Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4QBGfpD_s0YxlJ3x_x4qENjQXBU.roa
File:                     4QBGfpD_s0YxlJ3x_x4qENjQXBU.roa (raw, json)
Hash identifier:          X7xmFDUYg/H3Bpr/8xTRtPuZh59ltSJCXlHeem+BdbM=
Subject key identifier:   E1:00:46:7E:90:FF:B3:46:31:94:9D:F1:FF:1E:2A:10:D8:D0:5C:15
Certificate issuer:       /CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
Certificate serial:       019422FBED68AD961C6B6B1562CEE597AC5E
Authority key identifier: 9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4QBGfpD_s0YxlJ3x_x4qENjQXBU.roa
Signing time:             Wed 01 Jan 2025 17:48:43 +0000
ROA not before:           Wed 01 Jan 2025 17:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213716
IP address blocks:        2a0c:9a40:8650::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:ed:68:ad:96:1c:6b:6b:15:62:ce:e5:97:ac:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e95a361fe2b2c5292626ba4c56a65a814e48008
        Validity
            Not Before: Jan  1 17:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e100467e90ffb34631949df1ff1e2a10d8d05c15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4a:06:c7:44:54:92:1a:21:65:5f:1f:9d:3a:
                    3f:5d:b9:b7:4f:e2:5d:62:2b:68:11:b0:46:9f:68:
                    db:19:10:5f:b5:c9:00:14:19:a2:dd:ad:17:22:1d:
                    61:fb:96:e7:cc:8a:3d:7e:e6:f9:92:dd:34:6e:9e:
                    0b:a1:8d:6d:d8:f1:8d:4b:0c:48:d0:4c:36:ce:70:
                    97:c4:38:94:f6:21:f0:52:f7:64:e6:70:47:7c:4d:
                    6b:ea:3d:1a:f0:3f:cf:01:6c:20:2d:9f:35:d9:7c:
                    dd:43:45:1d:26:12:16:0d:a0:6e:e2:8e:56:9b:5d:
                    7c:0e:b4:df:25:63:62:1c:c3:86:a2:0d:34:69:0a:
                    8c:7d:92:f0:76:56:49:36:51:5d:f0:70:86:ab:40:
                    70:fe:4f:30:57:69:51:00:f8:cd:27:1d:d7:f1:be:
                    de:d9:59:d7:b8:2d:7b:24:4d:6a:88:d1:9b:d6:20:
                    7b:fb:ed:4f:d6:21:45:14:5a:ba:13:4f:0b:40:65:
                    89:23:61:55:59:17:77:02:b9:ec:6a:42:f2:af:a9:
                    82:d2:06:29:5f:81:1f:c4:dd:a1:92:0d:60:f5:06:
                    1c:f5:00:10:ac:82:e2:c1:1e:a8:6b:d0:fd:68:98:
                    e9:1d:fb:34:ef:bd:8a:7c:d8:39:06:8f:17:b7:b4:
                    12:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:00:46:7E:90:FF:B3:46:31:94:9D:F1:FF:1E:2A:10:D8:D0:5C:15
            X509v3 Authority Key Identifier:
                keyid:9E:95:A3:61:FE:2B:2C:52:92:62:6B:A4:C5:6A:65:A8:14:E4:80:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/npWjYf4rLFKSYmukxWplqBTkgAg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/4QBGfpD_s0YxlJ3x_x4qENjQXBU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f96f73-6686-4164-b23f-bf4e527b9fa8/1/npWjYf4rLFKSYmukxWplqBTkgAg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:9a40:8650::/48

