Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/r7d5HRvXT5ratpnQuJktXaHKr70.roa
File:                     r7d5HRvXT5ratpnQuJktXaHKr70.roa (raw, json)
Hash identifier:          vG9RNZ7TyIaNpByV/FDWOAaopjfmUdcpIf0tTNiz8AM=
Subject key identifier:   AF:B7:79:1D:1B:D7:4F:9A:DA:B6:99:D0:B8:99:2D:5D:A1:CA:AF:BD
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018DFBC417636F6E726CAFCFED28F30F6D17
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/r7d5HRvXT5ratpnQuJktXaHKr70.roa
Signing time:             Fri 01 Mar 2024 20:45:48 +0000
ROA not before:           Fri 01 Mar 2024 20:45:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202673
IP address blocks:        2a0e:97c0:c40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:fb:c4:17:63:6f:6e:72:6c:af:cf:ed:28:f3:0f:6d:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Mar  1 20:45:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=afb7791d1bd74f9adab699d0b8992d5da1caafbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:06:49:73:93:d2:7c:d6:54:2f:18:17:a7:e8:
                    84:d4:47:8a:5b:8a:32:9f:b8:8a:dc:7c:a4:5f:8e:
                    03:61:b0:c9:2b:6d:ef:6d:7d:cb:ba:47:c8:59:09:
                    11:ed:7f:4d:ea:ef:6b:59:6f:f5:92:90:e7:5e:4b:
                    b8:8b:63:f0:7c:ca:1d:d5:2a:b0:d2:96:59:63:9b:
                    26:79:ec:39:4a:2b:01:5f:93:ba:cd:40:d1:5c:d5:
                    38:70:10:3e:78:a0:ea:be:ab:49:9f:38:93:49:bf:
                    ba:cf:df:77:5c:c6:6c:1f:91:58:c4:4b:68:ac:f7:
                    63:b7:85:01:41:2d:d4:f5:91:a9:74:f9:be:43:78:
                    b9:52:1a:ac:5b:04:3f:4e:4b:a5:56:8a:6c:55:ec:
                    fb:8b:53:96:25:77:28:4c:05:89:01:49:4c:5c:06:
                    45:d0:ac:71:46:28:16:23:6f:cd:64:53:db:d7:75:
                    97:b0:b6:22:b5:1c:5d:49:88:83:36:29:bf:38:d4:
                    a5:ef:b5:bf:1f:29:3b:4f:30:ff:b2:25:d4:42:95:
                    d5:b6:66:3e:a6:4d:ea:60:44:31:f6:be:db:a0:0a:
                    30:0c:f8:d1:5c:57:38:62:e5:ec:2c:8a:41:7f:51:
                    4d:96:e3:35:74:40:44:98:78:5c:45:c6:1a:c5:0e:
                    c5:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:B7:79:1D:1B:D7:4F:9A:DA:B6:99:D0:B8:99:2D:5D:A1:CA:AF:BD
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/r7d5HRvXT5ratpnQuJktXaHKr70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:c40::/44

    Signature Algorithm: sha256WithRSAEncryption
         ba:dd:17:f6:bc:a4:47:83:74:59:d0:12:25:f5:ba:44:39:b7:
         9d:74:d1:54:7c:76:32:5d:ce:5a:c4:31:45:9d:fd:ac:ce:e5:
         8b:1a:e5:64:e7:7f:db:e6:dd:a1:fe:9b:7d:44:c7:61:c0:3e:
         48:a4:61:24:6f:7d:e5:cb:56:48:6d:f8:91:df:a5:7a:d8:51:
         61:d9:41:28:15:7e:b1:08:06:c0:67:bf:72:0b:40:c4:87:ff:
         d9:94:69:75:06:b4:39:01:43:87:eb:82:c2:ec:da:b5:2f:85:
         8a:bc:28:57:a3:d7:20:02:00:be:b2:50:b6:04:55:c0:b9:2f:
         d9:09:25:97:b3:86:3e:e0:e7:b7:c4:12:74:0e:89:16:60:da:
         b0:b1:d6:2a:d3:8c:ac:31:1b:e8:b7:ea:04:70:bc:62:fb:be:
         45:cd:ba:ef:67:e8:6d:87:02:32:89:b9:a0:9f:b9:d9:05:41:
         45:1f:db:0f:17:33:27:84:ae:82:53:62:9b:aa:94:7d:fe:3b:
         17:6c:8a:51:4d:ca:85:e6:04:34:f8:e2:c6:7f:e1:d7:75:40:
         33:f5:51:df:a6:15:8a:b8:2f:c8:69:1f:bc:f1:e7:7d:e6:0f:
         d5:06:3f:16:42:71:f7:43:2e:fd:fc:67:95:6d:77:6e:5e:1b:
         e6:24:19:0b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY37xBdjb25ybK/P7SjzD20XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMzAxMjA0NTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZmI3NzkxZDFiZDc0ZjlhZGFiNjk5ZDBiODk5MmQ1ZGExY2FhZmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwZJc5PSfNZULxgXp+iE1EeKW4oy
n7iK3HykX44DYbDJK23vbX3LukfIWQkR7X9N6u9rWW/1kpDnXku4i2PwfMod1Sqw
0pZZY5smeew5SisBX5O6zUDRXNU4cBA+eKDqvqtJnziTSb+6z993XMZsH5FYxEto
rPdjt4UBQS3U9ZGpdPm+Q3i5UhqsWwQ/TkulVopsVez7i1OWJXcoTAWJAUlMXAZF
0KxxRigWI2/NZFPb13WXsLYitRxdSYiDNim/ONSl77W/Hyk7TzD/siXUQpXVtmY+
pk3qYEQx9r7boAowDPjRXFc4YuXsLIpBf1FNluM1dEBEmHhcRcYaxQ7F3QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK+3eR0b10+a2raZ0LiZLV2hyq+9MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcjdkNUhSdlhUNXJhdHBuUXVKa3RYYUhLcjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6XwAxA
MA0GCSqGSIb3DQEBCwUAA4IBAQC63Rf2vKRHg3RZ0BIl9bpEObeddNFUfHYyXc5a
xDFFnf2szuWLGuVk53/b5t2h/pt9RMdhwD5IpGEkb33ly1ZIbfiR36V62FFh2UEo
FX6xCAbAZ79yC0DEh//ZlGl1BrQ5AUOH64LC7Nq1L4WKvChXo9cgAgC+slC2BFXA
uS/ZCSWXs4Y+4Oe3xBJ0DokWYNqwsdYq04ysMRvot+oEcLxi+75FzbrvZ+hthwIy
ibmgn7nZBUFFH9sPFzMnhK6CU2KbqpR9/jsXbIpRTcqF5gQ0+OLGf+HXdUAz9VHf
phWKuC/IaR+88ed95g/VBj8WQnH3Qy79/GeVbXduXhvmJBkL
-----END CERTIFICATE-----