Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/deKzys24jC2nNk4XVZr91kXTiYw.roa
File:                     deKzys24jC2nNk4XVZr91kXTiYw.roa (raw, json)
Hash identifier:          TS2G9xeqWCEaHWqlUZ3br/yBg/e4kQEtE/R7MOJBV5Y=
Subject key identifier:   75:E2:B3:CA:CD:B8:8C:2D:A7:36:4E:17:55:9A:FD:D6:45:D3:89:8C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521DA886DA908C2694BEFAC4D9659F8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/deKzys24jC2nNk4XVZr91kXTiYw.roa
Signing time:             Thu 02 Jan 2025 03:49:23 +0000
ROA not before:           Thu 02 Jan 2025 03:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57429
IP address blocks:        2a0e:b107:1340::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 03:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:da:88:6d:a9:08:c2:69:4b:ef:ac:4d:96:59:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=75e2b3cacdb88c2da7364e17559afdd645d3898c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e9:5b:b0:c7:c5:fc:80:04:d3:0c:ee:24:cd:
                    07:47:8f:9c:8a:30:58:c7:c8:71:fa:13:6f:3b:b3:
                    69:ea:79:28:fe:5f:16:f1:93:5d:9c:32:b8:ed:11:
                    4a:1d:ea:a5:ab:fe:f0:a9:8a:ce:24:b2:b6:6a:8d:
                    f2:87:5c:46:1c:2e:0f:dc:7e:9c:cc:7f:82:a5:7d:
                    8d:a3:c2:58:32:24:bf:bb:84:d9:3f:0b:42:ee:90:
                    46:6c:b0:0b:6c:b0:31:38:f5:99:ee:93:d5:7c:f3:
                    99:17:31:8c:c6:30:a2:72:1e:a3:42:90:b4:d9:5a:
                    de:c1:2c:f9:dd:81:80:34:2e:f2:5e:03:87:f7:86:
                    67:1a:dc:db:a1:aa:81:5d:d3:69:8b:a6:63:fe:b3:
                    b6:2b:1b:fa:d1:2d:41:a1:7a:9f:5c:21:f9:04:7a:
                    a1:9b:45:96:90:e2:fc:1c:09:fc:c9:da:e6:88:09:
                    cb:d5:df:ba:53:90:a1:ec:eb:29:41:85:bc:28:f4:
                    1a:b5:64:73:cd:a3:68:42:28:03:b0:64:94:a4:b4:
                    ea:0a:fb:58:be:de:b9:0d:6e:4e:64:2a:f3:6c:2c:
                    53:71:77:3c:52:f4:d5:d3:61:7e:64:cb:b1:e6:37:
                    44:1b:bc:41:79:49:da:6e:62:48:9e:1e:66:fb:19:
                    51:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:E2:B3:CA:CD:B8:8C:2D:A7:36:4E:17:55:9A:FD:D6:45:D3:89:8C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/deKzys24jC2nNk4XVZr91kXTiYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1340::/44

    Signature Algorithm: sha256WithRSAEncryption
         0b:22:d9:3b:03:7f:65:11:6a:c1:f9:1b:dd:28:ac:84:c9:6e:
         89:70:10:b2:13:3d:39:03:26:d6:83:8f:f4:8e:26:cf:56:15:
         a6:7f:15:02:ba:5a:34:a7:24:24:17:8f:a0:4b:59:07:39:55:
         f1:47:65:f9:a8:86:0f:0a:10:c0:6a:d1:c9:58:d6:dc:ad:95:
         30:25:1b:b4:92:bb:8f:89:43:12:65:8d:7f:84:0e:ad:75:a4:
         5a:7d:38:d6:99:21:3b:17:a3:fd:09:a8:e6:9f:22:11:10:dc:
         d2:b7:e3:55:9a:e7:a7:2d:7b:63:5f:a8:4b:42:ed:40:80:78:
         df:fb:92:0a:5b:c1:07:85:87:3b:18:a0:ea:bb:b2:a2:7d:e0:
         9c:d6:60:04:66:66:e0:bc:b2:ee:8e:c1:1f:77:95:67:59:fc:
         8c:b5:3d:8a:58:39:ad:5e:2c:47:66:fd:74:c4:a2:79:ab:fa:
         08:2a:4d:41:17:fc:8a:3c:b6:91:a9:76:30:bf:a3:89:d5:aa:
         64:4b:d4:75:2f:0f:b5:ab:5c:cd:86:02:19:d6:dd:6c:68:35:
         9c:a0:29:35:3d:c0:31:84:c8:12:e9:bc:ae:34:4b:e4:a8:99:
         d3:3b:32:90:53:f0:d4:c7:ad:34:ad:e8:76:9e:e2:37:ac:f7:
         8d:45:4e:fc
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIdqIbakIwmlL76xNlln4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWUyYjNjYWNkYjg4YzJkYTczNjRlMTc1NTlhZmRkNjQ1ZDM4OThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+lbsMfF/IAE0wzuJM0HR4+cijBY
x8hx+hNvO7Np6nko/l8W8ZNdnDK47RFKHeqlq/7wqYrOJLK2ao3yh1xGHC4P3H6c
zH+CpX2No8JYMiS/u4TZPwtC7pBGbLALbLAxOPWZ7pPVfPOZFzGMxjCich6jQpC0
2VrewSz53YGANC7yXgOH94ZnGtzboaqBXdNpi6Zj/rO2Kxv60S1BoXqfXCH5BHqh
m0WWkOL8HAn8ydrmiAnL1d+6U5Ch7OspQYW8KPQatWRzzaNoQigDsGSUpLTqCvtY
vt65DW5OZCrzbCxTcXc8UvTV02F+ZMux5jdEG7xBeUnabmJInh5m+xlRkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHXis8rNuIwtpzZOF1Wa/dZF04mMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZGVLenlzMjRqQzJuTms0WFZacjkxa1hUaVl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxNA
MA0GCSqGSIb3DQEBCwUAA4IBAQALItk7A39lEWrB+RvdKKyEyW6JcBCyEz05AybW
g4/0jibPVhWmfxUCulo0pyQkF4+gS1kHOVXxR2X5qIYPChDAatHJWNbcrZUwJRu0
kruPiUMSZY1/hA6tdaRafTjWmSE7F6P9CajmnyIRENzSt+NVmuenLXtjX6hLQu1A
gHjf+5IKW8EHhYc7GKDqu7KifeCc1mAEZmbgvLLujsEfd5VnWfyMtT2KWDmtXixH
Zv10xKJ5q/oIKk1BF/yKPLaRqXYwv6OJ1apkS9R1Lw+1q1zNhgIZ1t1saDWcoCk1
PcAxhMgS6byuNEvkqJnTOzKQU/DUx600reh2nuI3rPeNRU78
-----END CERTIFICATE-----