Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rxlrdw-R4Y6VjAvAFtK3aE_8AL8.roa
File:                     rxlrdw-R4Y6VjAvAFtK3aE_8AL8.roa (raw, json)
Hash identifier:          o0zm6WmtYjDDNqE3ZIkPmC/3UEf+gzLtWZNGPmfY3w8=
Subject key identifier:   AF:19:6B:77:0F:91:E1:8E:95:8C:0B:C0:16:D2:B7:68:4F:FC:00:BF
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CD929418A775835037D37FE36E90906CF
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rxlrdw-R4Y6VjAvAFtK3aE_8AL8.roa
Signing time:             Fri 05 Jan 2024 10:26:48 +0000
ROA not before:           Fri 05 Jan 2024 10:26:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44324
IP address blocks:        2a0e:b107:f40::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d9:29:41:8a:77:58:35:03:7d:37:fe:36:e9:09:06:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  5 10:26:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af196b770f91e18e958c0bc016d2b7684ffc00bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:57:7a:4d:e7:ac:23:7c:89:cf:4f:2d:aa:ca:
                    2f:3b:1b:ed:fa:c0:0a:aa:71:25:aa:53:ef:07:ee:
                    0b:d1:25:f1:2f:42:1f:49:d4:bd:42:32:0a:bc:87:
                    0d:3f:56:93:d2:6d:8f:a2:7f:c8:28:c7:b1:f8:7a:
                    ed:ce:fa:e3:87:dd:28:27:73:4f:57:f0:0a:b8:97:
                    24:72:55:30:87:60:e2:c1:1d:dc:bc:df:4e:33:9d:
                    41:79:57:05:46:6a:e4:e1:60:1e:ed:20:c9:89:4c:
                    0c:9e:12:17:d8:9b:85:46:3c:bd:5e:81:16:df:19:
                    79:6b:ec:33:e7:ea:4a:8e:e1:44:bc:7d:45:69:2a:
                    d0:a7:fd:86:d8:70:88:1a:d5:e0:62:43:48:74:31:
                    0f:bd:05:55:c2:4c:58:22:16:21:4b:4c:63:09:07:
                    c8:7b:90:e5:c0:c1:27:fc:43:a1:ce:69:83:c7:ca:
                    e8:1e:29:2a:32:d8:20:79:75:08:e5:93:e8:10:77:
                    f0:b6:03:6a:54:6e:87:8c:5f:66:a4:60:09:5d:75:
                    2d:ee:a2:06:95:40:85:62:f5:21:4a:66:71:31:e5:
                    55:d3:5d:66:37:be:5f:c7:70:d1:14:dd:57:69:8e:
                    c2:73:9d:fe:bb:26:01:22:ba:34:8c:0a:fa:1a:fa:
                    ae:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:19:6B:77:0F:91:E1:8E:95:8C:0B:C0:16:D2:B7:68:4F:FC:00:BF
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/rxlrdw-R4Y6VjAvAFtK3aE_8AL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:f40::/44

    Signature Algorithm: sha256WithRSAEncryption
         a3:23:95:2d:5b:a0:60:97:b4:06:fa:3b:db:18:1b:ad:79:96:
         02:c0:e1:79:1b:e1:71:0d:f0:ed:f9:02:e5:8f:79:6c:cc:9c:
         2c:23:8f:c5:7e:30:f7:9c:ba:1a:12:af:7f:e1:4f:79:e8:4d:
         29:46:db:2b:87:81:cf:80:6f:95:55:39:ac:6c:ff:95:7f:73:
         a2:dd:11:a0:c6:37:15:82:c4:74:72:f6:ac:53:83:89:c7:6a:
         56:10:d9:64:05:86:ae:2f:8b:61:75:1c:b0:e2:b6:a8:4a:9f:
         79:bc:d4:a9:ec:6b:03:ab:71:7a:86:5c:32:93:fc:71:c8:39:
         8e:4f:84:65:96:72:47:b6:ae:6c:d7:d0:47:50:86:c2:3d:78:
         c3:5f:ed:d8:30:8b:9e:34:69:6d:f1:f1:f7:21:ab:a5:34:d0:
         30:80:a0:4a:eb:d4:92:d7:43:ff:18:68:c1:79:b5:50:65:7b:
         61:81:bf:6d:a4:0b:ec:19:a7:8c:2c:d6:c9:75:a9:18:72:c4:
         6d:d6:9b:dc:fd:94:03:a6:56:67:fe:ab:21:8c:60:da:8a:e7:
         cc:9b:0d:63:df:d0:38:5a:85:8c:29:d6:01:40:22:70:17:e9:
         78:8b:16:47:82:f5:9c:01:f5:da:ea:04:57:7f:a6:d8:67:6f:
         9f:7f:71:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzZKUGKd1g1A303/jbpCQbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTA1MTAyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE5NmI3NzBmOTFlMThlOTU4YzBiYzAxNmQyYjc2ODRmZmMwMGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj1d6TeesI3yJz08tqsovOxvt+sAK
qnElqlPvB+4L0SXxL0IfSdS9QjIKvIcNP1aT0m2Pon/IKMex+Hrtzvrjh90oJ3NP
V/AKuJckclUwh2DiwR3cvN9OM51BeVcFRmrk4WAe7SDJiUwMnhIX2JuFRjy9XoEW
3xl5a+wz5+pKjuFEvH1FaSrQp/2G2HCIGtXgYkNIdDEPvQVVwkxYIhYhS0xjCQfI
e5DlwMEn/EOhzmmDx8roHikqMtggeXUI5ZPoEHfwtgNqVG6HjF9mpGAJXXUt7qIG
lUCFYvUhSmZxMeVV011mN75fx3DRFN1XaY7Cc53+uyYBIro0jAr6GvqugQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFK8Za3cPkeGOlYwLwBbSt2hP/AC/MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvcnhscmR3LVI0WTZWakF2QUZ0SzNhRV84QUw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBw9A
MA0GCSqGSIb3DQEBCwUAA4IBAQCjI5UtW6Bgl7QG+jvbGButeZYCwOF5G+FxDfDt
+QLlj3lszJwsI4/FfjD3nLoaEq9/4U956E0pRtsrh4HPgG+VVTmsbP+Vf3Oi3RGg
xjcVgsR0cvasU4OJx2pWENlkBYauL4thdRyw4raoSp95vNSp7GsDq3F6hlwyk/xx
yDmOT4RllnJHtq5s19BHUIbCPXjDX+3YMIueNGlt8fH3IaulNNAwgKBK69SS10P/
GGjBebVQZXthgb9tpAvsGaeMLNbJdakYcsRt1pvc/ZQDplZn/qshjGDaiufMmw1j
39A4WoWMKdYBQCJwF+l4ixZHgvWcAfXa6gRXf6bYZ2+ff3Gi
-----END CERTIFICATE-----