Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SBQKX3SdnssrMM0H6lLHyad-qQc.roa
File:                     SBQKX3SdnssrMM0H6lLHyad-qQc.roa (raw, json)
Hash identifier:          gm/RFXQ1sSyFYrjS8FXb31YEqY/jNxHU9Chcn+7vF3c=
Subject key identifier:   48:14:0A:5F:74:9D:9E:CB:2B:30:CD:07:EA:52:C7:C9:A7:7E:A9:07
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0194252201BAE5EF80F282E1AE31ECCFB76F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SBQKX3SdnssrMM0H6lLHyad-qQc.roa
Signing time:             Thu 02 Jan 2025 03:49:33 +0000
ROA not before:           Thu 02 Jan 2025 03:49:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200885
IP address blocks:        2a0e:b107:178a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:01:ba:e5:ef:80:f2:82:e1:ae:31:ec:cf:b7:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jan  2 03:49:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48140a5f749d9ecb2b30cd07ea52c7c9a77ea907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:78:35:5c:c5:15:fd:f1:75:90:78:93:31:36:
                    a7:bd:54:da:23:a5:2a:45:d4:54:ba:6c:ff:e5:9e:
                    ae:21:db:f6:ae:f5:03:bc:5d:4b:86:8b:3b:e2:b4:
                    9e:59:10:16:be:20:f4:9f:ac:b5:b6:84:c7:0f:57:
                    af:88:80:32:82:b5:64:a4:a8:40:e0:21:41:c1:e7:
                    1e:1a:5e:cd:94:46:a2:c4:13:78:95:72:86:8d:ab:
                    0f:b7:c9:82:26:6f:cd:5a:95:07:2d:71:b4:c6:ff:
                    18:2f:e0:22:82:75:f4:23:3c:de:6b:ce:49:93:03:
                    6c:e1:68:64:b9:a1:c1:74:a6:9b:28:f1:d5:fb:27:
                    f5:b9:43:5a:5e:1a:d3:7e:69:3d:27:6a:8c:65:ab:
                    97:48:3b:31:26:31:0b:bb:1c:64:c7:d2:c5:ff:e2:
                    03:f1:02:16:3a:58:48:cf:04:38:f8:66:4e:0f:c9:
                    15:68:c6:63:a9:05:c8:11:2b:fa:dc:1e:77:de:2e:
                    84:f8:75:15:05:fa:f5:0e:8a:ce:bd:71:63:ae:6b:
                    45:4f:7c:3d:7a:0c:20:0e:6d:40:fe:70:ee:ae:0b:
                    a5:b8:9b:59:5d:a6:1c:a1:dc:72:98:50:4b:70:41:
                    c5:e9:fb:ea:5c:5e:18:48:52:c7:b2:5f:a1:2e:25:
                    d4:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:14:0A:5F:74:9D:9E:CB:2B:30:CD:07:EA:52:C7:C9:A7:7E:A9:07
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/SBQKX3SdnssrMM0H6lLHyad-qQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:178a::/48

    Signature Algorithm: sha256WithRSAEncryption
         af:cb:e5:cc:2e:21:03:0c:78:cb:24:5e:7b:de:78:66:05:cf:
         ee:31:da:b8:c7:0e:66:18:d1:c3:b9:0a:d8:d8:ba:b1:39:c7:
         1d:c5:29:22:40:48:df:54:bb:93:1f:60:b1:bf:f0:3d:49:44:
         46:10:84:9f:0b:d7:6f:ab:a5:91:a4:95:00:7b:9c:cb:4c:17:
         1a:19:91:d6:26:9c:ca:f6:7c:ae:ca:4b:1b:6a:bd:a4:b0:7f:
         08:f7:05:ad:e3:2d:96:83:b8:bb:53:6e:06:10:5b:6c:51:26:
         30:6f:8a:63:cc:7a:d1:07:62:1b:6e:ea:7c:cd:45:5c:67:d3:
         06:03:df:b0:79:57:b6:97:6d:36:b2:12:f2:d1:58:e4:fc:b2:
         81:16:26:f7:35:48:28:4f:63:55:16:33:da:c1:6e:67:b5:a0:
         ad:5c:de:3e:c3:bb:62:7b:c9:f2:9c:2b:d1:2d:28:6a:2e:bc:
         26:90:9a:1a:f2:a9:e8:e9:c4:f3:11:20:ce:2f:68:a5:e8:c5:
         e3:81:bc:c1:cb:04:0c:dd:79:59:a1:28:6b:88:2c:44:9a:8b:
         7a:a8:65:93:70:7d:11:a8:73:ce:0e:83:47:e2:bf:7e:5a:1f:
         40:3c:a4:a0:7e:3f:88:a3:fa:19:21:28:f6:60:e3:cd:67:75:
         2f:f3:63:b0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQlIgG65e+A8oLhrjHsz7dvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwMTAyMDM0OTMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODE0MGE1Zjc0OWQ5ZWNiMmIzMGNkMDdlYTUyYzdjOWE3N2VhOTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXg1XMUV/fF1kHiTMTanvVTaI6Uq
RdRUumz/5Z6uIdv2rvUDvF1Lhos74rSeWRAWviD0n6y1toTHD1eviIAygrVkpKhA
4CFBweceGl7NlEaixBN4lXKGjasPt8mCJm/NWpUHLXG0xv8YL+AignX0Izzea85J
kwNs4WhkuaHBdKabKPHV+yf1uUNaXhrTfmk9J2qMZauXSDsxJjELuxxkx9LF/+ID
8QIWOlhIzwQ4+GZOD8kVaMZjqQXIESv63B533i6E+HUVBfr1DorOvXFjrmtFT3w9
egwgDm1A/nDurguluJtZXaYcodxymFBLcEHF6fvqXF4YSFLHsl+hLiXUpwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEgUCl90nZ7LKzDNB+pSx8mnfqkHMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvU0JRS1gzU2Ruc3NyTU0wSDZsTEh5YWQtcVFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6xBxeK
MA0GCSqGSIb3DQEBCwUAA4IBAQCvy+XMLiEDDHjLJF573nhmBc/uMdq4xw5mGNHD
uQrY2LqxOccdxSkiQEjfVLuTH2Cxv/A9SURGEISfC9dvq6WRpJUAe5zLTBcaGZHW
JpzK9nyuyksbar2ksH8I9wWt4y2Wg7i7U24GEFtsUSYwb4pjzHrRB2Ibbup8zUVc
Z9MGA9+weVe2l202shLy0Vjk/LKBFib3NUgoT2NVFjPawW5ntaCtXN4+w7tie8ny
nCvRLShqLrwmkJoa8qno6cTzESDOL2il6MXjgbzBywQM3XlZoShriCxEmot6qGWT
cH0RqHPODoNH4r9+Wh9APKSgfj+Io/oZISj2YOPNZ3Uv82Ow
-----END CERTIFICATE-----