Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zIg9AMS44gIVPsCHBDBWnPgLyww.roa
File:                     zIg9AMS44gIVPsCHBDBWnPgLyww.roa (raw, json)
Hash identifier:          xOOv7Le38Hq9v68lbT28dp7ntXv78sn4g6SVz7BnMpU=
Subject key identifier:   CC:88:3D:00:C4:B8:E2:02:15:3E:C0:87:04:30:56:9C:F8:0B:CB:0C
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018CC9BD51A3BE2D3E91BBF6C2080FFFFD55
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zIg9AMS44gIVPsCHBDBWnPgLyww.roa
Signing time:             Tue 02 Jan 2024 10:34:36 +0000
ROA not before:           Tue 02 Jan 2024 10:34:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213377
IP address blocks:        2a0e:b107:1080::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bd:51:a3:be:2d:3e:91:bb:f6:c2:08:0f:ff:fd:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 10:34:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc883d00c4b8e202153ec0870430569cf80bcb0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1f:ac:3c:86:99:84:75:2b:1f:63:43:9f:b1:
                    a0:59:51:ed:10:50:7e:07:88:0b:63:92:53:10:99:
                    a5:f5:a9:d8:2f:26:cd:ab:81:cc:98:fa:00:60:c2:
                    a0:51:df:f3:a6:a9:57:17:a0:a9:93:f6:91:56:4c:
                    30:3d:c8:49:c6:c8:3e:7e:7d:83:1e:1f:f5:0a:c3:
                    ec:33:3a:f1:68:f7:ee:9e:bf:6f:7d:b3:50:ea:73:
                    12:57:37:89:1f:f5:a6:40:f1:7a:71:3d:dd:c9:df:
                    75:94:ca:9e:30:53:13:69:1f:e7:40:63:fe:3f:e8:
                    dc:c1:15:4c:02:a3:86:0d:a6:4a:36:0e:6f:02:fc:
                    dc:23:04:b9:25:7f:c7:0f:ba:21:5f:6a:54:10:86:
                    35:74:e7:7f:7a:e5:73:89:7b:e0:98:d8:fd:b4:1d:
                    bf:65:fd:77:39:42:c0:53:1c:ab:fd:8b:45:4a:a7:
                    dc:f8:c9:6a:97:c5:cc:f6:f6:fa:51:ea:24:b4:9f:
                    65:1c:ef:62:11:2b:cf:b2:f1:3a:21:c3:dd:5d:0c:
                    7a:6e:40:7d:5a:25:65:71:1f:ae:b9:1b:1c:b8:c5:
                    18:fb:a3:90:e3:41:4c:69:43:45:77:74:10:ee:ce:
                    40:ec:b0:1c:f0:4d:11:b0:b6:7e:f8:49:d0:92:12:
                    39:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:88:3D:00:C4:B8:E2:02:15:3E:C0:87:04:30:56:9C:F8:0B:CB:0C
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/zIg9AMS44gIVPsCHBDBWnPgLyww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1080::/44

    Signature Algorithm: sha256WithRSAEncryption
         4e:65:fb:8d:97:4b:7f:07:cc:7d:0b:b5:36:ee:e2:be:96:59:
         0b:f7:b9:87:60:d1:aa:b4:17:a0:4a:b2:3a:db:df:98:b1:ee:
         74:3b:1c:f5:bb:16:66:aa:74:ac:6d:94:51:5e:7a:08:5c:9e:
         e9:0d:98:93:4b:fa:c5:ed:ac:be:a4:a3:16:d6:43:54:79:98:
         39:28:84:fe:59:d3:db:ff:13:46:99:46:db:50:ec:c9:18:30:
         20:52:28:f7:fb:e9:ca:fd:36:f3:3a:ee:2c:81:3f:0a:a2:4e:
         6a:24:6b:62:7d:dc:52:69:83:94:36:16:6e:34:ca:b8:4e:cd:
         4e:71:2e:5b:9e:2a:b7:ac:0c:6e:cb:0b:c4:53:39:a3:cd:45:
         1d:e0:33:ec:a3:05:59:3f:53:60:1f:f2:f0:45:ac:6d:3e:4b:
         b7:18:0e:f3:ce:b8:78:fa:62:c2:00:0e:c5:bd:49:a9:8e:2a:
         77:87:3d:2f:fa:60:e9:e9:94:5d:44:0a:cf:82:96:88:e4:7b:
         f1:8e:84:a5:05:3c:0e:5a:f3:49:cc:b2:a5:17:5a:9a:d7:4a:
         01:cf:7e:0c:b4:ab:5f:8a:2e:b7:83:59:4c:42:75:19:72:87:
         ed:25:76:7c:2b:ce:e6:73:22:59:58:bf:4b:bc:a2:f5:39:ec:
         b0:c7:21:f6
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAYzJvVGjvi0+kbv2wggP//1VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjQwMTAyMTAzNDM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzg4M2QwMGM0YjhlMjAyMTUzZWMwODcwNDMwNTY5Y2Y4MGJjYjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkh+sPIaZhHUrH2NDn7GgWVHtEFB+
B4gLY5JTEJml9anYLybNq4HMmPoAYMKgUd/zpqlXF6Cpk/aRVkwwPchJxsg+fn2D
Hh/1CsPsMzrxaPfunr9vfbNQ6nMSVzeJH/WmQPF6cT3dyd91lMqeMFMTaR/nQGP+
P+jcwRVMAqOGDaZKNg5vAvzcIwS5JX/HD7ohX2pUEIY1dOd/euVziXvgmNj9tB2/
Zf13OULAUxyr/YtFSqfc+Mlql8XM9vb6UeoktJ9lHO9iESvPsvE6IcPdXQx6bkB9
WiVlcR+uuRscuMUY+6OQ40FMaUNFd3QQ7s5A7LAc8E0RsLZ++EnQkhI52wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMyIPQDEuOICFT7AhwQwVpz4C8sMMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveklnOUFNUzQ0Z0lWUHNDSEJEQlduUGdMeXd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxCA
MA0GCSqGSIb3DQEBCwUAA4IBAQBOZfuNl0t/B8x9C7U27uK+llkL97mHYNGqtBeg
SrI629+Yse50Oxz1uxZmqnSsbZRRXnoIXJ7pDZiTS/rF7ay+pKMW1kNUeZg5KIT+
WdPb/xNGmUbbUOzJGDAgUij3++nK/TbzOu4sgT8Kok5qJGtifdxSaYOUNhZuNMq4
Ts1OcS5bniq3rAxuywvEUzmjzUUd4DPsowVZP1NgH/LwRaxtPku3GA7zzrh4+mLC
AA7FvUmpjip3hz0v+mDp6ZRdRArPgpaI5HvxjoSlBTwOWvNJzLKlF1qa10oBz34M
tKtfii63g1lMQnUZcoftJXZ8K87mcyJZWL9LvKL1OeywxyH2
-----END CERTIFICATE-----