Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Nqjj0odAM4mVMPwSDVEs42rzcjA.roa
File:                     Nqjj0odAM4mVMPwSDVEs42rzcjA.roa (raw, json)
Hash identifier:          97TPLcQA4Y9RoGyfMFi4bZqKjyzCqZRut/dDa3wij1M=
Subject key identifier:   36:A8:E3:D2:87:40:33:89:95:30:FC:12:0D:51:2C:E3:6A:F3:72:30
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521DC28D30BAB959E50F979D0739A8B
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Nqjj0odAM4mVMPwSDVEs42rzcjA.roa
Signing time:             Thu 02 Jan 2025 03:49:23 +0000
ROA not before:           Thu 02 Jan 2025 03:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58133
IP address blocks:        2a10:2f00:123::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:dc:28:d3:0b:ab:95:9e:50:f9:79:d0:73:9a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=36a8e3d2874033899530fc120d512ce36af37230
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ff:35:91:4c:56:db:51:3a:54:b8:8a:27:a1:
                    31:49:52:f4:f7:29:f5:72:9a:f8:ff:b3:d1:81:4f:
                    1e:ee:5e:40:ef:fa:0a:60:63:3b:2a:f0:11:99:44:
                    95:4c:04:7f:21:b2:a2:04:ac:49:b4:6d:e2:7d:ad:
                    60:fb:06:18:cf:7b:25:f7:86:d9:c3:b0:d1:e0:d1:
                    77:a2:72:ee:c1:f6:9d:3e:f3:13:e2:28:a2:44:09:
                    64:de:a0:1f:c0:10:58:a6:e3:78:d0:e3:0d:1a:1d:
                    50:7f:d3:4b:9f:a6:14:5e:e9:f6:89:9c:63:9d:f7:
                    86:c3:e5:20:78:52:48:5f:bc:cb:73:32:60:b8:ac:
                    5b:fa:76:cb:b3:a5:96:d6:23:b9:c1:60:66:50:67:
                    88:22:b7:59:cb:b5:94:6d:c5:7c:d4:ba:15:9d:cf:
                    5f:ca:11:00:00:ac:be:42:c1:76:52:56:bd:6a:67:
                    7a:aa:c3:5b:26:c5:a7:e1:e8:55:f3:d5:b3:0b:01:
                    b8:45:d2:46:6a:40:b6:e8:6b:d3:1e:96:8b:e9:5d:
                    04:e6:37:fb:61:42:f8:68:ad:92:a0:65:d4:b6:9b:
                    36:d7:d6:35:66:a1:08:d2:95:5e:fd:e7:22:db:d9:
                    d9:c6:4e:7d:bc:cc:96:55:86:f9:b6:f7:aa:00:91:
                    07:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A8:E3:D2:87:40:33:89:95:30:FC:12:0D:51:2C:E3:6A:F3:72:30
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Nqjj0odAM4mVMPwSDVEs42rzcjA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2f00:123::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:0c:bc:2f:0c:cf:58:fc:a1:46:ad:a6:67:a0:5a:7b:1c:08:
         c9:ce:14:dc:55:0b:36:99:32:c7:1a:eb:7d:0e:2d:d0:c5:22:
         41:e7:b9:d5:30:6d:70:1c:29:31:97:29:dd:c7:ad:fa:1b:80:
         3c:3c:08:6f:a9:2c:0e:9a:fa:fb:1e:10:02:8e:77:44:d6:39:
         50:ae:b1:6a:06:54:8e:1c:0f:b6:00:4f:1b:aa:29:f4:ca:69:
         ac:d8:a9:70:7b:25:37:9b:19:f7:d3:fb:5b:8f:40:60:e4:b1:
         24:aa:d7:c8:7f:ca:70:2f:d0:f2:d7:f1:d6:f7:8d:01:dd:d2:
         41:91:a0:62:cc:07:12:4e:c1:25:59:26:9e:09:5f:7c:22:14:
         f8:1d:3a:52:f5:0c:a2:65:35:7b:a0:81:17:af:23:14:ba:83:
         20:8e:8c:6f:ce:57:cc:c6:e2:ca:a6:bc:ea:67:3f:7d:e0:bb:
         2b:e3:ee:a5:91:3f:87:b2:5f:1c:01:37:e1:ed:3e:19:70:47:
         9c:a6:d2:a3:ea:10:19:9b:40:5c:e5:40:db:25:71:12:62:d6:
         fe:71:29:5f:17:10:92:3f:52:08:f1:fd:28:6d:b5:cf:9b:25:
         89:23:92:ea:cb:7e:ec:a7:94:57:5a:44:75:ad:54:6b:e9:88:
         3f:e4:e3:7b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIdwo0wurlZ5Q+XnQc5qLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmE4ZTNkMjg3NDAzMzg5OTUzMGZjMTIwZDUxMmNlMzZhZjM3MjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwv81kUxW21E6VLiKJ6ExSVL09yn1
cpr4/7PRgU8e7l5A7/oKYGM7KvARmUSVTAR/IbKiBKxJtG3ifa1g+wYYz3sl94bZ
w7DR4NF3onLuwfadPvMT4iiiRAlk3qAfwBBYpuN40OMNGh1Qf9NLn6YUXun2iZxj
nfeGw+UgeFJIX7zLczJguKxb+nbLs6WW1iO5wWBmUGeIIrdZy7WUbcV81LoVnc9f
yhEAAKy+QsF2Ula9amd6qsNbJsWn4ehV89WzCwG4RdJGakC26GvTHpaL6V0E5jf7
YUL4aK2SoGXUtps219Y1ZqEI0pVe/eci29nZxk59vMyWVYb5tveqAJEHBQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDao49KHQDOJlTD8Eg1RLONq83IwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvTnFqajBvZEFNNG1WTVB3U0RWRXM0MnJ6Y2pBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhAvAAEj
MA0GCSqGSIb3DQEBCwUAA4IBAQAcDLwvDM9Y/KFGraZnoFp7HAjJzhTcVQs2mTLH
Gut9Di3QxSJB57nVMG1wHCkxlyndx636G4A8PAhvqSwOmvr7HhACjndE1jlQrrFq
BlSOHA+2AE8bqin0ymms2KlweyU3mxn30/tbj0Bg5LEkqtfIf8pwL9Dy1/HW940B
3dJBkaBizAcSTsElWSaeCV98IhT4HTpS9QyiZTV7oIEXryMUuoMgjoxvzlfMxuLK
przqZz994Lsr4+6lkT+Hsl8cATfh7T4ZcEecptKj6hAZm0Bc5UDbJXESYtb+cSlf
FxCSP1II8f0obbXPmyWJI5Lqy37sp5RXWkR1rVRr6Yg/5ON7
-----END CERTIFICATE-----