Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PDqY7tUXiRn9MoSFTIsF1zaIsPI.roa
File:                     PDqY7tUXiRn9MoSFTIsF1zaIsPI.roa (raw, json)
Hash identifier:          7oc0JYs5fMURPhfiNzC5cFHVilDG4uRYZR2Q8fi1SxI=
Subject key identifier:   3C:3A:98:EE:D5:17:89:19:FD:32:84:85:4C:8B:05:D7:36:88:B0:F2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942521D9864427BDD8AD8425AF6351ACEB
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PDqY7tUXiRn9MoSFTIsF1zaIsPI.roa
Signing time:             Thu 02 Jan 2025 03:49:22 +0000
ROA not before:           Thu 02 Jan 2025 03:49:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     53667
IP address blocks:        2a06:de05:6000::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:d9:86:44:27:bd:d8:ad:84:25:af:63:51:ac:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3c3a98eed5178919fd3284854c8b05d73688b0f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:a6:4b:e6:e5:82:2e:47:bd:76:80:58:31:99:
                    50:af:25:98:52:a4:bc:56:13:b7:ea:55:46:97:16:
                    c0:68:bb:63:de:c5:0f:1e:e6:f6:e8:d0:18:72:fb:
                    bc:40:5e:ee:1f:18:58:b2:90:90:2c:81:37:1b:d6:
                    a5:78:ab:b4:a2:c9:cf:c2:35:34:bf:55:f3:fc:a6:
                    dc:d2:c7:57:48:79:c8:8f:3e:db:9a:b7:f9:9a:1a:
                    f0:23:76:03:4b:11:da:de:20:74:16:3e:90:18:2d:
                    33:7b:0c:a5:3a:8f:c3:93:3c:49:da:98:51:3c:fd:
                    7c:0b:71:76:f9:f9:98:e3:a7:fd:4a:15:8b:95:24:
                    d1:42:0e:dd:05:d4:c2:4d:35:a6:fa:4a:cc:4f:63:
                    0f:5a:b9:43:c3:f1:bb:85:cc:74:62:67:fb:7d:46:
                    67:37:ab:7c:8d:13:d9:4e:c3:11:01:d3:ed:ea:6d:
                    85:fe:e9:81:10:66:18:80:48:63:19:8d:15:5e:83:
                    bc:97:70:25:f3:8c:38:b9:13:8b:a0:49:9f:59:18:
                    6d:17:ab:76:b8:62:7d:e6:85:ba:99:44:ca:da:52:
                    fc:87:5b:e0:4c:f2:53:ef:12:c9:5c:ee:32:8b:6f:
                    c0:48:43:11:5e:72:75:94:12:56:8f:72:68:6f:96:
                    7e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:3A:98:EE:D5:17:89:19:FD:32:84:85:4C:8B:05:D7:36:88:B0:F2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/PDqY7tUXiRn9MoSFTIsF1zaIsPI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:de05:6000::/38

    Signature Algorithm: sha256WithRSAEncryption
         4b:d5:d7:97:d8:f0:d8:d7:24:33:85:f0:d1:c3:3f:fa:4e:70:
         6b:80:52:b3:34:1a:6b:86:5d:ff:83:42:73:73:9e:9e:4d:fc:
         6b:9e:0f:43:13:6e:c8:c4:26:6c:b7:16:0f:9a:64:6d:58:68:
         fc:79:06:7b:2a:06:4f:b3:12:f5:5e:18:c2:13:9b:06:aa:01:
         de:7e:39:a3:c2:b4:98:d4:7f:72:bb:f5:1c:87:cb:7f:a1:48:
         4d:af:33:46:71:d3:42:0a:97:e0:5d:e1:ad:1f:1a:fc:f9:7d:
         9f:77:13:3a:f5:e2:d3:63:4f:e3:83:dc:81:47:b0:4f:ba:77:
         70:6a:b8:fa:dd:03:84:0e:54:38:9a:7e:ab:6f:d4:47:4a:eb:
         62:6b:9f:eb:ea:8b:93:f4:55:dc:1e:6f:fe:08:a1:90:44:c4:
         cf:5b:32:e0:0e:1d:03:f9:92:53:13:f5:47:be:46:0d:9b:8a:
         f5:21:d4:b2:8c:3c:7d:77:28:0b:1d:17:14:81:84:ab:f0:46:
         91:49:72:b8:9c:39:81:57:a4:cc:7a:19:f4:9f:03:c3:b0:9b:
         b5:93:2c:f8:c7:5c:e8:82:16:10:32:b1:c7:6d:ba:12:47:8f:
         64:40:3d:5e:86:68:0e:e7:8f:12:3e:ad:b6:de:dc:08:ea:d5:
         9d:85:21:f9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQlIdmGRCe92K2EJa9jUazrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzNhOThlZWQ1MTc4OTE5ZmQzMjg0ODU0YzhiMDVkNzM2ODhiMGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoKZL5uWCLke9doBYMZlQryWYUqS8
VhO36lVGlxbAaLtj3sUPHub26NAYcvu8QF7uHxhYspCQLIE3G9aleKu0osnPwjU0
v1Xz/Kbc0sdXSHnIjz7bmrf5mhrwI3YDSxHa3iB0Fj6QGC0zewylOo/DkzxJ2phR
PP18C3F2+fmY46f9ShWLlSTRQg7dBdTCTTWm+krMT2MPWrlDw/G7hcx0Ymf7fUZn
N6t8jRPZTsMRAdPt6m2F/umBEGYYgEhjGY0VXoO8l3Al84w4uROLoEmfWRhtF6t2
uGJ95oW6mUTK2lL8h1vgTPJT7xLJXO4yi2/ASEMRXnJ1lBJWj3Job5Z+aQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDw6mO7VF4kZ/TKEhUyLBdc2iLDyMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUERxWTd0VVhpUm45TW9TRlRJc0YxemFJc1BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKgbeBWAw
DQYJKoZIhvcNAQELBQADggEBAEvV15fY8NjXJDOF8NHDP/pOcGuAUrM0GmuGXf+D
QnNznp5N/GueD0MTbsjEJmy3Fg+aZG1YaPx5BnsqBk+zEvVeGMITmwaqAd5+OaPC
tJjUf3K79RyHy3+hSE2vM0Zx00IKl+Bd4a0fGvz5fZ93Ezr14tNjT+OD3IFHsE+6
d3BquPrdA4QOVDiafqtv1EdK62Jrn+vqi5P0Vdweb/4IoZBExM9bMuAOHQP5klMT
9Ue+Rg2bivUh1LKMPH13KAsdFxSBhKvwRpFJcricOYFXpMx6GfSfA8Owm7WTLPjH
XOiCFhAyscdtuhJHj2RAPV6GaA7njxI+rbbe3Ajq1Z2FIfk=
-----END CERTIFICATE-----