Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iofAcU3jpBnvEvQE2JbUfSDh3gs.roa
File:                     iofAcU3jpBnvEvQE2JbUfSDh3gs.roa (raw, json)
Hash identifier:          lauE02SxmtgfJzZ9O8hPS4nPKN7/83t+42IYJ7BKXXA=
Subject key identifier:   8A:87:C0:71:4D:E3:A4:19:EF:12:F4:04:D8:96:D4:7D:20:E1:DE:0B
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BCE93A019B64B5F4300685B149D060
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iofAcU3jpBnvEvQE2JbUfSDh3gs.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198071
IP address blocks:        2a0e:97c0:cf0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:e9:3a:01:9b:64:b5:f4:30:06:85:b1:49:d0:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a87c0714de3a419ef12f404d896d47d20e1de0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:42:29:88:89:74:ec:87:f5:59:1b:ec:02:ff:
                    69:9e:0b:9f:89:b2:d4:e8:17:9a:51:b7:20:0e:e4:
                    87:29:0e:ec:e1:39:ca:9e:62:22:86:4b:42:f1:bd:
                    97:81:0c:d7:9e:39:2d:81:2a:46:b3:d3:24:29:cf:
                    ef:99:22:49:75:12:5c:43:2b:34:f9:7d:ee:64:b7:
                    a9:bc:ab:65:63:f6:e5:12:7f:1b:96:0e:c9:a7:99:
                    fa:eb:c2:e4:8a:6e:93:d7:37:22:56:50:ef:9a:62:
                    9a:7f:e3:31:4d:44:24:50:d2:b7:cb:4c:35:49:9c:
                    b0:e8:b1:b2:f9:a5:67:18:2d:2f:07:a1:d0:20:21:
                    c3:b0:73:d1:47:8d:63:0c:9d:86:1e:1d:8b:17:f7:
                    8e:57:17:e3:f2:31:a6:d6:7b:f2:0c:61:57:45:1b:
                    94:e9:a9:ed:78:e6:f7:4f:ac:53:1f:55:b1:06:57:
                    70:c5:f8:00:96:f9:a7:27:e4:18:4a:32:fa:57:b1:
                    0a:2b:70:d1:15:0c:00:f0:05:01:d7:4a:68:71:d3:
                    87:ca:10:35:e9:3c:4f:8e:6a:d2:b0:4d:0e:c6:94:
                    6e:9a:d3:03:6c:41:db:d6:74:81:bd:f4:67:fb:26:
                    7a:29:ae:96:e4:c4:61:85:6c:5a:74:d2:fb:e2:cd:
                    6d:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:87:C0:71:4D:E3:A4:19:EF:12:F4:04:D8:96:D4:7D:20:E1:DE:0B
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/iofAcU3jpBnvEvQE2JbUfSDh3gs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:cf0::/44

    Signature Algorithm: sha256WithRSAEncryption
         ad:bb:26:5d:a5:db:3b:1e:42:e6:aa:f9:b1:4d:a4:c8:05:00:
         19:16:9d:8d:df:7b:ec:6f:fe:2d:65:96:e2:20:d6:23:87:45:
         3b:c0:05:cc:dc:e9:13:8d:93:ff:ef:71:a0:50:4a:9d:8b:0d:
         a4:37:6e:30:7c:29:09:a4:25:9d:a3:c0:7b:5d:ed:6e:15:69:
         a1:78:3d:b9:21:c4:b1:4d:4c:d6:aa:c2:95:b8:99:37:9b:c4:
         83:22:be:ef:27:c5:ae:07:61:35:ea:02:c8:84:61:ba:79:d5:
         59:20:38:f2:27:cd:5c:2a:32:3c:48:a3:17:0a:0d:2c:80:84:
         c7:82:3b:79:32:1f:71:10:4b:c5:91:3c:6d:95:2a:4c:a9:29:
         74:63:6d:1d:b2:73:da:f3:68:d8:5f:85:ba:8c:45:2a:2c:06:
         d0:28:e9:f2:43:18:53:4e:47:9f:4d:5f:01:82:0e:95:e8:9c:
         57:8f:aa:c6:83:2e:f7:be:e1:4a:43:1d:eb:39:b0:21:8f:99:
         4f:dc:5a:40:fb:5d:73:b3:8e:25:aa:be:2c:9b:3d:72:b8:64:
         ed:4c:1f:92:08:0b:fe:e2:74:ac:39:ea:6b:99:19:ac:6c:78:
         06:9d:6e:52:38:5f:2f:43:65:c3:5c:04:d3:dd:15:60:e6:2b:
         1b:19:02:c1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvOk6AZtktfQwBoWxSdBgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTg3YzA3MTRkZTNhNDE5ZWYxMmY0MDRkODk2ZDQ3ZDIwZTFkZTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukIpiIl07If1WRvsAv9pngufibLU
6BeaUbcgDuSHKQ7s4TnKnmIihktC8b2XgQzXnjktgSpGs9MkKc/vmSJJdRJcQys0
+X3uZLepvKtlY/blEn8blg7Jp5n668Lkim6T1zciVlDvmmKaf+MxTUQkUNK3y0w1
SZyw6LGy+aVnGC0vB6HQICHDsHPRR41jDJ2GHh2LF/eOVxfj8jGm1nvyDGFXRRuU
6anteOb3T6xTH1WxBldwxfgAlvmnJ+QYSjL6V7EKK3DRFQwA8AUB10pocdOHyhA1
6TxPjmrSsE0OxpRumtMDbEHb1nSBvfRn+yZ6Ka6W5MRhhWxadNL74s1tpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIqHwHFN46QZ7xL0BNiW1H0g4d4LMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvaW9mQWNVM2pwQm52RXZRRTJKYlVmU0RoM2dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAzw
MA0GCSqGSIb3DQEBCwUAA4IBAQCtuyZdpds7HkLmqvmxTaTIBQAZFp2N33vsb/4t
ZZbiINYjh0U7wAXM3OkTjZP/73GgUEqdiw2kN24wfCkJpCWdo8B7Xe1uFWmheD25
IcSxTUzWqsKVuJk3m8SDIr7vJ8WuB2E16gLIhGG6edVZIDjyJ81cKjI8SKMXCg0s
gITHgjt5Mh9xEEvFkTxtlSpMqSl0Y20dsnPa82jYX4W6jEUqLAbQKOnyQxhTTkef
TV8Bgg6V6JxXj6rGgy73vuFKQx3rObAhj5lP3FpA+11zs44lqr4smz1yuGTtTB+S
CAv+4nSsOeprmRmsbHgGnW5SOF8vQ2XDXATT3RVg5isbGQLB
-----END CERTIFICATE-----