Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RPQEWij8_Ob1JIRKTJivmzN5oQU.roa
File:                     RPQEWij8_Ob1JIRKTJivmzN5oQU.roa (raw, json)
Hash identifier:          wLzPnHWElZ+nuz1hFrEEV/fJ3/JHB4HjvLIaoZhGFQ4=
Subject key identifier:   44:F4:04:5A:28:FC:FC:E6:F5:24:84:4A:4C:98:AF:9B:33:79:A1:05
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFA988614FC64897DA9B05BADAACC11
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RPQEWij8_Ob1JIRKTJivmzN5oQU.roa
Signing time:             Wed 01 Jan 2025 03:48:24 +0000
ROA not before:           Wed 01 Jan 2025 03:48:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210466
IP address blocks:        2a0c:b641:5c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:98:86:14:fc:64:89:7d:a9:b0:5b:ad:aa:cc:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=44f4045a28fcfce6f524844a4c98af9b3379a105
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:73:fe:50:4e:dd:8c:66:19:ad:ee:56:2b:4f:
                    7a:c1:2b:65:b9:5a:d6:db:84:ec:df:03:67:b2:65:
                    e7:45:0f:db:f3:27:b1:b9:44:18:ae:a9:6d:6b:db:
                    da:8c:96:11:06:27:bf:99:e5:ca:39:35:a0:12:8a:
                    25:02:a8:52:50:4f:ab:27:41:82:cf:5d:18:41:48:
                    15:8b:60:a1:4a:31:9f:1c:d1:d9:3d:7b:d9:fe:b2:
                    c1:0c:5b:bd:cf:e9:02:7b:9b:bc:6c:45:c5:07:fe:
                    98:83:c9:ed:fd:8b:36:da:ab:57:7e:c1:22:86:c5:
                    6b:1c:42:24:dd:6f:33:43:b5:04:af:e5:a2:51:13:
                    85:7a:e9:40:b1:7b:bd:18:e2:6e:00:e1:4f:d5:3c:
                    bb:f7:47:18:ee:92:21:b9:9f:5c:a5:d2:44:27:1b:
                    5f:ef:65:c2:f3:56:b1:29:bd:c9:8f:9b:95:7d:db:
                    57:60:3c:9f:e6:fa:88:87:08:56:c8:08:50:db:74:
                    b8:51:ad:a5:6c:8d:9b:fc:3d:60:6a:35:02:ac:45:
                    bf:57:da:11:9a:81:29:4d:09:c8:c5:ca:83:b9:94:
                    e7:22:3f:e1:0e:9c:70:bc:bb:44:18:3d:e0:3b:ae:
                    30:f5:c3:38:81:93:c8:39:8b:11:8b:db:e0:d3:e8:
                    08:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:F4:04:5A:28:FC:FC:E6:F5:24:84:4A:4C:98:AF:9B:33:79:A1:05
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/RPQEWij8_Ob1JIRKTJivmzN5oQU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:b641:5c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         22:9d:25:59:d5:7a:f0:17:d1:d1:af:3c:45:6e:2c:5c:42:53:
         e4:5e:b2:dc:1e:29:9a:e3:3a:1b:fc:83:2f:46:d7:44:81:50:
         e6:54:28:2a:37:90:5d:76:6e:c8:24:8a:af:97:de:5f:66:b8:
         1a:08:32:3a:3c:d7:80:30:ed:7b:34:7f:c4:46:90:ab:a9:a5:
         d0:22:be:ec:1b:ab:28:8c:27:56:18:ce:5c:4a:02:48:3f:18:
         72:bc:a6:e3:35:c6:43:37:2d:b7:e7:ef:ab:3a:95:75:98:a8:
         d4:fc:7f:41:bb:c2:78:d4:97:5b:4a:b0:57:6c:f9:14:ee:73:
         26:57:47:e4:19:f9:fd:f3:9c:4f:4c:22:1c:70:bd:e4:47:71:
         8c:25:e6:88:12:0d:61:e2:92:5e:fe:4c:d0:d1:fe:21:5f:97:
         07:e4:e6:d0:89:12:35:9e:8e:3b:58:a8:68:27:54:75:06:08:
         45:91:e0:f8:90:d5:b9:48:c6:a6:56:21:6a:16:84:fd:2e:a2:
         4b:53:a0:6c:a4:39:f4:df:98:a7:ae:de:cf:50:f2:e3:36:18:
         84:26:a9:08:b2:b0:ef:97:fe:6a:97:13:a2:34:2a:38:93:98:
         30:ac:71:8e:dd:ef:98:8b:52:5f:87:16:d0:97:4f:48:29:ac:
         50:9b:ef:d1
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQf+piGFPxkiX2psFutqswRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGY0MDQ1YTI4ZmNmY2U2ZjUyNDg0NGE0Yzk4YWY5YjMzNzlhMTA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3nP+UE7djGYZre5WK096wStluVrW
24Ts3wNnsmXnRQ/b8yexuUQYrqlta9vajJYRBie/meXKOTWgEoolAqhSUE+rJ0GC
z10YQUgVi2ChSjGfHNHZPXvZ/rLBDFu9z+kCe5u8bEXFB/6Yg8nt/Ys22qtXfsEi
hsVrHEIk3W8zQ7UEr+WiUROFeulAsXu9GOJuAOFP1Ty790cY7pIhuZ9cpdJEJxtf
72XC81axKb3Jj5uVfdtXYDyf5vqIhwhWyAhQ23S4Ua2lbI2b/D1gajUCrEW/V9oR
moEpTQnIxcqDuZTnIj/hDpxwvLtEGD3gO64w9cM4gZPIOYsRi9vg0+gIXwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFET0BFoo/Pzm9SSESkyYr5szeaEFMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvUlBRRVdpajhfT2IxSklSS1RKaXZtek41b1FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKgy2QQXA
MA0GCSqGSIb3DQEBCwUAA4IBAQAinSVZ1XrwF9HRrzxFbixcQlPkXrLcHima4zob
/IMvRtdEgVDmVCgqN5Bddm7IJIqvl95fZrgaCDI6PNeAMO17NH/ERpCrqaXQIr7s
G6sojCdWGM5cSgJIPxhyvKbjNcZDNy235++rOpV1mKjU/H9Bu8J41JdbSrBXbPkU
7nMmV0fkGfn985xPTCIccL3kR3GMJeaIEg1h4pJe/kzQ0f4hX5cH5ObQiRI1no47
WKhoJ1R1BghFkeD4kNW5SMamViFqFoT9LqJLU6BspDn035inrt7PUPLjNhiEJqkI
srDvl/5qlxOiNCo4k5gwrHGO3e+Yi1JfhxbQl09IKaxQm+/R
-----END CERTIFICATE-----