Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GQdTd7yjweUogEC3-d_nQzCuQ6w.roa
File:                     GQdTd7yjweUogEC3-d_nQzCuQ6w.roa (raw, json)
Hash identifier:          UCx0r4RAjjCsx4IaUZorjFBwSxmNAXt1FBdTjcJgJEE=
Subject key identifier:   19:07:53:77:BC:A3:C1:E5:28:80:40:B7:F9:DF:E7:43:30:AE:43:AC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522467F91CA19B0816476BC2B5BAF0C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GQdTd7yjweUogEC3-d_nQzCuQ6w.roa
Signing time:             Thu 02 Jan 2025 03:49:50 +0000
ROA not before:           Thu 02 Jan 2025 03:49:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210888
IP address blocks:        2a10:2f00:173::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:46:7f:91:ca:19:b0:81:64:76:bc:2b:5b:af:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19075377bca3c1e5288040b7f9dfe74330ae43ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:72:9f:c2:4a:18:89:fb:e9:53:f7:e5:67:a4:
                    f5:f8:d9:c8:09:7d:56:93:0e:af:45:aa:e3:15:73:
                    b4:fc:eb:d8:55:f3:ef:33:0b:3c:30:c3:37:62:69:
                    06:98:de:41:8c:5a:82:9e:14:27:6f:82:ee:ff:28:
                    d9:fb:fd:8c:86:c4:e9:68:95:ae:f6:1c:d7:9f:b4:
                    81:29:2d:a5:1c:b9:3a:21:c7:90:b1:91:50:b9:8d:
                    a7:d8:8f:e1:f1:6a:6a:2d:fe:42:da:0e:b8:f7:85:
                    bd:7a:04:75:17:c9:67:f9:01:98:86:32:b1:66:14:
                    ef:51:99:73:c2:fb:75:4b:b2:e6:d4:c1:8d:95:97:
                    c0:c1:01:ae:54:c8:c8:59:fb:29:7b:10:2c:35:ae:
                    0b:79:49:83:38:33:a4:53:13:d3:04:be:c0:91:c8:
                    34:f7:b5:68:b6:af:6d:42:1f:2f:58:4a:40:60:c2:
                    f0:3b:93:7d:c7:ea:3e:e6:a1:b6:a2:9e:81:80:93:
                    af:f3:b5:e9:08:63:1a:b2:9f:53:85:43:f2:ec:2a:
                    25:ec:ab:88:8f:aa:33:fd:9b:ae:ed:99:71:47:f4:
                    9f:a5:db:fe:67:27:60:21:16:df:24:f3:0c:d0:3a:
                    c2:8e:d0:68:f4:e7:a2:9c:21:ef:5b:7f:f9:5a:02:
                    06:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:07:53:77:BC:A3:C1:E5:28:80:40:B7:F9:DF:E7:43:30:AE:43:AC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/GQdTd7yjweUogEC3-d_nQzCuQ6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:173::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:45:08:59:fc:5a:d7:0a:7e:ba:15:95:e0:c8:e9:2c:ea:a7:
         7b:24:4c:ff:20:14:c2:b6:29:34:46:b3:29:0a:de:ca:92:66:
         ab:12:f7:e2:7c:c7:28:f2:22:41:a3:60:47:49:33:e9:b1:0f:
         a5:51:ca:12:2f:9b:52:dc:6d:d5:6b:2b:6b:9e:a8:46:9a:70:
         83:e1:7c:d2:fb:d2:11:55:eb:d3:b0:52:0f:ee:67:f7:e2:32:
         6a:70:58:34:43:e3:38:d4:1f:ec:27:28:a6:30:92:2e:70:17:
         d5:0e:a6:0b:88:ed:42:83:55:24:4f:69:82:85:6d:f9:6c:94:
         95:07:ae:ae:ba:83:99:a0:18:1b:da:08:c7:f2:88:5b:01:05:
         60:2f:78:0a:0b:07:55:c2:81:a5:55:53:e8:09:07:01:c0:8d:
         d6:f0:c8:06:5f:70:36:0a:de:03:7f:79:60:be:78:39:5f:99:
         85:24:35:2d:82:c7:3b:55:78:d6:3b:9f:1f:e6:0a:fe:92:35:
         f8:31:f0:29:07:7b:d0:b6:6a:1a:b0:33:72:b0:68:0e:20:6e:
         f8:30:5d:24:6c:1c:9e:25:28:2e:e6:f7:75:c8:7a:5b:f2:f1:
         5b:a8:7b:1a:b4:f6:33:d3:30:c8:55:e3:85:34:89:14:a1:61:
         df:2f:28:ec
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkZ/kcoZsIFkdrwrW68MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTA3NTM3N2JjYTNjMWU1Mjg4MDQwYjdmOWRmZTc0MzMwYWU0M2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA93KfwkoYifvpU/flZ6T1+NnICX1W
kw6vRarjFXO0/OvYVfPvMws8MMM3YmkGmN5BjFqCnhQnb4Lu/yjZ+/2MhsTpaJWu
9hzXn7SBKS2lHLk6IceQsZFQuY2n2I/h8WpqLf5C2g6494W9egR1F8ln+QGYhjKx
ZhTvUZlzwvt1S7Lm1MGNlZfAwQGuVMjIWfspexAsNa4LeUmDODOkUxPTBL7Akcg0
97Votq9tQh8vWEpAYMLwO5N9x+o+5qG2op6BgJOv87XpCGMasp9ThUPy7Col7KuI
j6oz/Zuu7ZlxR/Sfpdv+ZydgIRbfJPMM0DrCjtBo9OeinCHvW3/5WgIGHQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBkHU3e8o8HlKIBAt/nf50MwrkOsMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvR1FkVGQ3eWp3ZVVvZ0VDMy1kX25RekN1UTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAFz
MA0GCSqGSIb3DQEBCwUAA4IBAQB7RQhZ/FrXCn66FZXgyOks6qd7JEz/IBTCtik0
RrMpCt7KkmarEvfifMco8iJBo2BHSTPpsQ+lUcoSL5tS3G3VaytrnqhGmnCD4XzS
+9IRVevTsFIP7mf34jJqcFg0Q+M41B/sJyimMJIucBfVDqYLiO1Cg1UkT2mChW35
bJSVB66uuoOZoBgb2gjH8ohbAQVgL3gKCwdVwoGlVVPoCQcBwI3W8MgGX3A2Ct4D
f3lgvng5X5mFJDUtgsc7VXjWO58f5gr+kjX4MfApB3vQtmoasDNysGgOIG74MF0k
bByeJSgu5vd1yHpb8vFbqHsatPYz0zDIVeOFNIkUoWHfLyjs
-----END CERTIFICATE-----