Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gaJq9yEuXVADDE1CK4GW4AbQQLk.roa
File:                     gaJq9yEuXVADDE1CK4GW4AbQQLk.roa (raw, json)
Hash identifier:          vBCjQpifK9wqRaKc6M8V4x5VsAPIxDUSpkInG7jbUFY=
Subject key identifier:   81:A2:6A:F7:21:2E:5D:50:03:0C:4D:42:2B:81:96:E0:06:D0:40:B9
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCD4890859570A5932A0E013E6D4E8
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gaJq9yEuXVADDE1CK4GW4AbQQLk.roa
Signing time:             Tue 02 Jan 2024 10:34:04 +0000
ROA not before:           Tue 02 Jan 2024 10:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57351
IP address blocks:        2a10:2f00:19a::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:d4:89:08:59:57:0a:59:32:a0:e0:13:e6:d4:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=81a26af7212e5d50030c4d422b8196e006d040b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:19:c5:22:93:e7:70:48:99:af:7f:f0:1e:d4:
                    7b:54:b6:9a:f4:88:96:0a:bf:a5:fd:20:f1:01:48:
                    18:62:d2:c1:f6:e4:82:b4:61:c9:2b:9d:cd:e5:d4:
                    c7:45:e8:a9:31:b7:a8:c6:3e:be:44:e7:eb:c3:4c:
                    aa:a3:f3:1c:8c:ea:99:c6:bd:cf:02:08:0c:10:33:
                    c8:ee:00:3e:9f:52:9a:3b:5b:bf:2f:c7:0a:43:5e:
                    9e:5e:9b:10:5a:26:7b:49:ef:4b:59:d1:f7:20:16:
                    01:e0:2b:fb:a2:4f:e0:62:db:6e:d0:79:13:99:31:
                    b4:54:04:8e:8b:35:2f:16:bf:e3:a4:b4:9a:66:d0:
                    66:72:3d:6b:6f:c7:a3:b5:12:61:14:5e:02:4c:d6:
                    0f:14:6b:0c:cd:1a:6a:08:c5:79:39:ca:5f:d0:dd:
                    f7:2d:de:d9:58:69:e6:dd:74:5e:15:d5:eb:e8:fe:
                    af:70:94:af:59:d1:1f:44:35:fc:13:b1:dd:c8:5e:
                    b2:13:56:26:fe:04:b4:a6:9e:e0:c5:29:95:6e:1e:
                    36:71:8e:91:cd:29:2b:ee:1f:3a:41:78:24:40:15:
                    3d:40:09:cb:db:47:f2:1d:d8:87:1f:25:8f:d0:4f:
                    b0:ad:8d:bf:b9:f0:4f:05:fe:1c:9c:e3:4a:4b:9a:
                    51:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:A2:6A:F7:21:2E:5D:50:03:0C:4D:42:2B:81:96:E0:06:D0:40:B9
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/gaJq9yEuXVADDE1CK4GW4AbQQLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:19a::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:de:ec:7b:e3:3e:28:e8:5a:33:8b:e2:f4:79:9d:c3:54:31:
         bb:52:79:64:83:ec:0d:00:35:05:d9:94:e0:42:76:bd:3d:4b:
         bb:bf:7e:84:86:2f:8b:c6:73:26:f6:fc:17:2e:a9:ab:0f:3a:
         37:da:5f:bd:9a:41:54:33:7d:8d:d2:25:a8:e5:4c:b9:ea:d8:
         2c:54:ce:ad:b0:87:78:63:ed:52:40:a7:f2:3d:06:8d:d3:8f:
         38:68:96:09:7f:ed:31:da:ea:62:54:8c:45:db:3c:b5:79:ee:
         71:55:7a:b7:fa:73:14:ad:46:35:c3:bd:f9:7a:04:7a:dd:01:
         0d:0e:52:cf:86:0d:25:6b:25:9d:00:61:1f:0b:21:28:96:ca:
         1c:1b:e8:0e:5d:70:3d:67:1f:79:95:04:d7:78:51:95:5a:03:
         3b:39:c6:0f:34:c7:8d:1d:ab:ff:b6:84:f3:c6:ec:59:64:87:
         8a:46:4a:de:dc:24:46:16:d7:35:8b:bd:97:60:07:71:65:d0:
         a7:7e:dd:82:be:56:63:fa:0d:e4:f8:d8:2e:e2:0e:32:f6:e3:
         12:54:73:16:24:46:44:8e:b6:7d:d1:91:f9:2f:bf:c8:f0:c7:
         a5:c6:4a:4b:d3:47:ff:cd:5e:fb:be:ea:3a:26:5c:95:7a:84:
         0d:f4:ea:17
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvNSJCFlXClkyoOAT5tToMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MWEyNmFmNzIxMmU1ZDUwMDMwYzRkNDIyYjgxOTZlMDA2ZDA0MGI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhnFIpPncEiZr3/wHtR7VLaa9IiW
Cr+l/SDxAUgYYtLB9uSCtGHJK53N5dTHReipMbeoxj6+ROfrw0yqo/McjOqZxr3P
AggMEDPI7gA+n1KaO1u/L8cKQ16eXpsQWiZ7Se9LWdH3IBYB4Cv7ok/gYttu0HkT
mTG0VASOizUvFr/jpLSaZtBmcj1rb8ejtRJhFF4CTNYPFGsMzRpqCMV5Ocpf0N33
Ld7ZWGnm3XReFdXr6P6vcJSvWdEfRDX8E7HdyF6yE1Ym/gS0pp7gxSmVbh42cY6R
zSkr7h86QXgkQBU9QAnL20fyHdiHHyWP0E+wrY2/ufBPBf4cnONKS5pRCwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIGiavchLl1QAwxNQiuBluAG0EC5MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvZ2FKcTl5RXVYVkFEREUxQ0s0R1c0QWJRUUxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAGa
MA0GCSqGSIb3DQEBCwUAA4IBAQCj3ux74z4o6Fozi+L0eZ3DVDG7Unlkg+wNADUF
2ZTgQna9PUu7v36Ehi+LxnMm9vwXLqmrDzo32l+9mkFUM32N0iWo5Uy56tgsVM6t
sId4Y+1SQKfyPQaN0484aJYJf+0x2upiVIxF2zy1ee5xVXq3+nMUrUY1w735egR6
3QENDlLPhg0layWdAGEfCyEolsocG+gOXXA9Zx95lQTXeFGVWgM7OcYPNMeNHav/
toTzxuxZZIeKRkre3CRGFtc1i72XYAdxZdCnft2CvlZj+g3k+Ngu4g4y9uMSVHMW
JEZEjrZ90ZH5L7/I8MelxkpL00f/zV77vuo6JlyVeoQN9OoX
-----END CERTIFICATE-----