Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZVTIiLJmNfi5iSeU54W2IL-EIz4.roa
File:                     ZVTIiLJmNfi5iSeU54W2IL-EIz4.roa (raw, json)
Hash identifier:          YWJDgiJXsFR2CxT9lGm6YPD1RpRNP2I1k20cEmMESn8=
Subject key identifier:   65:54:C8:88:B2:66:35:F8:B9:89:27:94:E7:85:B6:20:BF:84:23:3E
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252241E4FAF3FEA8846C76BDAF48E04E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZVTIiLJmNfi5iSeU54W2IL-EIz4.roa
Signing time:             Thu 02 Jan 2025 03:49:49 +0000
ROA not before:           Thu 02 Jan 2025 03:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210633
IP address blocks:        2a0e:b107:1960::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:41:e4:fa:f3:fe:a8:84:6c:76:bd:af:48:e0:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6554c888b26635f8b9892794e785b620bf84233e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:db:ba:46:46:1d:6f:da:0b:33:b0:b1:8f:bd:
                    c4:90:3f:94:45:fb:2b:50:29:8b:8e:df:5e:e0:1d:
                    86:ed:8e:9e:cc:31:71:3e:3d:e9:78:8b:88:db:ca:
                    d1:3a:b7:60:23:50:d2:51:75:86:fb:ee:04:9c:17:
                    0d:67:51:82:17:c9:68:9a:8d:e3:16:ca:3b:fc:7f:
                    b4:6e:cd:75:5b:2e:01:a5:ac:04:21:43:b0:38:6e:
                    73:72:7c:2c:97:4e:28:48:cd:81:e0:02:e2:20:35:
                    25:cf:f3:2c:01:fb:35:14:74:05:15:86:80:db:73:
                    f9:74:ab:0e:70:be:18:f5:83:c3:b4:60:fa:7d:40:
                    a0:ea:21:f3:b6:56:a0:dc:ba:9a:f4:e0:42:26:5c:
                    d6:23:66:1c:73:90:32:61:9c:c4:22:f2:ce:19:ae:
                    10:7f:46:ad:0f:d4:8d:e9:3b:fb:44:da:96:b0:1b:
                    4c:52:d0:93:40:43:3c:60:80:5f:2b:ac:79:bd:b9:
                    0c:e5:be:58:f2:4d:f0:6c:cd:91:97:6b:88:80:6e:
                    44:46:10:9a:bb:29:b9:7d:85:21:bb:e4:b9:60:89:
                    d1:0f:96:f6:41:ac:38:71:7a:59:4d:7d:13:a7:44:
                    86:da:b3:55:cf:d6:7c:23:d5:de:6a:d5:b1:67:f8:
                    ea:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:54:C8:88:B2:66:35:F8:B9:89:27:94:E7:85:B6:20:BF:84:23:3E
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZVTIiLJmNfi5iSeU54W2IL-EIz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1960::/44

    Signature Algorithm: sha256WithRSAEncryption
         13:c7:77:ee:98:80:80:79:99:b2:f0:8b:a3:30:57:74:9f:89:
         b5:ba:26:74:55:6a:5c:6c:dd:7d:3f:8a:64:29:f6:29:85:32:
         35:0f:19:e2:be:f3:1f:f7:a3:98:47:08:3d:4e:98:27:32:20:
         f8:e6:45:bf:ae:00:da:17:65:35:f1:80:ba:af:fe:6b:c7:74:
         0b:f4:99:0f:e9:0c:ad:90:4a:71:17:94:f8:9d:89:2d:05:3a:
         be:70:94:42:32:06:d8:dc:a1:57:da:e4:3b:ac:f6:eb:9e:3a:
         2d:25:4c:0d:bf:3b:79:eb:a3:3e:df:15:6b:75:8a:0b:91:8e:
         36:2b:93:df:08:4a:16:94:9a:81:6f:39:c5:b2:25:73:2c:eb:
         03:62:60:03:ed:3d:76:b1:62:c2:d8:6b:d6:4d:83:0d:6a:b1:
         cd:55:3b:8b:8d:6e:d4:00:db:6b:96:6f:79:97:d2:6e:d1:ec:
         22:93:11:85:86:ba:85:94:cc:54:71:6e:76:80:f9:96:3f:d9:
         c6:e1:2a:3f:c4:ea:6a:23:c3:5e:ad:6e:33:bf:9b:52:3e:09:
         c6:d7:1c:d9:59:8b:e5:58:3f:84:4d:ae:5d:9d:56:7a:2e:73:
         56:83:52:60:59:ae:8d:5f:da:49:90:8a:c3:b8:ee:27:23:d4:
         4f:ca:bc:1f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkHk+vP+qIRsdr2vSOBOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTU0Yzg4OGIyNjYzNWY4Yjk4OTI3OTRlNzg1YjYyMGJmODQyMzNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA59u6RkYdb9oLM7Cxj73EkD+URfsr
UCmLjt9e4B2G7Y6ezDFxPj3peIuI28rROrdgI1DSUXWG++4EnBcNZ1GCF8lomo3j
Fso7/H+0bs11Wy4BpawEIUOwOG5zcnwsl04oSM2B4ALiIDUlz/MsAfs1FHQFFYaA
23P5dKsOcL4Y9YPDtGD6fUCg6iHztlag3Lqa9OBCJlzWI2Ycc5AyYZzEIvLOGa4Q
f0atD9SN6Tv7RNqWsBtMUtCTQEM8YIBfK6x5vbkM5b5Y8k3wbM2Rl2uIgG5ERhCa
uym5fYUhu+S5YInRD5b2Qaw4cXpZTX0Tp0SG2rNVz9Z8I9XeatWxZ/jqbwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGVUyIiyZjX4uYknlOeFtiC/hCM+MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWlZUSWlMSm1OZmk1aVNlVTU0VzJJTC1FSXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxlg
MA0GCSqGSIb3DQEBCwUAA4IBAQATx3fumICAeZmy8IujMFd0n4m1uiZ0VWpcbN19
P4pkKfYphTI1DxnivvMf96OYRwg9TpgnMiD45kW/rgDaF2U18YC6r/5rx3QL9JkP
6QytkEpxF5T4nYktBTq+cJRCMgbY3KFX2uQ7rPbrnjotJUwNvzt566M+3xVrdYoL
kY42K5PfCEoWlJqBbznFsiVzLOsDYmAD7T12sWLC2GvWTYMNarHNVTuLjW7UANtr
lm95l9Ju0ewikxGFhrqFlMxUcW52gPmWP9nG4So/xOpqI8NerW4zv5tSPgnG1xzZ
WYvlWD+ETa5dnVZ6LnNWg1JgWa6NX9pJkIrDuO4nI9RPyrwf
-----END CERTIFICATE-----