Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q66bcKApwPFdWi9Xz7pM3cY0oRo.roa
File:                     Q66bcKApwPFdWi9Xz7pM3cY0oRo.roa (raw, json)
Hash identifier:          vBaevZYmgVeEpR1KxGLqox8PoLsXGTzOLtPAdzZD82k=
Subject key identifier:   43:AE:9B:70:A0:29:C0:F1:5D:5A:2F:57:CF:BA:4C:DD:C6:34:A1:1A
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019425225F8EF083D3B9ED463A4095E83518
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q66bcKApwPFdWi9Xz7pM3cY0oRo.roa
Signing time:             Thu 02 Jan 2025 03:49:57 +0000
ROA not before:           Thu 02 Jan 2025 03:49:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212359
IP address blocks:        2a0e:b107:1340::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:5f:8e:f0:83:d3:b9:ed:46:3a:40:95:e8:35:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=43ae9b70a029c0f15d5a2f57cfba4cddc634a11a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ec:85:58:f9:39:35:8e:6d:a0:96:1b:f3:05:
                    4a:74:0d:39:8c:d0:9a:4d:cd:4c:16:b9:88:80:0c:
                    5a:9e:a1:9d:22:c9:10:d9:e3:38:33:14:3a:f8:91:
                    f8:ea:c1:e7:2b:04:7f:c2:ec:0f:ff:eb:63:1f:99:
                    0c:25:1c:e0:34:64:e9:50:89:3c:73:c0:84:c8:ae:
                    c4:e9:28:df:e6:9d:c5:6a:63:dc:9c:94:ab:96:fc:
                    f3:c4:6c:ec:bb:52:f6:59:01:ac:cb:b3:88:dd:95:
                    f3:ff:68:37:1d:57:d3:36:e9:61:25:d9:dc:44:ff:
                    0d:cf:c3:28:9d:e3:19:52:fe:cf:3d:92:18:34:42:
                    cc:e7:d8:3a:ac:b3:e1:7c:30:1e:f1:cf:87:c0:9a:
                    61:cc:7e:98:52:a6:d6:9a:1d:b4:16:f9:0c:ab:93:
                    48:76:89:2a:17:3d:88:0b:7a:ab:0c:34:ee:1d:42:
                    59:f2:9e:30:96:da:77:fa:21:c4:9b:78:53:2a:58:
                    e6:d4:f4:af:6b:c4:05:d1:87:db:9c:95:b7:ce:63:
                    67:99:45:b4:84:b2:ec:b3:3e:99:97:2f:63:59:48:
                    f8:69:0d:4e:32:69:49:aa:1e:68:6d:a0:9e:66:21:
                    92:53:d4:88:28:52:fb:ee:15:07:fb:54:39:56:75:
                    74:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:AE:9B:70:A0:29:C0:F1:5D:5A:2F:57:CF:BA:4C:DD:C6:34:A1:1A
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Q66bcKApwPFdWi9Xz7pM3cY0oRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:1340::/44

    Signature Algorithm: sha256WithRSAEncryption
         5a:6c:f0:5b:2f:f6:c0:bf:d1:1f:9c:f5:a9:98:e6:6d:ff:b6:
         6f:82:3f:1a:a2:7d:2c:c4:e8:6e:fd:b0:d2:90:cf:f2:6c:15:
         79:90:59:0e:46:28:12:d4:2d:0d:db:6e:73:06:fc:44:6b:3c:
         6e:b6:ff:1d:2b:fb:71:22:46:e6:ea:0d:62:92:ee:76:c3:fb:
         ba:39:23:21:45:bb:d9:27:69:f2:bb:df:cd:45:b0:fc:a7:37:
         12:66:14:40:40:d3:0d:da:cc:c8:3f:f3:46:d2:0d:73:25:8b:
         6e:d6:d4:6d:9b:da:71:50:ce:2f:91:85:68:f9:18:11:c8:58:
         fc:bc:8b:f5:c7:5d:6c:86:e6:bf:65:30:4f:f7:29:e2:94:31:
         de:b5:ce:22:5a:a8:be:c7:7f:de:92:6d:8b:2f:77:f8:b8:46:
         64:07:dc:21:d7:04:05:ac:29:80:09:b6:f3:3e:5b:28:80:35:
         ff:3d:ff:57:dd:84:90:06:3c:2c:92:3d:7a:2a:cc:13:80:83:
         f6:5e:f2:ee:b1:73:c0:bb:09:14:12:ac:d4:65:c4:ea:8c:71:
         c8:0a:67:c2:e1:47:10:f6:6a:d8:d2:17:15:64:b9:4f:e2:47:
         b6:50:bd:ed:24:57:e5:4f:41:a8:5b:70:a5:e2:16:c4:ca:0f:
         94:a2:83:c9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIl+O8IPTue1GOkCV6DUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0M2FlOWI3MGEwMjljMGYxNWQ1YTJmNTdjZmJhNGNkZGM2MzRhMTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAreyFWPk5NY5toJYb8wVKdA05jNCa
Tc1MFrmIgAxanqGdIskQ2eM4MxQ6+JH46sHnKwR/wuwP/+tjH5kMJRzgNGTpUIk8
c8CEyK7E6Sjf5p3FamPcnJSrlvzzxGzsu1L2WQGsy7OI3ZXz/2g3HVfTNulhJdnc
RP8Nz8MoneMZUv7PPZIYNELM59g6rLPhfDAe8c+HwJphzH6YUqbWmh20FvkMq5NI
dokqFz2IC3qrDDTuHUJZ8p4wltp3+iHEm3hTKljm1PSva8QF0YfbnJW3zmNnmUW0
hLLssz6Zly9jWUj4aQ1OMmlJqh5obaCeZiGSU9SIKFL77hUH+1Q5VnV0wQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEOum3CgKcDxXVovV8+6TN3GNKEaMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUTY2YmNLQXB3UEZkV2k5WHo3cE0zY1kwb1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxNA
MA0GCSqGSIb3DQEBCwUAA4IBAQBabPBbL/bAv9EfnPWpmOZt/7Zvgj8aon0sxOhu
/bDSkM/ybBV5kFkORigS1C0N225zBvxEazxutv8dK/txIkbm6g1iku52w/u6OSMh
RbvZJ2nyu9/NRbD8pzcSZhRAQNMN2szIP/NG0g1zJYtu1tRtm9pxUM4vkYVo+RgR
yFj8vIv1x11shua/ZTBP9ynilDHetc4iWqi+x3/ekm2LL3f4uEZkB9wh1wQFrCmA
CbbzPlsogDX/Pf9X3YSQBjwskj16KswTgIP2XvLusXPAuwkUEqzUZcTqjHHICmfC
4UcQ9mrY0hcVZLlP4ke2UL3tJFflT0GoW3Cl4hbEyg+UooPJ
-----END CERTIFICATE-----