Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QpFOId6RHT5KntggS9KlkzBaVpA.roa
File:                     QpFOId6RHT5KntggS9KlkzBaVpA.roa (raw, json)
Hash identifier:          FoEZbmoSJl8lKa2xL1k9ZXzTgmx8LxCRi8D2zIhPhaE=
Subject key identifier:   42:91:4E:21:DE:91:1D:3E:4A:9E:D8:20:4B:D2:A5:93:30:5A:56:90
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       01942522401695834665D95E42C8942D6943
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QpFOId6RHT5KntggS9KlkzBaVpA.roa
Signing time:             Thu 02 Jan 2025 03:49:49 +0000
ROA not before:           Thu 02 Jan 2025 03:49:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210537
IP address blocks:        2a0e:b107:17c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:40:16:95:83:46:65:d9:5e:42:c8:94:2d:69:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=42914e21de911d3e4a9ed8204bd2a593305a5690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:80:be:0b:34:9d:d1:f7:27:18:34:d7:48:f2:
                    88:4f:19:5f:41:47:6c:4c:4e:1b:ee:3f:63:92:25:
                    71:46:92:a9:75:53:21:eb:ad:67:77:5a:a0:91:88:
                    88:19:03:ca:d6:30:2e:cd:66:6b:cd:e7:33:b6:7f:
                    b4:d4:77:61:03:2e:90:6f:2d:66:3b:e0:ff:a4:a5:
                    96:19:db:05:9b:20:f6:4a:d0:73:8e:e5:1b:6a:e9:
                    0a:b9:29:a1:44:03:99:9c:fe:5f:63:46:92:04:a3:
                    3a:2c:5f:fa:ad:5b:63:e9:99:8e:33:75:e6:71:4a:
                    eb:5c:e2:1f:20:20:e1:91:0c:c7:ed:42:4a:74:c8:
                    e9:ca:5e:5b:5d:ec:bb:1d:fe:53:b7:63:af:cd:02:
                    a3:ac:98:b5:db:8d:1c:94:fb:6b:aa:f9:76:9b:3a:
                    17:49:cf:26:73:47:99:2e:34:fe:f9:96:03:57:be:
                    8e:21:06:d5:97:57:c6:12:c1:7d:c1:be:2f:71:b4:
                    6a:af:25:27:b6:67:c2:58:70:f7:ff:9e:dd:8b:a0:
                    89:b4:59:89:06:00:1e:72:16:2d:e8:dd:72:87:a3:
                    2e:f8:ba:9b:f9:c3:25:df:57:41:9a:fa:bd:74:b9:
                    e2:7f:f8:f8:ab:b8:b7:97:ec:28:62:aa:4f:38:a6:
                    ae:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:91:4E:21:DE:91:1D:3E:4A:9E:D8:20:4B:D2:A5:93:30:5A:56:90
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/QpFOId6RHT5KntggS9KlkzBaVpA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:17c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         98:eb:3d:34:aa:0a:31:57:4d:ca:9d:25:79:01:7d:15:0b:ce:
         5c:ff:c9:53:18:d1:fd:43:11:c5:96:7b:55:a9:9b:d2:01:b2:
         8b:61:fa:a4:9c:3b:ce:7c:45:92:9e:fa:b3:a6:08:91:0d:0b:
         ce:74:b9:2f:0d:14:28:29:7f:11:9b:25:17:c3:dd:ff:12:e7:
         dd:c6:08:f3:ed:15:b1:1e:72:d3:92:6f:f6:2a:83:e8:1f:29:
         35:77:b0:a4:d3:4a:dd:43:ff:1a:16:73:dc:ba:be:ed:63:f0:
         7a:70:9b:dd:89:48:ff:fc:fb:ca:63:0b:02:a1:e4:e3:64:83:
         8f:f6:f7:59:99:cf:8a:7d:77:6d:62:58:a7:df:db:55:db:72:
         fc:0c:58:73:45:e3:4f:0a:b8:f6:26:67:cc:61:23:b0:76:c4:
         37:81:c4:ab:c3:8f:af:d7:96:8d:6a:b1:da:3b:58:54:72:b7:
         10:57:ce:9d:9f:46:cd:58:43:71:b8:d2:1a:9a:1d:e1:d9:0f:
         06:17:aa:c3:07:af:28:bc:96:2e:70:cf:24:dd:18:1b:51:a2:
         52:ee:e7:d3:13:6a:62:2d:ab:91:b0:cf:ed:a0:07:cd:95:11:
         54:62:8e:2f:ac:b5:0a:75:58:9b:fd:1b:b3:af:1a:3d:f5:98:
         f1:db:54:8b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIkAWlYNGZdleQsiULWlDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjkxNGUyMWRlOTExZDNlNGE5ZWQ4MjA0YmQyYTU5MzMwNWE1NjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIC+CzSd0fcnGDTXSPKITxlfQUds
TE4b7j9jkiVxRpKpdVMh661nd1qgkYiIGQPK1jAuzWZrzecztn+01HdhAy6Qby1m
O+D/pKWWGdsFmyD2StBzjuUbaukKuSmhRAOZnP5fY0aSBKM6LF/6rVtj6ZmOM3Xm
cUrrXOIfICDhkQzH7UJKdMjpyl5bXey7Hf5Tt2OvzQKjrJi1240clPtrqvl2mzoX
Sc8mc0eZLjT++ZYDV76OIQbVl1fGEsF9wb4vcbRqryUntmfCWHD3/57di6CJtFmJ
BgAechYt6N1yh6Mu+Lqb+cMl31dBmvq9dLnif/j4q7i3l+woYqpPOKaulQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEKRTiHekR0+Sp7YIEvSpZMwWlaQMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvUXBGT0lkNlJIVDVLbnRnZ1M5S2xrekJhVnBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKg6xBxfA
MA0GCSqGSIb3DQEBCwUAA4IBAQCY6z00qgoxV03KnSV5AX0VC85c/8lTGNH9QxHF
lntVqZvSAbKLYfqknDvOfEWSnvqzpgiRDQvOdLkvDRQoKX8RmyUXw93/Eufdxgjz
7RWxHnLTkm/2KoPoHyk1d7Ck00rdQ/8aFnPcur7tY/B6cJvdiUj//PvKYwsCoeTj
ZIOP9vdZmc+KfXdtYlin39tV23L8DFhzReNPCrj2JmfMYSOwdsQ3gcSrw4+v15aN
arHaO1hUcrcQV86dn0bNWENxuNIamh3h2Q8GF6rDB68ovJYucM8k3RgbUaJS7ufT
E2piLauRsM/toAfNlRFUYo4vrLUKdVib/Ruzrxo99Zjx21SL
-----END CERTIFICATE-----