Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/onjBUhWAKZnniMCyFOGrNurmEZ0.roa
File:                     onjBUhWAKZnniMCyFOGrNurmEZ0.roa (raw, json)
Hash identifier:          qx//Tvbc1fbPvEAaa3Rv5wZmRixCkqrNRQcoJveYtxM=
Subject key identifier:   A2:78:C1:52:15:80:29:99:E7:88:C0:B2:14:E1:AB:36:EA:E6:11:9D
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018EAA3C2FC901B5E155F33A797849DA5414
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/onjBUhWAKZnniMCyFOGrNurmEZ0.roa
Signing time:             Thu 04 Apr 2024 17:50:54 +0000
ROA not before:           Thu 04 Apr 2024 17:50:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215168
IP address blocks:        2a0e:97c0:7c0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:aa:3c:2f:c9:01:b5:e1:55:f3:3a:79:78:49:da:54:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Apr  4 17:50:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a278c15215802999e788c0b214e1ab36eae6119d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:a8:b6:d6:2d:36:f7:d6:d3:49:f5:b5:11:39:
                    7e:f8:20:aa:9a:a8:07:04:5d:93:ae:20:3a:16:dd:
                    b9:50:e1:67:0c:d7:59:2f:55:5b:59:22:8b:52:1b:
                    41:61:42:52:53:e4:5b:0e:8b:fa:2b:71:11:f2:5f:
                    28:b3:1e:56:43:c3:07:66:c4:19:40:4e:cf:90:c7:
                    bf:83:fb:5d:c4:2e:ce:04:07:56:2b:07:d1:96:88:
                    65:85:42:a3:f2:93:92:4b:30:19:f1:40:e6:87:fa:
                    ce:db:67:50:78:3c:e8:f1:4f:76:88:0c:27:dd:c7:
                    52:54:b8:e2:55:8d:ee:b2:d2:11:bb:e0:d0:63:cb:
                    18:9b:fa:1d:36:0a:dc:3c:54:3f:73:f2:2c:ce:95:
                    12:0d:60:9a:17:6c:b6:cb:3f:8c:7a:38:e2:8f:4d:
                    ae:95:f2:f4:d1:ea:e3:92:a5:85:da:32:b7:24:37:
                    54:9e:df:43:dc:37:d3:50:ae:32:95:ae:00:0b:a2:
                    35:60:d3:52:bc:70:a7:56:5f:3c:5b:39:fc:9a:58:
                    62:fb:1d:e5:82:9d:ba:13:de:cf:3d:c2:42:a3:2c:
                    97:9b:c8:07:b1:3d:06:37:f1:4c:38:47:6b:dd:c2:
                    a6:20:c7:05:c4:e9:ed:ef:3c:d5:29:81:73:35:87:
                    69:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:78:C1:52:15:80:29:99:E7:88:C0:B2:14:E1:AB:36:EA:E6:11:9D
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/onjBUhWAKZnniMCyFOGrNurmEZ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:7c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a7:f1:24:99:da:0d:6b:94:c9:54:3a:72:f9:b4:09:4b:c4:7c:
         e2:04:df:8e:86:d9:ad:fa:0c:05:dc:76:37:21:65:44:b5:16:
         c2:55:da:85:36:bf:a8:5f:68:ae:a4:6d:c6:76:3c:4a:3e:d7:
         55:89:fc:b5:5a:bf:f1:af:51:55:37:69:66:13:12:62:e6:d6:
         3f:cc:73:80:80:6a:79:e8:d6:39:6b:f3:34:80:05:53:e8:b5:
         d1:a3:38:49:1b:03:47:f0:41:d9:4d:92:71:51:7a:c2:94:ae:
         5e:df:43:86:d6:18:60:ba:6e:b1:a4:d1:36:1f:ca:ba:b9:6f:
         2d:da:6e:26:46:6a:71:bd:ef:d6:2d:05:d6:b1:eb:51:17:f7:
         76:af:c9:2a:2a:4c:b2:a5:35:af:1a:17:b6:f8:93:37:38:0a:
         eb:ff:3d:53:20:ad:81:7d:9b:90:ae:80:2a:b8:7b:7e:5b:62:
         e0:b4:b6:db:65:b1:cd:36:ca:65:8f:e4:5c:ca:71:ab:a7:20:
         5f:67:ca:3d:1a:14:51:e2:ec:79:53:61:5e:63:45:fc:5a:4d:
         fd:98:75:cf:f1:2a:da:8a:77:94:c6:78:bf:4d:34:5d:76:99:
         93:9c:ea:ca:80:a4:a7:49:80:85:77:5d:5a:fd:02:dc:6b:92:
         b6:30:6c:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY6qPC/JAbXhVfM6eXhJ2lQUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwNDA0MTc1MDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjc4YzE1MjE1ODAyOTk5ZTc4OGMwYjIxNGUxYWIzNmVhZTYxMTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Ki21i0299bTSfW1ETl++CCqmqgH
BF2TriA6Ft25UOFnDNdZL1VbWSKLUhtBYUJSU+RbDov6K3ER8l8osx5WQ8MHZsQZ
QE7PkMe/g/tdxC7OBAdWKwfRlohlhUKj8pOSSzAZ8UDmh/rO22dQeDzo8U92iAwn
3cdSVLjiVY3ustIRu+DQY8sYm/odNgrcPFQ/c/IszpUSDWCaF2y2yz+Mejjij02u
lfL00erjkqWF2jK3JDdUnt9D3DfTUK4yla4AC6I1YNNSvHCnVl88Wzn8mlhi+x3l
gp26E97PPcJCoyyXm8gHsT0GN/FMOEdr3cKmIMcFxOnt7zzVKYFzNYdpnwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKJ4wVIVgCmZ54jAshThqzbq5hGdMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvb25qQlVoV0FLWm5uaU1DeUZPR3JOdXJtRVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAfA
MA0GCSqGSIb3DQEBCwUAA4IBAQCn8SSZ2g1rlMlUOnL5tAlLxHziBN+Ohtmt+gwF
3HY3IWVEtRbCVdqFNr+oX2iupG3GdjxKPtdVify1Wr/xr1FVN2lmExJi5tY/zHOA
gGp56NY5a/M0gAVT6LXRozhJGwNH8EHZTZJxUXrClK5e30OG1hhgum6xpNE2H8q6
uW8t2m4mRmpxve/WLQXWsetRF/d2r8kqKkyypTWvGhe2+JM3OArr/z1TIK2BfZuQ
roAquHt+W2LgtLbbZbHNNsplj+RcynGrpyBfZ8o9GhRR4ux5U2FeY0X8Wk39mHXP
8SraineUxni/TTRddpmTnOrKgKSnSYCFd11a/QLca5K2MGzR
-----END CERTIFICATE-----