Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XTi_Me6SKNkU8bTp2I91PzlDNjE.roa
File:                     XTi_Me6SKNkU8bTp2I91PzlDNjE.roa (raw, json)
Hash identifier:          Bs7kPBdNoa3u+UQaauE9jQXgPQ7+rS1hDp+i9bsqmJE=
Subject key identifier:   5D:38:BF:31:EE:92:28:D9:14:F1:B4:E9:D8:8F:75:3F:39:43:36:31
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521DA0107C323AD09DF883838F42438
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XTi_Me6SKNkU8bTp2I91PzlDNjE.roa
Signing time:             Thu 02 Jan 2025 03:49:23 +0000
ROA not before:           Thu 02 Jan 2025 03:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57266
IP address blocks:        2a0e:97c0:110::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 15:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:da:01:07:c3:23:ad:09:df:88:38:38:f4:24:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d38bf31ee9228d914f1b4e9d88f753f39433631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e3:c3:c2:6a:08:5b:1e:40:71:42:18:5a:b7:
                    6f:f9:7c:b8:cf:98:78:ca:cd:5c:b3:65:95:20:ee:
                    d0:46:31:12:88:04:53:dc:0e:7b:5f:2b:b4:ab:07:
                    2b:16:de:cb:45:de:10:8a:bd:d0:9a:5c:20:9b:db:
                    65:1b:df:7f:27:eb:6f:af:92:c5:17:45:49:6f:d7:
                    b5:47:22:2e:63:06:1c:d8:0d:f9:fe:02:aa:9d:6b:
                    0b:05:d0:a1:ba:6c:22:23:e4:ba:dd:9d:0c:d4:8d:
                    54:0a:34:77:f7:ee:eb:ab:f9:84:89:99:8d:8a:da:
                    d4:cd:73:55:cf:1d:72:65:9d:b0:30:ca:1b:80:b1:
                    52:d1:43:22:26:b8:19:27:94:84:80:45:c0:05:24:
                    78:71:f7:92:7a:5f:0c:85:0a:b7:46:3c:ad:0b:f9:
                    77:85:1d:2f:53:c5:bd:b4:de:a3:69:82:07:66:a8:
                    fa:2f:ff:15:6e:16:80:2e:13:43:bc:47:2c:6c:27:
                    88:11:8d:f0:15:59:52:2d:1c:5a:11:d4:39:45:fd:
                    0d:0e:63:81:ca:66:27:51:ee:a4:ce:2e:a7:d7:72:
                    b1:72:da:04:7e:a2:ee:36:05:cf:5c:74:4f:b9:29:
                    60:aa:33:b2:c3:17:e4:a1:4a:79:39:d3:4a:32:0a:
                    be:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:38:BF:31:EE:92:28:D9:14:F1:B4:E9:D8:8F:75:3F:39:43:36:31
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XTi_Me6SKNkU8bTp2I91PzlDNjE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:110::/44

    Signature Algorithm: sha256WithRSAEncryption
         c8:a4:4d:67:83:e5:ea:f6:8c:4f:9a:33:7d:b8:54:07:90:16:
         0b:30:ac:dc:ae:f7:f7:4a:fa:31:b0:d8:62:dd:d2:fa:35:ea:
         83:4a:c5:9a:e9:79:09:6c:64:d7:8c:56:41:1e:dc:ec:07:da:
         6b:4a:69:32:dc:a9:17:3e:ea:17:64:23:2b:06:6d:84:a9:32:
         22:48:bf:9c:d7:b0:3d:14:90:9c:32:55:dc:84:45:00:53:e0:
         78:bc:1b:39:f1:75:ab:8a:56:6b:ea:31:3b:0d:a5:2b:92:f3:
         80:e6:1a:e6:65:91:fc:06:f1:3f:c5:fa:2e:c5:f5:37:1f:34:
         89:79:96:21:27:23:f4:06:ff:33:87:d9:02:ca:b1:6e:7c:b9:
         e3:45:ca:95:8d:a5:ee:b7:e8:b6:4e:08:c7:3f:52:e0:ba:2b:
         fc:da:8f:aa:44:a4:3b:fd:a1:1a:52:7f:02:24:bb:dd:ac:e8:
         f0:bd:2e:5c:5d:17:26:74:c4:f0:88:68:b1:8f:43:fb:1d:57:
         33:1c:53:35:77:81:61:80:26:ba:7b:db:8f:9f:a8:86:73:2a:
         80:54:cb:aa:22:12:cf:05:e4:0c:c5:9f:f2:d2:1f:a9:43:95:
         ed:08:98:08:83:30:24:b3:c1:b4:21:db:c0:c3:1f:ff:df:29:
         98:68:33:32
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIdoBB8MjrQnfiDg49CQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDM4YmYzMWVlOTIyOGQ5MTRmMWI0ZTlkODhmNzUzZjM5NDMzNjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuPDwmoIWx5AcUIYWrdv+Xy4z5h4
ys1cs2WVIO7QRjESiART3A57Xyu0qwcrFt7LRd4Qir3Qmlwgm9tlG99/J+tvr5LF
F0VJb9e1RyIuYwYc2A35/gKqnWsLBdChumwiI+S63Z0M1I1UCjR39+7rq/mEiZmN
itrUzXNVzx1yZZ2wMMobgLFS0UMiJrgZJ5SEgEXABSR4cfeSel8MhQq3RjytC/l3
hR0vU8W9tN6jaYIHZqj6L/8VbhaALhNDvEcsbCeIEY3wFVlSLRxaEdQ5Rf0NDmOB
ymYnUe6kzi6n13KxctoEfqLuNgXPXHRPuSlgqjOywxfkoUp5OdNKMgq+fwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF04vzHukijZFPG06diPdT85QzYxMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWFRpX01lNlNLTmtVOGJUcDJJOTFQemxETmpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAEQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDIpE1ng+Xq9oxPmjN9uFQHkBYLMKzcrvf3Svox
sNhi3dL6NeqDSsWa6XkJbGTXjFZBHtzsB9prSmky3KkXPuoXZCMrBm2EqTIiSL+c
17A9FJCcMlXchEUAU+B4vBs58XWrilZr6jE7DaUrkvOA5hrmZZH8BvE/xfouxfU3
HzSJeZYhJyP0Bv8zh9kCyrFufLnjRcqVjaXut+i2TgjHP1Lguiv82o+qRKQ7/aEa
Un8CJLvdrOjwvS5cXRcmdMTwiGixj0P7HVczHFM1d4FhgCa6e9uPn6iGcyqAVMuq
IhLPBeQMxZ/y0h+pQ5XtCJgIgzAks8G0IdvAwx//3ymYaDMy
-----END CERTIFICATE-----