Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_7pMIZ8NmpURH2HuioxOSPO96vw.roa
File:                     _7pMIZ8NmpURH2HuioxOSPO96vw.roa (raw, json)
Hash identifier:          x09ddMe5i9MlnRMmz7U8fPOBLDCjru9Wa/hP3Mum/vk=
Subject key identifier:   FF:BA:4C:21:9F:0D:9A:95:11:1F:61:EE:8A:8C:4E:48:F3:BD:EA:FC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252251D4325C352D7D585E5622524A7E
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_7pMIZ8NmpURH2HuioxOSPO96vw.roa
Signing time:             Thu 02 Jan 2025 03:49:53 +0000
ROA not before:           Thu 02 Jan 2025 03:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211495
IP address blocks:        2a0e:b107:10c0::/44 maxlen: 48
                          2a10:2f00:16c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:51:d4:32:5c:35:2d:7d:58:5e:56:22:52:4a:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffba4c219f0d9a95111f61ee8a8c4e48f3bdeafc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:22:91:de:3f:e0:61:45:8a:eb:16:63:4f:21:
                    2b:d1:6e:12:4a:d5:06:5c:36:4a:1b:43:69:2f:01:
                    54:da:44:31:46:86:bb:2e:4a:06:6a:37:97:f9:0b:
                    5a:95:c7:3f:8d:f9:7c:13:20:f2:7d:6e:39:92:e4:
                    ac:9c:80:48:6d:9c:5d:e3:ec:85:2a:88:56:db:ac:
                    9d:8c:a8:0e:af:b0:5c:41:0b:8e:8a:39:ed:aa:00:
                    25:01:99:1e:f0:07:c4:86:5f:27:47:80:54:c8:47:
                    5a:89:c0:28:82:9f:f3:a4:46:16:59:fd:1e:b0:05:
                    53:75:fe:69:e2:98:67:7e:27:3e:b9:d3:41:60:25:
                    f5:29:c0:97:14:df:35:10:4b:96:1d:90:6c:95:fd:
                    29:01:0c:15:d8:86:1b:bc:64:b2:d8:ac:d6:2a:ef:
                    a4:19:a7:fe:5a:18:31:92:62:1e:7c:9d:d2:2c:e0:
                    4b:fd:18:05:b3:8f:e9:85:fa:14:78:42:d5:97:78:
                    65:47:ff:a7:a6:23:a6:05:2e:84:eb:16:6f:3f:57:
                    fa:a8:18:59:be:92:e0:e0:b8:bb:a8:cb:3f:5a:d6:
                    6b:f1:f8:a6:e5:a1:44:3f:4a:b6:81:f2:fe:4f:52:
                    7b:52:e2:29:c9:5f:85:9f:64:ab:fe:92:01:2c:e8:
                    a2:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:BA:4C:21:9F:0D:9A:95:11:1F:61:EE:8A:8C:4E:48:F3:BD:EA:FC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/_7pMIZ8NmpURH2HuioxOSPO96vw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:10c0::/44
                  2a10:2f00:16c::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:9a:fa:de:e2:a7:21:fe:03:65:59:1e:d8:0d:c1:c6:1b:8a:
         97:b6:dc:35:f5:8f:2d:8d:f8:7d:07:84:31:e5:c3:d9:9a:a8:
         78:2b:d3:09:af:25:17:e7:ef:a4:b4:bc:d2:22:24:22:fe:dd:
         71:a2:d2:ce:4b:f3:0d:45:ed:ed:48:af:0e:7f:36:df:69:7e:
         af:a4:1e:78:f7:61:5e:5c:f6:96:20:d0:6f:e8:cc:78:fb:d3:
         28:ed:64:e3:07:3d:a1:85:c5:29:d0:88:8a:68:52:4a:01:cc:
         c2:dd:bd:f6:5b:35:4a:69:7f:82:be:a5:c1:11:61:3d:56:6a:
         9e:19:d9:62:cc:ef:2f:10:72:d8:38:08:51:76:56:7c:97:d3:
         87:81:1e:6d:da:70:a2:3e:3a:94:ba:2d:d4:b5:31:20:c6:4c:
         05:6c:b2:72:01:2e:e7:1b:ff:33:d2:95:07:bb:2f:42:de:51:
         ea:42:72:51:2d:74:da:dc:a5:b1:b8:0d:11:74:d6:1b:a7:79:
         8c:90:4c:ae:c7:6c:19:44:28:1e:48:a5:16:8e:ab:c8:a4:5b:
         cf:57:29:c7:05:eb:63:13:df:b0:7a:45:73:26:c0:28:e3:80:
         2d:9e:06:57:0d:5e:c1:76:b8:d3:c2:67:25:2f:31:0e:7a:cd:
         e4:fa:ca:04
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQlIlHUMlw1LX1YXlYiUkp+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmJhNGMyMTlmMGQ5YTk1MTExZjYxZWU4YThjNGU0OGYzYmRlYWZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxiKR3j/gYUWK6xZjTyEr0W4SStUG
XDZKG0NpLwFU2kQxRoa7LkoGajeX+Qtalcc/jfl8EyDyfW45kuSsnIBIbZxd4+yF
KohW26ydjKgOr7BcQQuOijntqgAlAZke8AfEhl8nR4BUyEdaicAogp/zpEYWWf0e
sAVTdf5p4phnfic+udNBYCX1KcCXFN81EEuWHZBslf0pAQwV2IYbvGSy2KzWKu+k
Gaf+WhgxkmIefJ3SLOBL/RgFs4/phfoUeELVl3hlR/+npiOmBS6E6xZvP1f6qBhZ
vpLg4Li7qMs/WtZr8fim5aFEP0q2gfL+T1J7UuIpyV+Fn2Sr/pIBLOiiWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFP+6TCGfDZqVER9h7oqMTkjzver8MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvXzdwTUlaOE5tcFVSSDJIdWlveE9TUE85NnZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKg6xBxDA
AwcAKhAvAAFsMA0GCSqGSIb3DQEBCwUAA4IBAQBTmvre4qch/gNlWR7YDcHGG4qX
ttw19Y8tjfh9B4Qx5cPZmqh4K9MJryUX5++ktLzSIiQi/t1xotLOS/MNRe3tSK8O
fzbfaX6vpB5492FeXPaWINBv6Mx4+9Mo7WTjBz2hhcUp0IiKaFJKAczC3b32WzVK
aX+CvqXBEWE9VmqeGdlizO8vEHLYOAhRdlZ8l9OHgR5t2nCiPjqUui3UtTEgxkwF
bLJyAS7nG/8z0pUHuy9C3lHqQnJRLXTa3KWxuA0RdNYbp3mMkEyux2wZRCgeSKUW
jqvIpFvPVynHBetjE9+wekVzJsAo44AtngZXDV7BdrjTwmclLzEOes3k+soE
-----END CERTIFICATE-----