Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tF0hDZXmOaME2OXrkqzbBESsZjg.roa
File:                     tF0hDZXmOaME2OXrkqzbBESsZjg.roa (raw, json)
Hash identifier:          9hm0e3OXwkd2Ow8KlBMocDJUm6OEK9F+72Z/D9LZin0=
Subject key identifier:   B4:5D:21:0D:95:E6:39:A3:04:D8:E5:EB:92:AC:DB:04:44:AC:66:38
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018D146C3FC16EA8DF06BEFF59DD210270F3
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tF0hDZXmOaME2OXrkqzbBESsZjg.roa
Signing time:             Tue 16 Jan 2024 22:37:34 +0000
ROA not before:           Tue 16 Jan 2024 22:37:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215788
IP address blocks:        2a0e:97c0:e90::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:14:6c:3f:c1:6e:a8:df:06:be:ff:59:dd:21:02:70:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan 16 22:37:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b45d210d95e639a304d8e5eb92acdb0444ac6638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:e9:45:36:1c:ee:02:26:12:47:ea:eb:69:43:
                    84:37:53:37:0c:87:7a:ed:24:eb:c2:3c:4c:02:11:
                    8d:2c:79:51:66:a6:d3:3b:ba:67:63:af:7e:3b:79:
                    37:32:2d:83:d8:03:a6:9c:c3:db:27:18:89:a4:30:
                    85:7a:59:8d:63:aa:2d:af:7a:ae:e8:1c:f0:ac:7a:
                    83:cb:27:b5:46:30:72:53:54:88:9c:7c:51:bd:81:
                    9d:78:53:e2:45:b4:9b:45:43:23:32:60:1b:ae:41:
                    5e:1f:a9:d7:e3:44:82:a3:fb:43:4a:67:aa:56:38:
                    d7:fc:1a:45:4c:c2:62:59:13:75:41:a7:3d:e5:7d:
                    69:16:22:34:5c:2a:9a:39:6c:08:de:89:50:f9:5a:
                    d4:44:14:12:4f:5b:b6:43:a7:32:e6:a9:fd:a9:5b:
                    c6:dd:7b:00:ff:11:b7:40:13:42:ac:d9:b1:e2:73:
                    8f:64:10:43:8c:ae:e3:a5:2f:76:a9:d0:10:8c:d7:
                    54:17:d5:9b:5c:79:e0:60:35:cb:0a:ea:94:a3:d9:
                    52:05:24:53:7a:e8:4c:bd:16:fc:aa:e6:f7:cb:c9:
                    77:85:07:12:6c:25:70:6b:59:d6:0e:2a:06:02:37:
                    c9:37:f1:75:1f:b2:b1:a8:8b:ab:29:8c:18:91:e4:
                    87:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:5D:21:0D:95:E6:39:A3:04:D8:E5:EB:92:AC:DB:04:44:AC:66:38
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/tF0hDZXmOaME2OXrkqzbBESsZjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:e90::/48

    Signature Algorithm: sha256WithRSAEncryption
         39:bc:40:c4:b7:04:23:39:85:76:f6:29:0f:bc:52:fd:df:87:
         a7:1a:45:d2:ac:33:70:de:35:b7:53:ec:a5:a4:13:04:96:dd:
         d1:f6:27:da:2b:df:a8:24:5d:4f:89:bd:7a:3b:aa:07:e3:39:
         6d:59:f8:55:33:96:02:4c:fb:b3:1d:81:64:84:07:31:db:98:
         12:89:45:22:5b:48:9b:54:d9:57:73:31:48:74:95:9e:94:d7:
         9a:c3:54:62:43:91:8f:09:02:16:66:99:1b:4f:d5:f8:4a:3a:
         ed:c3:50:86:46:1a:e8:09:d6:66:84:aa:de:6b:2d:0c:f9:f1:
         2f:2b:b5:df:6d:0c:c2:cf:1e:7b:aa:7e:7b:4f:d2:6d:fd:6e:
         d1:c7:2d:e9:0d:f1:ae:d0:11:2b:ce:63:22:5a:b4:44:c2:f4:
         8c:20:ce:34:d2:da:3e:3f:cd:fe:f6:48:3e:2d:c9:04:ad:cd:
         6d:f9:41:77:84:a7:32:4b:f0:17:59:26:0a:bf:7d:b0:21:b8:
         94:fe:56:04:67:7f:c5:b4:1a:8e:1c:66:2d:c2:89:76:30:e4:
         9b:3d:75:86:8a:71:a7:bc:f2:42:47:04:66:b9:b5:bd:1d:e6:
         a7:27:d5:c6:5d:f2:08:b7:5e:24:d6:74:77:4e:fc:23:23:7f:
         e8:30:d7:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY0UbD/BbqjfBr7/Wd0hAnDzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTE2MjIzNzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDVkMjEwZDk1ZTYzOWEzMDRkOGU1ZWI5MmFjZGIwNDQ0YWM2NjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhOlFNhzuAiYSR+rraUOEN1M3DId6
7STrwjxMAhGNLHlRZqbTO7pnY69+O3k3Mi2D2AOmnMPbJxiJpDCFelmNY6otr3qu
6BzwrHqDyye1RjByU1SInHxRvYGdeFPiRbSbRUMjMmAbrkFeH6nX40SCo/tDSmeq
VjjX/BpFTMJiWRN1Qac95X1pFiI0XCqaOWwI3olQ+VrURBQST1u2Q6cy5qn9qVvG
3XsA/xG3QBNCrNmx4nOPZBBDjK7jpS92qdAQjNdUF9WbXHngYDXLCuqUo9lSBSRT
euhMvRb8qub3y8l3hQcSbCVwa1nWDioGAjfJN/F1H7KxqIurKYwYkeSHDwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLRdIQ2V5jmjBNjl65Ks2wRErGY4MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvdEYwaERaWG1PYU1FMk9YcmtxemJCRVNzWmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6XwA6Q
MA0GCSqGSIb3DQEBCwUAA4IBAQA5vEDEtwQjOYV29ikPvFL934enGkXSrDNw3jW3
U+ylpBMElt3R9ifaK9+oJF1Pib16O6oH4zltWfhVM5YCTPuzHYFkhAcx25gSiUUi
W0ibVNlXczFIdJWelNeaw1RiQ5GPCQIWZpkbT9X4Sjrtw1CGRhroCdZmhKreay0M
+fEvK7XfbQzCzx57qn57T9Jt/W7Rxy3pDfGu0BErzmMiWrREwvSMIM400to+P83+
9kg+LckErc1t+UF3hKcyS/AXWSYKv32wIbiU/lYEZ3/FtBqOHGYtwol2MOSbPXWG
inGnvPJCRwRmubW9HeanJ9XGXfIIt14k1nR3TvwjI3/oMNcq
-----END CERTIFICATE-----