Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WaYQgGq7eRl1Gefbey6v6BIeqd8.roa
File:                     WaYQgGq7eRl1Gefbey6v6BIeqd8.roa (raw, json)
Hash identifier:          FGiwQj/VPKXpkeBRUSp/OES9eosFskBywNn06h84DhE=
Subject key identifier:   59:A6:10:80:6A:BB:79:19:75:19:E7:DB:7B:2E:AF:E8:12:1E:A9:DF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0190E1CA89988175F4A74C05151946433C91
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WaYQgGq7eRl1Gefbey6v6BIeqd8.roa
Signing time:             Tue 23 Jul 2024 22:51:05 +0000
ROA not before:           Tue 23 Jul 2024 22:51:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212516
IP address blocks:        2a0e:97c0:64c::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:e1:ca:89:98:81:75:f4:a7:4c:05:15:19:46:43:3c:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 23 22:51:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=59a610806abb79197519e7db7b2eafe8121ea9df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c0:01:6f:82:b4:b4:50:8b:d6:eb:e0:bb:15:
                    43:93:7a:de:7e:a7:6f:99:e8:15:8a:e7:82:47:85:
                    52:8d:09:24:96:fe:8e:40:82:f0:a5:3f:32:57:8c:
                    be:cf:aa:4f:a8:3c:1c:5c:a1:ff:7d:83:37:4f:87:
                    3f:a0:98:e3:97:45:23:7b:85:d5:d0:2c:f1:3f:59:
                    b0:b9:bc:69:5d:42:94:f1:3a:90:c7:93:0b:89:a2:
                    e7:92:34:c6:ab:76:15:8f:9a:f9:b9:0a:bf:09:1f:
                    84:1f:c2:5f:26:19:04:f4:77:ff:13:00:3a:88:85:
                    4b:6b:0b:bf:7f:eb:e3:4d:de:b2:e2:23:17:62:61:
                    6f:9a:0f:3d:ce:8b:4f:f6:e8:a8:d6:d3:51:e3:19:
                    eb:95:ff:e2:e5:f4:d0:d4:c4:ab:46:2f:45:09:59:
                    ac:f3:1e:73:fd:02:a9:4b:97:82:9c:5d:3d:fa:33:
                    fe:c5:21:4c:be:cc:4f:64:1c:ef:0c:68:4c:f9:66:
                    9f:9b:89:6e:b4:f1:bc:3e:8a:fd:5a:3a:72:c5:7f:
                    17:ce:31:d9:6f:b7:f5:15:a0:1d:3b:7d:37:7c:dc:
                    28:a7:ed:c2:8a:f4:7e:50:24:2c:66:d8:bc:28:39:
                    df:66:65:0c:5d:7b:90:6a:36:82:03:80:b9:2a:cf:
                    4b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:A6:10:80:6A:BB:79:19:75:19:E7:DB:7B:2E:AF:E8:12:1E:A9:DF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/WaYQgGq7eRl1Gefbey6v6BIeqd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:64c::/48

    Signature Algorithm: sha256WithRSAEncryption
         cb:62:2c:9f:06:b0:cc:1d:fe:0c:65:4c:53:ef:48:02:f6:99:
         c9:99:90:08:5b:9b:f1:d1:85:f9:25:d5:c1:b6:34:e7:6d:b8:
         84:e2:7d:cb:be:ce:04:66:00:df:5d:bf:45:de:51:39:2a:27:
         82:a0:0f:3e:b8:24:05:5d:40:7a:91:7c:72:bf:7b:69:a2:4b:
         29:86:99:96:78:ce:ca:ce:9a:40:e2:e0:f6:25:8e:18:b4:1f:
         fd:a7:77:08:ab:2c:e6:13:f7:e9:13:03:a6:da:93:0c:1e:5c:
         23:02:6c:e0:33:5a:ef:f3:34:50:26:87:27:ab:75:23:34:83:
         73:57:71:8e:d5:af:a4:38:0a:a4:d4:04:92:30:77:d5:41:6b:
         0b:99:e6:04:df:45:5d:f7:5c:f4:77:ce:f2:b9:d5:aa:84:d0:
         bb:dd:65:ad:89:74:ed:dc:62:e4:9e:6f:67:ce:a8:43:aa:f0:
         95:aa:30:a7:ad:8f:25:75:4b:de:71:b6:8b:0b:68:e3:2a:1b:
         b3:1c:61:c0:fa:cb:6a:02:28:93:04:5a:63:72:e7:95:b4:57:
         06:80:35:ee:de:2c:6a:5c:f8:e2:d8:97:99:e2:c6:ed:d3:72:
         51:9d:7c:cb:d1:bd:5f:9b:0e:7e:e0:b8:75:6b:0e:c7:69:9e:
         50:6d:94:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDhyomYgXX0p0wFFRlGQzyRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNzIzMjI1MTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OWE2MTA4MDZhYmI3OTE5NzUxOWU3ZGI3YjJlYWZlODEyMWVhOWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMABb4K0tFCL1uvguxVDk3refqdv
megViueCR4VSjQkklv6OQILwpT8yV4y+z6pPqDwcXKH/fYM3T4c/oJjjl0Uje4XV
0CzxP1mwubxpXUKU8TqQx5MLiaLnkjTGq3YVj5r5uQq/CR+EH8JfJhkE9Hf/EwA6
iIVLawu/f+vjTd6y4iMXYmFvmg89zotP9uio1tNR4xnrlf/i5fTQ1MSrRi9FCVms
8x5z/QKpS5eCnF09+jP+xSFMvsxPZBzvDGhM+Wafm4lutPG8Por9WjpyxX8XzjHZ
b7f1FaAdO303fNwop+3CivR+UCQsZti8KDnfZmUMXXuQajaCA4C5Ks9LRQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFmmEIBqu3kZdRnn23sur+gSHqnfMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvV2FZUWdHcTdlUmwxR2VmYmV5NnY2QkllcWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwAZM
MA0GCSqGSIb3DQEBCwUAA4IBAQDLYiyfBrDMHf4MZUxT70gC9pnJmZAIW5vx0YX5
JdXBtjTnbbiE4n3Lvs4EZgDfXb9F3lE5KieCoA8+uCQFXUB6kXxyv3tpoksphpmW
eM7KzppA4uD2JY4YtB/9p3cIqyzmE/fpEwOm2pMMHlwjAmzgM1rv8zRQJocnq3Uj
NINzV3GO1a+kOAqk1ASSMHfVQWsLmeYE30Vd91z0d87yudWqhNC73WWtiXTt3GLk
nm9nzqhDqvCVqjCnrY8ldUvecbaLC2jjKhuzHGHA+stqAiiTBFpjcueVtFcGgDXu
3ixqXPji2JeZ4sbt03JRnXzL0b1fmw5+4Lh1aw7HaZ5QbZQ+
-----END CERTIFICATE-----