sha256WithRSAEncryption
         aa:1d:a3:0f:24:fa:ae:bc:d1:d1:c8:91:0d:b3:b4:46:3b:62:
         b4:d2:46:f4:fe:74:d9:84:df:ed:8d:bd:f4:24:32:3a:9c:cc:
         51:47:23:3d:4d:ce:b8:d8:e8:71:3a:91:82:56:25:72:36:2f:
         99:a8:7f:46:28:71:fd:57:fe:f5:1a:8b:97:81:f0:79:28:5f:
         be:71:78:d4:02:4b:5d:c5:df:7e:2b:01:06:97:1e:94:42:b5:
         bc:65:bf:8e:44:46:ab:98:ae:22:cb:c0:57:b3:e5:62:56:dd:
         14:f6:cf:bb:59:22:f1:cb:39:51:38:bd:f8:41:ba:f4:b6:d3:
         c5:1e:b0:19:cc:d8:6c:3b:47:3d:7f:20:1d:b0:f9:64:0c:56:
         29:b7:bc:50:c1:b0:8d:ed:93:0e:5b:22:66:ca:cc:67:ac:86:
         ac:4a:ca:28:19:55:42:de:12:5d:41:d6:bf:5b:2b:82:fd:cb:
         ec:f8:75:5e:68:8a:46:aa:d5:53:4a:a2:c7:fd:2b:c3:2e:cf:
         cd:6e:72:32:a2:68:b3:56:20:a4:61:0e:19:3b:0a:e6:d3:7b:
         3a:c7:97:da:61:cd:05:94:6c:ba:d7:d9:99:39:4b:92:1a:82:
         83:e5:5e:f1:45:03:e7:64:d9:3f:db:69:8a:22:2d:af:47:cb:
         f9:1f:18:03
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvNWL9+ZfAOMciQhdJEEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGVjYWNiN2MyYzk5YzQyZTU1Y2NjNWNmYmQ1N2ZmMjE1N2ViOTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjZi8wFsVVxzPytkZaFKZODd8bzg
yrapnrGpr8gFtSijPWK9CC6f0TPcH5iKPa/2cUB7ayFJV9WhDRXUN/SGPBO36dwU
cbsFH8i9KvBP3Q1BDMi7lFSKjo16/qZI2aZHRgAfYs3eYlr/8I9SJyU0RsZM85Qc
ugzURqGwRmBixRMKwrD1pCvfYj6BV34fdbqMrlz4bsoUkdxrg7hP4JPr7oLOACeo
/pskWYaITiy0uKRdGEee7aPhCd/UqqBHd7L3Dkpz+48ZRUm3wFClayTGym4WboF+
0IgPtl2rBvWfRYf7U/PzoEF0aBxjJAJ+e5n97o9zyMwpZ2jKIZ0KAFnrCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFDsrLfCyZxC5VzMXPvVf/IVfrkwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvVU95c3Q4TEpuRUxsWE14Yy05Vl84aFYtdVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAEj
MA0GCSqGSIb3DQEBCwUAA4IBAQCqHaMPJPquvNHRyJENs7RGO2K00kb0/nTZhN/t
jb30JDI6nMxRRyM9Tc642OhxOpGCViVyNi+ZqH9GKHH9V/71GouXgfB5KF++cXjU
Aktdxd9+KwEGlx6UQrW8Zb+OREarmK4iy8BXs+ViVt0U9s+7WSLxyzlROL34Qbr0
ttPFHrAZzNhsO0c9fyAdsPlkDFYpt7xQwbCN7ZMOWyJmysxnrIasSsooGVVC3hJd
Qda/WyuC/cvs+HVeaIpGqtVTSqLH/SvDLs/NbnIyomizViCkYQ4ZOwrm03s6x5fa
Yc0FlGy619mZOUuSGoKD5V7xRQPnZNk/22mKIi2vR8v5HxgD
-----END CERTIFICATE-----