    Signature Algorithm: sha256WithRSAEncryption
         07:af:98:9e:b7:af:89:29:1c:47:7a:ce:c8:6f:73:1c:e2:93:
         9a:3b:19:86:a2:fc:7f:25:41:9c:57:ff:5b:e0:43:f1:4d:b6:
         11:90:7a:d0:8a:52:60:a6:02:41:4f:4f:4f:3c:6b:2a:38:42:
         8f:4b:ba:88:98:7f:73:65:55:ef:23:22:1f:03:8f:5c:fe:03:
         69:24:3d:80:c0:e7:7f:f8:f0:de:cb:cc:a6:bf:ed:3e:d4:c2:
         bf:d5:11:ce:58:03:20:e9:b0:94:b2:a3:35:7b:f1:1c:b3:50:
         19:52:19:a2:20:c2:52:c6:d3:10:03:f9:43:e3:4e:4d:c4:7b:
         6c:d3:41:8b:be:90:8e:8b:03:8f:29:c9:ff:14:5d:0f:6f:d6:
         18:2c:03:18:1a:9b:85:bc:33:c7:d1:72:12:1e:82:ce:f8:2e:
         90:33:35:46:4b:1c:23:38:b1:dd:59:92:60:41:ac:40:e0:f2:
         a3:97:2f:65:4b:0e:6f:0d:a5:dc:11:48:af:d1:71:3f:bf:56:
         e9:95:40:dd:db:12:59:fa:4e:a8:c9:89:b5:1a:e7:0a:11:f1:
         6f:2e:e5:13:19:30:92:33:a9:0d:a5:b8:86:e8:2a:74:17:6a:
         8c:07:84:a4:c3:95:1d:9d:75:9b:6b:00:91:98:a6:63:1e:d5:
         f3:53:ab:d4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQi++1orZYca2sVYs7ll6xeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllOTVhMzYxZmUyYjJjNTI5MjYyNmJhNGM1NmE2NWE4MTRl
NDgwMDgwHhcNMjUwMTAxMTc0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTAwNDY3ZTkwZmZiMzQ2MzE5NDlkZjFmZjFlMmExMGQ4ZDA1YzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyEoGx0RUkhohZV8fnTo/Xbm3T+Jd
YitoEbBGn2jbGRBftckAFBmi3a0XIh1h+5bnzIo9fub5kt00bp4LoY1t2PGNSwxI
0Ew2znCXxDiU9iHwUvdk5nBHfE1r6j0a8D/PAWwgLZ812XzdQ0UdJhIWDaBu4o5W
m118DrTfJWNiHMOGog00aQqMfZLwdlZJNlFd8HCGq0Bw/k8wV2lRAPjNJx3X8b7e
2VnXuC17JE1qiNGb1iB7++1P1iFFFFq6E08LQGWJI2FVWRd3ArnsakLyr6mC0gYp
X4EfxN2hkg1g9QYc9QAQrILiwR6oa9D9aJjpHfs0772KfNg5Bo8Xt7QSewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFOEARn6Q/7NGMZSd8f8eKhDY0FwVMB8GA1UdIwQY
MBaAFJ6Vo2H+KyxSkmJrpMVqZagU5IAIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2Yt
YmY0ZTUyN2I5ZmE4LzEvNFFCR2ZwRF9zMFl4bEozeF94NHFFTmpRWEJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mOTZmNzMtNjY4Ni00MTY0LWIyM2YtYmY0ZTUyN2I5ZmE4
LzEvbnBXallmNHJMRktTWW11a3hXcGxxQlRrZ0FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgyaQIZQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAHr5iet6+JKRxHes7Ib3Mc4pOaOxmGovx/JUGc
V/9b4EPxTbYRkHrQilJgpgJBT09PPGsqOEKPS7qImH9zZVXvIyIfA49c/gNpJD2A
wOd/+PDey8ymv+0+1MK/1RHOWAMg6bCUsqM1e/Ecs1AZUhmiIMJSxtMQA/lD405N
xHts00GLvpCOiwOPKcn/FF0Pb9YYLAMYGpuFvDPH0XISHoLO+C6QMzVGSxwjOLHd
WZJgQaxA4PKjly9lSw5vDaXcEUiv0XE/v1bplUDd2xJZ+k6oyYm1GucKEfFvLuUT
GTCSM6kNpbiG6Cp0F2qMB4Skw5UdnXWbawCRmKZjHtXzU6vU
-----END CERTIFICATE-----