Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XlA3LpZgm0vmC6XeMYkHTUJSwgM.roa
File:                     XlA3LpZgm0vmC6XeMYkHTUJSwgM.roa (raw, json)
Hash identifier:          7PniLQeFOWFHZqa/21Zu0iqasm0YYSV3UmxPZiG17uw=
Subject key identifier:   5E:50:37:2E:96:60:9B:4B:E6:0B:A5:DE:31:89:07:4D:42:52:C2:03
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018E18CE6023DBF1EA1A9B01006CFD51E844
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XlA3LpZgm0vmC6XeMYkHTUJSwgM.roa
Signing time:             Thu 07 Mar 2024 12:06:01 +0000
ROA not before:           Thu 07 Mar 2024 12:06:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        2a0e:b107:2780::/46 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:18:ce:60:23:db:f1:ea:1a:9b:01:00:6c:fd:51:e8:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar  7 12:06:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e50372e96609b4be60ba5de3189074d4252c203
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:33:67:db:a6:92:94:4b:c1:23:1e:db:a6:04:
                    8b:90:d5:1a:07:44:41:23:a1:70:f0:93:51:0c:0a:
                    ea:4a:b8:5e:93:f7:ac:67:26:c7:b3:e7:36:7f:e4:
                    f3:ef:21:27:30:67:ca:f3:ec:3e:47:c6:a8:e6:16:
                    48:01:e3:fd:f5:aa:80:46:05:6e:50:75:24:ef:d5:
                    a7:03:87:90:fd:d1:ac:30:c4:b1:26:9a:48:36:e8:
                    aa:3d:eb:5f:4c:81:81:2e:d9:bb:ad:df:fd:71:c2:
                    4d:b2:b0:3b:26:b7:01:d6:75:f3:1f:3e:40:7c:9d:
                    4c:98:2a:b1:24:9c:b2:6f:45:32:6d:5c:7b:3c:2a:
                    50:c5:f7:fe:cd:a2:58:7e:c0:16:d9:aa:c3:6f:08:
                    ec:5a:4b:e0:92:14:0d:4f:67:a4:64:50:d7:a9:f0:
                    e8:eb:08:28:8a:47:bb:88:b5:3b:9b:3b:3e:be:e0:
                    de:8f:c3:14:24:c2:73:d1:52:b3:e2:44:58:c3:1e:
                    24:47:2b:da:42:9d:23:2d:cc:49:ed:b9:9b:b8:46:
                    7d:fd:59:d8:ee:2a:cc:a3:70:53:8a:55:d8:e8:b4:
                    00:e3:82:ea:e1:43:bd:5f:5b:d2:04:91:67:ac:18:
                    d5:2a:7a:26:8d:8f:24:24:3b:56:68:c0:27:6e:50:
                    f8:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:50:37:2E:96:60:9B:4B:E6:0B:A5:DE:31:89:07:4D:42:52:C2:03
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/XlA3LpZgm0vmC6XeMYkHTUJSwgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2780::/46

    Signature Algorithm: sha256WithRSAEncryption
         b1:61:64:46:dd:f7:69:83:4f:37:fe:7b:a9:df:4b:3a:f8:4b:
         5d:a6:c8:50:3b:b6:10:4f:c7:c0:ca:c4:0d:43:41:2b:29:14:
         3b:a1:9a:1d:82:97:b5:e2:c5:ff:f4:be:33:e6:1d:0b:57:11:
         71:3c:75:b9:fd:5a:a8:30:ca:f6:48:0c:81:6c:3d:24:3a:f4:
         52:89:a6:b1:cf:96:ef:09:48:20:d3:1a:b5:50:a0:76:15:26:
         fe:d8:ba:84:20:8b:02:c8:db:b4:4a:6f:60:b5:be:af:00:fa:
         0b:d1:ad:12:a8:01:c6:4e:17:7d:f5:44:97:86:ba:c8:40:8a:
         75:5d:4a:3a:22:de:41:af:d5:b6:9c:1d:36:a0:f5:9a:3f:a6:
         61:de:d8:d4:a7:4c:3d:fc:a0:3b:1b:67:16:5e:f1:86:f7:e5:
         54:05:13:c7:ff:1f:d6:7f:ed:c8:27:b6:03:2d:e1:ae:ca:9b:
         38:2a:7f:4c:8e:06:56:60:f9:41:82:2e:eb:80:61:df:f8:5f:
         40:ec:84:11:00:16:73:9e:1d:91:72:78:da:4e:5c:c5:03:56:
         ac:b5:d0:78:e3:a7:29:5f:56:19:8b:48:77:b7:5f:49:30:48:
         59:f8:11:b5:5c:9f:84:d4:ce:39:56:9f:d9:4d:54:31:f7:15:
         33:5f:dc:d9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY4YzmAj2/HqGpsBAGz9UehEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzA3MTIwNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTUwMzcyZTk2NjA5YjRiZTYwYmE1ZGUzMTg5MDc0ZDQyNTJjMjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjNn26aSlEvBIx7bpgSLkNUaB0RB
I6Fw8JNRDArqSrhek/esZybHs+c2f+Tz7yEnMGfK8+w+R8ao5hZIAeP99aqARgVu
UHUk79WnA4eQ/dGsMMSxJppINuiqPetfTIGBLtm7rd/9ccJNsrA7JrcB1nXzHz5A
fJ1MmCqxJJyyb0UybVx7PCpQxff+zaJYfsAW2arDbwjsWkvgkhQNT2ekZFDXqfDo
6wgoike7iLU7mzs+vuDej8MUJMJz0VKz4kRYwx4kRyvaQp0jLcxJ7bmbuEZ9/VnY
7irMo3BTilXY6LQA44Lq4UO9X1vSBJFnrBjVKnomjY8kJDtWaMAnblD4dQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFF5QNy6WYJtL5gul3jGJB01CUsIDMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWGxBM0xwWmdtMHZtQzZYZU1Za0hUVUpTd2dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg6xByeA
MA0GCSqGSIb3DQEBCwUAA4IBAQCxYWRG3fdpg083/nup30s6+EtdpshQO7YQT8fA
ysQNQ0ErKRQ7oZodgpe14sX/9L4z5h0LVxFxPHW5/VqoMMr2SAyBbD0kOvRSiaax
z5bvCUgg0xq1UKB2FSb+2LqEIIsCyNu0Sm9gtb6vAPoL0a0SqAHGThd99USXhrrI
QIp1XUo6It5Br9W2nB02oPWaP6Zh3tjUp0w9/KA7G2cWXvGG9+VUBRPH/x/Wf+3I
J7YDLeGuyps4Kn9MjgZWYPlBgi7rgGHf+F9A7IQRABZznh2RcnjaTlzFA1astdB4
46cpX1YZi0h3t19JMEhZ+BG1XJ+E1M45Vp/ZTVQx9xUzX9zZ
-----END CERTIFICATE-----