Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZqpVjG_GkA7eTA8tWbB1JqmymRE.roa
File:                     ZqpVjG_GkA7eTA8tWbB1JqmymRE.roa (raw, json)
Hash identifier:          g5itAOmhdMkMepMmW3lLG89YcMioK3wTawIdo+BLi4s=
Subject key identifier:   66:AA:55:8C:6F:C6:90:0E:DE:4C:0F:2D:59:B0:75:26:A9:B2:99:11
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DED2DA804DBBB4D736A17FC50E813340A
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZqpVjG_GkA7eTA8tWbB1JqmymRE.roa
Signing time:             Wed 28 Feb 2024 00:46:48 +0000
ROA not before:           Wed 28 Feb 2024 00:46:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212196
IP address blocks:        2a0e:b107:ec0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ed:2d:a8:04:db:bb:4d:73:6a:17:fc:50:e8:13:34:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 28 00:46:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66aa558c6fc6900ede4c0f2d59b07526a9b29911
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:cd:16:32:bf:0b:bf:20:a0:bb:57:07:ee:7b:
                    a1:b5:4a:74:64:87:a5:5c:81:32:55:38:c9:34:7e:
                    50:c3:8f:b5:47:16:40:cb:52:94:c3:e0:1b:ef:56:
                    c3:e1:63:82:e0:56:9a:a1:10:2d:86:ad:ce:5c:e0:
                    72:4d:e7:a7:9a:f6:0d:d6:a6:06:47:79:e6:84:7d:
                    28:d7:e9:56:55:1c:07:3d:a3:58:47:28:f5:e6:3b:
                    d9:e3:fe:87:68:d1:c1:16:1d:fe:09:1f:fc:25:d3:
                    e3:4f:54:ad:66:81:e2:9e:ac:f4:71:bb:08:f7:b9:
                    fe:86:e6:46:86:c2:63:a5:46:9c:3b:ce:5b:0b:58:
                    57:9c:d8:c2:53:65:ae:d6:7a:be:80:d8:ae:24:9e:
                    70:e5:95:ca:3a:e6:77:c9:b1:a5:3a:e7:5d:1b:02:
                    da:0e:94:63:3e:4c:e3:e2:c6:0d:e8:d0:67:2d:b8:
                    3a:d8:ce:2d:79:4e:5d:f8:d8:d2:20:9a:64:a6:c9:
                    4d:1f:30:f3:c1:75:f3:17:33:64:a4:b6:ec:5e:e3:
                    09:32:d6:d1:57:53:02:25:50:0b:d3:73:82:db:94:
                    77:53:1e:e4:76:95:91:b8:0a:d0:62:bd:bf:4c:8e:
                    96:c9:c2:89:21:ed:bf:ea:2a:dc:12:33:54:ff:ca:
                    6f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:AA:55:8C:6F:C6:90:0E:DE:4C:0F:2D:59:B0:75:26:A9:B2:99:11
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ZqpVjG_GkA7eTA8tWbB1JqmymRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:ec0::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:f5:a8:2e:02:0b:f4:34:35:c3:13:e6:93:13:43:28:75:ce:
         f1:f9:e9:f9:c9:a0:a6:3f:a5:7f:e2:04:b1:92:41:99:66:24:
         57:08:86:13:c4:5c:c3:55:00:fb:29:6e:eb:04:42:bf:4b:1c:
         83:30:19:58:17:f8:e4:d8:f6:07:af:1f:b6:79:61:7e:15:35:
         39:84:ce:78:63:17:4e:8b:4a:96:1f:a8:28:ba:79:24:bb:41:
         12:49:06:60:26:a8:c1:d1:cc:36:1e:0f:78:d8:0f:00:10:9e:
         cd:c6:f6:fa:72:43:dd:e0:b9:37:69:86:65:fd:ce:70:df:4c:
         52:1a:00:3a:28:ee:c6:37:eb:f1:1d:62:7e:60:3f:24:e4:c4:
         f2:d6:ef:b0:0d:76:ca:ea:ea:42:30:71:fd:b8:3c:4d:a6:d8:
         e7:11:81:2d:cb:6e:b5:3a:9c:12:42:9f:1c:d4:8c:ca:cb:98:
         5c:9b:49:e1:27:1d:3b:16:09:99:c6:a3:95:d7:62:41:d5:7b:
         af:e5:38:cc:3c:12:b9:70:8e:52:9e:54:ea:bb:5c:93:48:09:
         f9:80:28:78:5d:d9:04:1f:fd:68:b1:8a:5b:1b:60:9b:aa:77:
         fd:59:0c:79:65:30:59:0e:9a:cb:65:a7:5b:56:34:3f:2b:a4:
         75:92:ac:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY3tLagE27tNc2oX/FDoEzQKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMjI4MDA0NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmFhNTU4YzZmYzY5MDBlZGU0YzBmMmQ1OWIwNzUyNmE5YjI5OTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAms0WMr8LvyCgu1cH7nuhtUp0ZIel
XIEyVTjJNH5Qw4+1RxZAy1KUw+Ab71bD4WOC4FaaoRAthq3OXOByTeenmvYN1qYG
R3nmhH0o1+lWVRwHPaNYRyj15jvZ4/6HaNHBFh3+CR/8JdPjT1StZoHinqz0cbsI
97n+huZGhsJjpUacO85bC1hXnNjCU2Wu1nq+gNiuJJ5w5ZXKOuZ3ybGlOuddGwLa
DpRjPkzj4sYN6NBnLbg62M4teU5d+NjSIJpkpslNHzDzwXXzFzNkpLbsXuMJMtbR
V1MCJVAL03OC25R3Ux7kdpWRuArQYr2/TI6WycKJIe2/6ircEjNU/8pv1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGaqVYxvxpAO3kwPLVmwdSapspkRMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvWnFwVmpHX0drQTdlVEE4dFdiQjFKcW15bVJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBw7A
MA0GCSqGSIb3DQEBCwUAA4IBAQA09aguAgv0NDXDE+aTE0Modc7x+en5yaCmP6V/
4gSxkkGZZiRXCIYTxFzDVQD7KW7rBEK/SxyDMBlYF/jk2PYHrx+2eWF+FTU5hM54
YxdOi0qWH6gounkku0ESSQZgJqjB0cw2Hg942A8AEJ7Nxvb6ckPd4Lk3aYZl/c5w
30xSGgA6KO7GN+vxHWJ+YD8k5MTy1u+wDXbK6upCMHH9uDxNptjnEYEty261OpwS
Qp8c1IzKy5hcm0nhJx07FgmZxqOV12JB1Xuv5TjMPBK5cI5SnlTqu1yTSAn5gCh4
XdkEH/1osYpbG2Cbqnf9WQx5ZTBZDprLZadbVjQ/K6R1kqy3
-----END CERTIFICATE-----