Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pHy9jfhOGJKfHk2UwUhTB0ysSKA.roa
File:                     pHy9jfhOGJKfHk2UwUhTB0ysSKA.roa (raw, json)
Hash identifier:          mIL3BlKGftrosmWhZQ9y1KIH0wgTAoPF9+MuoLQydVQ=
Subject key identifier:   A4:7C:BD:8D:F8:4E:18:92:9F:1E:4D:94:C1:48:53:07:4C:AC:48:A0
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD14FD3BABD0B6C32866425B89C108
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pHy9jfhOGJKfHk2UwUhTB0ysSKA.roa
Signing time:             Tue 02 Jan 2024 10:34:21 +0000
ROA not before:           Tue 02 Jan 2024 10:34:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207705
IP address blocks:        2a0e:b107:1950::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:14:fd:3b:ab:d0:b6:c3:28:66:42:5b:89:c1:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a47cbd8df84e18929f1e4d94c14853074cac48a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:b5:b5:bc:c5:a0:f4:0a:a3:40:e9:b0:6c:6b:
                    3c:d0:fa:b6:ed:26:3d:a1:c7:52:06:91:f6:70:f0:
                    d2:75:83:8d:f3:11:6f:bb:8b:bd:a5:69:4e:b6:d8:
                    75:db:19:10:5a:f2:d7:8c:72:aa:4e:af:a6:e6:93:
                    51:b4:29:6e:ae:1c:e1:d7:1f:4a:9c:87:d4:fa:72:
                    9a:4b:f1:77:ec:18:08:3f:db:2d:ff:fb:f3:e3:5f:
                    92:9b:ea:4e:f3:64:55:90:5f:e1:59:66:3b:36:dc:
                    27:34:c8:92:b0:b6:91:62:70:2d:5c:b7:70:c8:e5:
                    2f:e2:bd:11:54:bd:fe:b8:66:8f:25:43:b9:e4:5f:
                    24:60:4c:d8:64:25:30:6b:99:d4:d2:39:0f:dc:46:
                    0c:d4:4b:a7:f7:e8:e3:bf:6b:6a:27:e6:c0:3c:21:
                    2b:75:6d:b8:6b:17:bf:63:cc:0a:96:8e:08:30:dc:
                    48:99:24:5a:c2:1a:37:7b:69:ee:18:c1:9e:42:e9:
                    94:16:15:80:2c:64:08:97:5b:ca:a4:09:8c:c7:a5:
                    fd:40:1f:15:f5:2d:a4:68:a6:50:1b:68:b5:71:81:
                    e5:ac:9d:de:ef:5b:88:31:01:0b:ff:79:e8:74:82:
                    86:49:55:7b:e9:d5:40:4b:8f:ba:db:34:a0:dd:2d:
                    98:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:7C:BD:8D:F8:4E:18:92:9F:1E:4D:94:C1:48:53:07:4C:AC:48:A0
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/pHy9jfhOGJKfHk2UwUhTB0ysSKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1950::/44

    Signature Algorithm: sha256WithRSAEncryption
         89:90:85:9e:38:9f:2f:d8:0f:9f:b3:8a:a6:94:11:93:3b:f5:
         e5:65:01:75:41:fb:1d:8f:59:e9:ec:28:8c:ee:44:ae:18:6a:
         9d:66:7e:5a:d6:a2:13:4d:cf:f0:c5:24:cf:d8:c8:f9:65:e0:
         5e:76:cc:d2:b8:c7:a9:04:7a:e0:fa:e0:51:7b:6c:f3:c0:e3:
         fa:6f:a4:5a:0f:d4:81:7b:da:5e:34:d2:58:b5:59:6a:be:fe:
         34:fd:42:e4:b7:2f:2f:66:af:87:84:a4:9f:e1:f1:da:01:9b:
         9e:50:7d:4f:e7:e3:d2:42:d3:11:f1:4c:38:9a:6d:9e:95:dc:
         ce:6d:f4:53:de:6f:ab:cd:59:1b:ef:0f:da:81:8c:bf:58:9b:
         a1:d3:3f:bb:fc:53:4e:24:f1:82:2e:cc:8d:18:e9:91:09:3c:
         6a:dc:f0:2d:a9:eb:0d:76:c0:56:dc:7e:30:56:8c:65:4a:b9:
         1a:2d:3f:f2:c5:56:6d:05:e3:17:b4:ac:66:f7:ef:c5:62:35:
         99:2e:c9:40:07:62:5c:14:aa:f0:31:12:c7:b5:a3:a5:57:2c:
         76:0d:b4:84:06:e5:c0:3a:b2:25:82:f9:1c:2c:91:96:4a:2a:
         27:ab:0c:f9:77:c6:20:c0:57:3d:ce:e6:9b:e0:89:a7:01:52:
         c3:09:22:6e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvRT9O6vQtsMoZkJbicEIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDdjYmQ4ZGY4NGUxODkyOWYxZTRkOTRjMTQ4NTMwNzRjYWM0OGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorW1vMWg9AqjQOmwbGs80Pq27SY9
ocdSBpH2cPDSdYON8xFvu4u9pWlOtth12xkQWvLXjHKqTq+m5pNRtClurhzh1x9K
nIfU+nKaS/F37BgIP9st//vz41+Sm+pO82RVkF/hWWY7NtwnNMiSsLaRYnAtXLdw
yOUv4r0RVL3+uGaPJUO55F8kYEzYZCUwa5nU0jkP3EYM1Eun9+jjv2tqJ+bAPCEr
dW24axe/Y8wKlo4IMNxImSRawho3e2nuGMGeQumUFhWALGQIl1vKpAmMx6X9QB8V
9S2kaKZQG2i1cYHlrJ3e71uIMQEL/3nodIKGSVV76dVAS4+62zSg3S2YrwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKR8vY34ThiSnx5NlMFIUwdMrEigMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcEh5OWpmaE9HSktmSGsyVXdVaFRCMHlzU0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxlQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCJkIWeOJ8v2A+fs4qmlBGTO/XlZQF1Qfsdj1np
7CiM7kSuGGqdZn5a1qITTc/wxSTP2Mj5ZeBedszSuMepBHrg+uBRe2zzwOP6b6Ra
D9SBe9peNNJYtVlqvv40/ULkty8vZq+HhKSf4fHaAZueUH1P5+PSQtMR8Uw4mm2e
ldzObfRT3m+rzVkb7w/agYy/WJuh0z+7/FNOJPGCLsyNGOmRCTxq3PAtqesNdsBW
3H4wVoxlSrkaLT/yxVZtBeMXtKxm9+/FYjWZLslAB2JcFKrwMRLHtaOlVyx2DbSE
BuXAOrIlgvkcLJGWSionqwz5d8YgwFc9zuab4ImnAVLDCSJu
-----END CERTIFICATE-----