Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/L1q66iBn4JWKWm4sdthny4YlcOw.roa
File:                     L1q66iBn4JWKWm4sdthny4YlcOw.roa (raw, json)
Hash identifier:          9XqFJ6YPkr8Z6qxWxbnYEM6kKRJIauWwtGj0L64NLyM=
Subject key identifier:   2F:5A:BA:EA:20:67:E0:95:8A:5A:6E:2C:76:D8:67:CB:86:25:70:EC
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252256DE29EC1C28A38E2718C9A26128
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/L1q66iBn4JWKWm4sdthny4YlcOw.roa
Signing time:             Thu 02 Jan 2025 03:49:54 +0000
ROA not before:           Thu 02 Jan 2025 03:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211738
IP address blocks:        2a0e:b107:fd0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:56:de:29:ec:1c:28:a3:8e:27:18:c9:a2:61:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2f5abaea2067e0958a5a6e2c76d867cb862570ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:fb:b6:4c:1f:ce:02:8f:1d:cd:ff:01:3c:6b:
                    58:f3:b8:1f:68:62:83:04:51:23:0b:c1:da:41:86:
                    9f:c0:e8:6a:c2:62:a9:57:66:74:e2:aa:45:4b:9c:
                    08:3a:ef:73:3c:a7:64:c8:63:89:51:72:b9:5c:8e:
                    49:b3:a5:cf:c1:e8:73:90:48:e5:5c:0a:dc:b9:5f:
                    25:b1:c5:ff:cb:1f:4a:20:a5:9d:37:dd:58:c9:ee:
                    b4:33:cc:37:16:36:87:1c:a3:1c:35:af:72:76:9b:
                    6b:b4:d7:d5:17:16:f5:0e:40:1f:55:6d:51:de:48:
                    7a:a9:57:e2:e5:83:b2:48:11:6f:d4:07:2a:cd:aa:
                    7c:b3:78:b0:41:2f:e1:f8:ec:7d:bf:1e:0c:31:f6:
                    24:b7:37:47:96:09:af:6b:df:87:46:19:1e:8c:c0:
                    fb:f5:dc:db:a1:35:25:e7:5c:5d:57:44:06:77:ce:
                    c9:76:bd:bf:bf:d0:3d:c3:80:63:c1:78:4d:75:50:
                    00:37:0b:b6:8d:17:d9:48:f8:b3:82:b8:19:53:d9:
                    19:ad:26:f7:59:cc:4f:a3:b6:8c:d8:98:7b:a2:b1:
                    9c:b2:5d:f5:62:95:29:b0:e7:d2:66:2d:57:76:c7:
                    e4:67:55:ba:c8:de:44:dc:9c:58:77:fd:f2:ff:db:
                    2c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:5A:BA:EA:20:67:E0:95:8A:5A:6E:2C:76:D8:67:CB:86:25:70:EC
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/L1q66iBn4JWKWm4sdthny4YlcOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:fd0::/44

    Signature Algorithm: sha256WithRSAEncryption
         17:4d:bd:7b:8b:95:1e:00:16:4a:04:00:c1:7b:d4:e5:5f:0f:
         21:e8:79:6e:cc:97:3f:4b:53:aa:8d:d7:68:40:f4:ee:29:93:
         52:12:2e:c7:bf:f5:14:e9:0e:d5:c6:31:73:bf:2c:c0:27:ec:
         b7:27:a1:d6:64:ad:c2:39:80:44:24:84:b0:19:07:5e:46:f4:
         35:58:9a:8f:f9:c1:3d:d0:17:0b:2a:3f:ec:40:05:ca:42:ee:
         54:50:e2:f2:e3:86:b7:9b:83:a8:e9:89:3e:31:2c:b7:b2:f0:
         3e:fb:3b:b1:66:0a:f2:62:27:2b:53:44:08:51:8e:4d:66:52:
         a6:c2:cf:e8:6a:cf:67:ec:37:43:75:c0:80:5b:09:cd:79:c1:
         a8:0b:1c:95:22:be:50:db:51:d4:08:59:e6:1b:1d:13:f6:0a:
         52:93:0a:1b:94:4f:b1:86:e2:c3:1e:e6:22:72:b8:66:d4:5e:
         9e:57:9b:2c:5a:51:0c:ba:2c:87:0d:90:b8:1c:02:2d:d9:c4:
         57:9e:fe:94:61:4e:4d:c9:a1:55:a4:58:33:f6:05:b4:bd:52:
         be:71:e8:f8:1d:8b:53:b9:d9:2e:bf:80:f2:ec:92:9a:f6:d6:
         3e:d9:06:01:17:56:20:9e:83:99:58:d8:70:b1:f9:c0:22:b9:
         e2:e2:de:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIlbeKewcKKOOJxjJomEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjVhYmFlYTIwNjdlMDk1OGE1YTZlMmM3NmQ4NjdjYjg2MjU3MGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0fu2TB/OAo8dzf8BPGtY87gfaGKD
BFEjC8HaQYafwOhqwmKpV2Z04qpFS5wIOu9zPKdkyGOJUXK5XI5Js6XPwehzkEjl
XArcuV8lscX/yx9KIKWdN91Yye60M8w3FjaHHKMcNa9ydptrtNfVFxb1DkAfVW1R
3kh6qVfi5YOySBFv1Acqzap8s3iwQS/h+Ox9vx4MMfYktzdHlgmva9+HRhkejMD7
9dzboTUl51xdV0QGd87Jdr2/v9A9w4BjwXhNdVAANwu2jRfZSPizgrgZU9kZrSb3
WcxPo7aM2Jh7orGcsl31YpUpsOfSZi1XdsfkZ1W6yN5E3JxYd/3y/9ssFwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC9auuogZ+CVilpuLHbYZ8uGJXDsMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTDFxNjZpQm40SldLV200c2R0aG55NFlsY093LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBw/Q
MA0GCSqGSIb3DQEBCwUAA4IBAQAXTb17i5UeABZKBADBe9TlXw8h6HluzJc/S1Oq
jddoQPTuKZNSEi7Hv/UU6Q7VxjFzvyzAJ+y3J6HWZK3COYBEJISwGQdeRvQ1WJqP
+cE90BcLKj/sQAXKQu5UUOLy44a3m4Oo6Yk+MSy3svA++zuxZgryYicrU0QIUY5N
ZlKmws/oas9n7DdDdcCAWwnNecGoCxyVIr5Q21HUCFnmGx0T9gpSkwoblE+xhuLD
HuYicrhm1F6eV5ssWlEMuiyHDZC4HAIt2cRXnv6UYU5NyaFVpFgz9gW0vVK+cej4
HYtTudkuv4Dy7JKa9tY+2QYBF1YgnoOZWNhwsfnAIrni4t7C
-----END CERTIFICATE-----