Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/o84FSVO5_tbI5DCwQyk9tAspWVo.roa
File:                     o84FSVO5_tbI5DCwQyk9tAspWVo.roa (raw, json)
Hash identifier:          EqLrAHMH0xGiR+nAANJfzZLqApI4g7T+Y65RRRNHhdo=
Subject key identifier:   A3:CE:05:49:53:B9:FE:D6:C8:E4:30:B0:43:29:3D:B4:0B:29:59:5A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425229852CC72D3FF926AD4D7B46C75A0
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/o84FSVO5_tbI5DCwQyk9tAspWVo.roa
Signing time:             Thu 02 Jan 2025 03:50:11 +0000
ROA not before:           Thu 02 Jan 2025 03:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216427
IP address blocks:        2a06:de00:ad00::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:98:52:cc:72:d3:ff:92:6a:d4:d7:b4:6c:75:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3ce054953b9fed6c8e430b043293db40b29595a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:c1:0b:c7:a2:81:16:1e:4a:86:66:90:8a:be:
                    f4:b8:05:2a:57:c5:95:39:e7:96:6c:ab:a6:e1:9f:
                    cb:87:a5:33:d5:d8:cd:39:15:f2:6b:2e:f7:59:e3:
                    13:9f:8d:be:8b:38:9b:04:d7:0d:84:0d:ed:6c:a3:
                    56:be:7a:8d:97:e8:4d:bd:12:03:e4:98:26:6c:f6:
                    49:13:d6:a5:9b:51:27:84:85:e1:37:d5:4b:53:e4:
                    a7:bf:bf:38:ee:e4:e0:ed:70:80:ca:81:ff:78:24:
                    4e:c9:36:46:75:e9:3c:66:9f:9b:72:1e:eb:c2:a8:
                    3f:1c:16:93:cf:75:f3:48:8d:76:05:7d:ee:cc:49:
                    37:5a:b4:3e:37:bc:bd:2a:2f:0b:50:31:5a:e2:d9:
                    8b:f0:4d:a6:1b:02:a6:4f:0b:b8:b4:02:e2:1d:6c:
                    41:84:d5:51:44:ec:8b:59:1e:45:01:4c:8a:28:44:
                    37:55:8a:98:a4:4a:4e:2d:20:39:1b:5d:91:64:3f:
                    58:d3:ec:a9:2e:fd:7a:bf:21:79:90:d1:98:6e:56:
                    7e:55:f2:1a:a6:65:b2:9d:05:40:92:57:aa:e0:f3:
                    ae:90:db:3a:29:c1:81:f0:56:b2:4c:e2:ce:fb:8d:
                    ad:c1:d1:5a:dc:87:b2:d7:05:9c:b3:d1:80:29:84:
                    00:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:CE:05:49:53:B9:FE:D6:C8:E4:30:B0:43:29:3D:B4:0B:29:59:5A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/o84FSVO5_tbI5DCwQyk9tAspWVo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de00:ad00::/44

    Signature Algorithm: sha256WithRSAEncryption
         25:f1:4a:72:9b:92:00:e2:21:cf:42:c8:09:3a:95:05:6d:fd:
         74:06:2d:33:45:27:fb:a9:e4:c2:9e:14:08:49:17:2c:94:84:
         7c:b5:b1:48:00:52:34:b3:86:7e:46:7c:5b:47:33:4b:c5:0f:
         dd:09:4a:b1:7c:03:41:da:8a:e5:6a:f5:65:83:9d:e8:07:14:
         09:80:3f:29:0a:d2:b0:0f:0b:06:61:ba:c6:c2:f5:2a:88:68:
         66:82:e9:89:db:f1:1f:f4:64:12:06:91:93:73:8e:46:fe:99:
         22:e1:01:ca:b8:39:8c:d2:6c:2c:d6:ae:cc:4c:a8:fa:72:46:
         cc:ae:ec:ba:37:e9:4d:24:cc:d3:4b:4e:57:aa:a4:d6:02:cb:
         80:ce:26:d4:fd:42:da:ff:bc:9c:c8:5c:58:d3:c8:86:5e:59:
         1a:30:51:a4:45:00:c9:c6:8d:1f:a3:5b:6d:11:8e:c9:4b:28:
         2c:20:49:83:a2:0a:5e:0c:b0:6e:bf:ca:4a:93:5c:6c:51:d8:
         c2:e2:34:b3:ef:f1:5c:2b:72:a2:55:15:e3:ca:ea:24:1c:ed:
         dd:fd:71:02:3b:60:aa:61:45:83:de:30:f7:29:b0:eb:ec:5c:
         b8:f3:10:6e:72:6e:9b:ea:ea:13:84:2a:60:86:9c:8c:7d:03:
         97:3d:e0:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIphSzHLT/5Jq1Ne0bHWgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2NlMDU0OTUzYjlmZWQ2YzhlNDMwYjA0MzI5M2RiNDBiMjk1OTVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvMELx6KBFh5KhmaQir70uAUqV8WV
OeeWbKum4Z/Lh6Uz1djNORXyay73WeMTn42+izibBNcNhA3tbKNWvnqNl+hNvRID
5JgmbPZJE9alm1EnhIXhN9VLU+Snv7847uTg7XCAyoH/eCROyTZGdek8Zp+bch7r
wqg/HBaTz3XzSI12BX3uzEk3WrQ+N7y9Ki8LUDFa4tmL8E2mGwKmTwu4tALiHWxB
hNVRROyLWR5FAUyKKEQ3VYqYpEpOLSA5G12RZD9Y0+ypLv16vyF5kNGYblZ+VfIa
pmWynQVAkleq4POukNs6KcGB8FayTOLO+42twdFa3Iey1wWcs9GAKYQACQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKPOBUlTuf7WyOQwsEMpPbQLKVlaMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbzg0RlNWTzVfdGJJNURDd1F5azl0QXNwV1ZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgbeAK0A
MA0GCSqGSIb3DQEBCwUAA4IBAQAl8Upym5IA4iHPQsgJOpUFbf10Bi0zRSf7qeTC
nhQISRcslIR8tbFIAFI0s4Z+RnxbRzNLxQ/dCUqxfANB2orlavVlg53oBxQJgD8p
CtKwDwsGYbrGwvUqiGhmgumJ2/Ef9GQSBpGTc45G/pki4QHKuDmM0mws1q7MTKj6
ckbMruy6N+lNJMzTS05XqqTWAsuAzibU/ULa/7ycyFxY08iGXlkaMFGkRQDJxo0f
o1ttEY7JSygsIEmDogpeDLBuv8pKk1xsUdjC4jSz7/FcK3KiVRXjyuokHO3d/XEC
O2CqYUWD3jD3KbDr7Fy48xBucm6b6uoThCpghpyMfQOXPeAM
-----END CERTIFICATE-----