Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ybdjfW5L1FWoSUf_eTuUyuYGMrI.roa
File:                     ybdjfW5L1FWoSUf_eTuUyuYGMrI.roa (raw, json)
Hash identifier:          +Q+de+5/XHq/QfyklUcy3UD+LzoRhUxKNXyRBN3PTCI=
Subject key identifier:   C9:B7:63:7D:6E:4B:D4:55:A8:49:47:FF:79:3B:94:CA:E6:06:32:B2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD3D7CF21E3BEA6EA401987EDF707F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ybdjfW5L1FWoSUf_eTuUyuYGMrI.roa
Signing time:             Tue 02 Jan 2024 10:34:31 +0000
ROA not before:           Tue 02 Jan 2024 10:34:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211940
IP address blocks:        2a0e:b107:9fa::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 09:38:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:3d:7c:f2:1e:3b:ea:6e:a4:01:98:7e:df:70:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9b7637d6e4bd455a84947ff793b94cae60632b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:35:98:cb:dd:04:85:7f:76:1e:09:ad:bb:4c:
                    f8:7a:24:3e:4d:b2:1b:2e:ee:f5:0b:35:82:a9:71:
                    67:6b:58:0f:77:2e:72:23:64:2a:69:41:9c:ee:be:
                    0e:03:ee:7a:01:db:eb:81:a5:43:09:00:68:48:36:
                    fe:fb:5f:75:f0:5f:99:2f:35:57:35:e8:6e:a6:de:
                    4d:8f:6a:b4:76:8e:30:05:df:3c:d7:23:ee:5a:99:
                    ec:a7:ab:11:68:28:ab:17:9f:d3:d7:90:79:94:5b:
                    73:87:47:ca:1e:a1:7a:1e:3a:e3:c4:b0:df:b8:64:
                    99:a4:f6:ec:7d:76:3c:12:8e:89:cf:f7:45:7d:89:
                    ea:bc:09:6e:fa:1f:58:43:51:6b:83:c5:32:80:aa:
                    21:e3:d3:f5:a3:81:48:53:74:e7:de:dd:81:52:5b:
                    e0:02:9a:4f:3c:2a:e9:8b:f8:3b:03:90:82:99:20:
                    d3:21:5a:af:fb:3b:51:87:d0:91:f2:b9:b9:05:9f:
                    e7:01:58:9e:c4:c2:0c:02:4b:c3:fa:94:d4:f0:e7:
                    99:a9:48:04:06:9c:56:94:1d:b9:b3:53:d2:1a:6f:
                    0e:75:0b:bb:28:08:2f:ed:4e:e0:76:2b:96:7e:f9:
                    11:b8:70:dd:29:38:09:fc:e4:05:6f:36:cd:dc:a3:
                    13:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:B7:63:7D:6E:4B:D4:55:A8:49:47:FF:79:3B:94:CA:E6:06:32:B2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ybdjfW5L1FWoSUf_eTuUyuYGMrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:9fa::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:21:2f:56:85:88:32:7d:a4:3d:19:ca:72:4b:5f:72:03:e9:
         d5:80:94:72:69:51:ec:c6:72:90:16:a2:5a:fa:06:3e:49:d3:
         1c:5c:b1:af:3e:ff:5a:f9:31:eb:d0:48:02:3a:ae:d0:0d:61:
         18:c8:f7:19:0f:2e:89:bc:4e:6f:f8:35:37:27:b9:b6:06:00:
         52:7b:43:dc:c8:27:3f:9e:04:a7:dd:3f:a7:72:42:dd:d5:0f:
         1f:b8:82:74:43:62:29:5a:9a:83:f3:2d:12:be:25:d1:5a:12:
         99:86:b0:96:f4:0d:a2:e0:3c:fb:d3:f2:63:a7:b3:34:ff:2a:
         9c:f0:1a:b3:1e:11:d0:9a:55:56:43:59:69:ed:16:ce:b4:f1:
         2f:4f:1d:d0:28:31:1e:62:77:bf:06:91:b7:e9:60:45:54:6b:
         28:ab:73:d6:9b:4b:20:d5:14:b0:19:20:87:0a:23:f9:56:b8:
         28:29:db:63:b5:fc:36:de:4c:54:5f:29:f2:01:b8:6f:98:b4:
         d6:ed:72:e7:d9:57:77:46:49:bc:f5:86:44:6e:29:44:ac:65:
         e7:8f:50:7a:b2:c7:5d:c1:d4:0c:32:a4:c8:56:1b:e5:4c:cb:
         90:ad:d3:48:d8:6f:2b:f5:3e:fb:f1:01:1a:3a:89:8a:fe:7f:
         32:54:9e:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvT188h476m6kAZh+33B/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWI3NjM3ZDZlNGJkNDU1YTg0OTQ3ZmY3OTNiOTRjYWU2MDYzMmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjWYy90EhX92Hgmtu0z4eiQ+TbIb
Lu71CzWCqXFna1gPdy5yI2QqaUGc7r4OA+56AdvrgaVDCQBoSDb++1918F+ZLzVX
Nehupt5Nj2q0do4wBd881yPuWpnsp6sRaCirF5/T15B5lFtzh0fKHqF6HjrjxLDf
uGSZpPbsfXY8Eo6Jz/dFfYnqvAlu+h9YQ1Frg8UygKoh49P1o4FIU3Tn3t2BUlvg
AppPPCrpi/g7A5CCmSDTIVqv+ztRh9CR8rm5BZ/nAViexMIMAkvD+pTU8OeZqUgE
BpxWlB25s1PSGm8OdQu7KAgv7U7gdiuWfvkRuHDdKTgJ/OQFbzbN3KMTvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMm3Y31uS9RVqElH/3k7lMrmBjKyMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveWJkamZXNUwxRldvU1VmX2VUdVV5dVlHTXJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBwn6
MA0GCSqGSIb3DQEBCwUAA4IBAQBPIS9WhYgyfaQ9GcpyS19yA+nVgJRyaVHsxnKQ
FqJa+gY+SdMcXLGvPv9a+THr0EgCOq7QDWEYyPcZDy6JvE5v+DU3J7m2BgBSe0Pc
yCc/ngSn3T+nckLd1Q8fuIJ0Q2IpWpqD8y0SviXRWhKZhrCW9A2i4Dz70/Jjp7M0
/yqc8BqzHhHQmlVWQ1lp7RbOtPEvTx3QKDEeYne/BpG36WBFVGsoq3PWm0sg1RSw
GSCHCiP5VrgoKdtjtfw23kxUXynyAbhvmLTW7XLn2Vd3Rkm89YZEbilErGXnj1B6
ssddwdQMMqTIVhvlTMuQrdNI2G8r9T778QEaOomK/n8yVJ6i
-----END CERTIFICATE-----