Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/QlG1TVRz55diqUdGl7g_uO4xh_Q.roa
File:                     QlG1TVRz55diqUdGl7g_uO4xh_Q.roa (raw, json)
Hash identifier:          fgvqjVsU5zRnz0bSGyWJaFmUvSDnHcvgLRxyVqmSVT4=
Subject key identifier:   42:51:B5:4D:54:73:E7:97:62:A9:47:46:97:B8:3F:B8:EE:31:87:F4
Certificate issuer:       /CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
Certificate serial:       01941F8C7737EB35F6521F6F59D661B268D6
Authority key identifier: C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/QlG1TVRz55diqUdGl7g_uO4xh_Q.roa
Signing time:             Wed 01 Jan 2025 01:48:06 +0000
ROA not before:           Wed 01 Jan 2025 01:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     559
IP address blocks:        2a07:290a::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 19:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:77:37:eb:35:f6:52:1f:6f:59:d6:61:b2:68:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c45c683cb1eb9c0f49b967e3bd9b8b84cf099bb8
        Validity
            Not Before: Jan  1 01:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4251b54d5473e79762a9474697b83fb8ee3187f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e7:e7:a9:f1:42:02:2b:98:75:15:f6:24:f1:
                    bf:35:87:46:74:2d:ad:a6:bd:6c:8c:23:07:67:6d:
                    d4:55:50:2c:d0:e2:8e:77:03:d1:1a:28:a9:bf:e6:
                    6d:f0:28:e3:27:76:82:4c:78:36:66:c3:ca:03:7d:
                    03:a9:74:97:b7:e7:33:a7:7c:fd:7f:dc:71:48:d8:
                    f0:c6:ef:5b:c5:37:d7:39:92:b0:67:b3:c3:d7:51:
                    a7:67:82:f8:e8:e6:60:56:97:5b:76:bc:ea:ec:05:
                    c0:40:81:95:cc:36:01:95:8e:82:18:8f:03:25:97:
                    bd:aa:9f:e9:2f:07:9f:d9:bd:c9:4b:11:27:4f:f0:
                    5d:6a:8f:b6:09:74:83:93:1d:84:c7:ff:e9:1e:91:
                    56:d2:7e:b0:25:db:09:28:90:84:c3:0a:e9:4b:8c:
                    91:bd:40:c8:6c:ad:29:8a:9d:61:d8:12:36:d3:ee:
                    56:fc:60:63:a3:24:f9:d0:d3:a4:08:29:1e:2c:fd:
                    f2:f2:12:82:67:53:ad:68:0f:25:af:10:99:0c:77:
                    af:c1:34:a7:ea:b4:2c:f0:61:14:04:6e:17:47:8a:
                    9a:ef:25:ca:e8:8e:41:1c:cf:cf:69:e9:77:e4:b5:
                    10:17:13:1e:e5:9c:f5:93:ce:73:e1:5d:75:ab:af:
                    b6:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:51:B5:4D:54:73:E7:97:62:A9:47:46:97:B8:3F:B8:EE:31:87:F4
            X509v3 Authority Key Identifier:
                keyid:C4:5C:68:3C:B1:EB:9C:0F:49:B9:67:E3:BD:9B:8B:84:CF:09:9B:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/QlG1TVRz55diqUdGl7g_uO4xh_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/439a10-60c4-4c28-91bf-88d2df10d15b/1/xFxoPLHrnA9JuWfjvZuLhM8Jm7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:290a::/32

    Signature Algorithm: sha256WithRSAEncryption
         53:26:7a:09:f4:bf:ac:69:f0:41:c7:f5:36:6e:88:7c:44:d5:
         d4:e8:86:d4:ca:87:7c:20:07:19:73:08:25:80:b3:d2:38:b3:
         dc:20:4a:a8:a3:ad:e6:2f:58:f6:0b:f2:35:77:ac:a2:4a:14:
         9d:af:7d:e6:8c:3a:93:ea:42:68:5b:a7:c2:70:ef:67:00:e5:
         c5:1f:b5:f9:42:b0:7c:93:b2:0d:57:fa:78:90:3d:98:fc:e1:
         20:47:b4:63:fd:6f:e5:a7:6e:81:82:65:b3:85:3b:71:3b:ec:
         f6:a4:ef:e5:b8:ce:d7:cb:57:b8:dc:86:d7:72:ef:50:82:36:
         96:95:e4:51:42:3c:38:17:82:74:5c:a3:ac:e5:08:84:d0:97:
         b6:28:82:ff:43:b1:b4:ea:a3:86:d5:1c:0f:82:dd:b9:61:f0:
         ab:6d:0a:f6:63:ef:70:df:9b:d1:00:d3:ab:18:76:f8:84:b9:
         93:27:ca:95:17:b0:10:b0:7c:84:a9:e7:25:a3:fe:8a:a7:1a:
         44:a9:f7:79:67:88:db:70:78:43:58:6c:1f:38:cc:1b:0f:78:
         58:6f:d2:cc:d7:7d:0d:eb:a0:63:d1:3b:66:f5:b8:97:bc:16:
         df:e4:41:5f:36:9a:5f:02:a5:3d:27:97:96:cf:8d:3b:22:d4:
         fb:7e:fb:e2
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQfjHc36zX2Uh9vWdZhsmjWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0NWM2ODNjYjFlYjljMGY0OWI5NjdlM2JkOWI4Yjg0Y2Yw
OTliYjgwHhcNMjUwMTAxMDE0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjUxYjU0ZDU0NzNlNzk3NjJhOTQ3NDY5N2I4M2ZiOGVlMzE4N2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyefnqfFCAiuYdRX2JPG/NYdGdC2t
pr1sjCMHZ23UVVAs0OKOdwPRGiipv+Zt8CjjJ3aCTHg2ZsPKA30DqXSXt+czp3z9
f9xxSNjwxu9bxTfXOZKwZ7PD11GnZ4L46OZgVpdbdrzq7AXAQIGVzDYBlY6CGI8D
JZe9qp/pLwef2b3JSxEnT/Bdao+2CXSDkx2Ex//pHpFW0n6wJdsJKJCEwwrpS4yR
vUDIbK0pip1h2BI20+5W/GBjoyT50NOkCCkeLP3y8hKCZ1OtaA8lrxCZDHevwTSn
6rQs8GEUBG4XR4qa7yXK6I5BHM/Pael35LUQFxMe5Zz1k85z4V11q6+22QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEJRtU1Uc+eXYqlHRpe4P7juMYf0MB8GA1UdIwQY
MBaAFMRcaDyx65wPSbln472bi4TPCZu4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYt
ODhkMmRmMTBkMTViLzEvUWxHMVRWUno1NWRpcVVkR2w3Z191TzR4aF9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC80MzlhMTAtNjBjNC00YzI4LTkxYmYtODhkMmRmMTBkMTVi
LzEveEZ4b1BMSHJuQTlKdVdmanZadUxoTThKbTdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgcpCjAN
BgkqhkiG9w0BAQsFAAOCAQEAUyZ6CfS/rGnwQcf1Nm6IfETV1OiG1MqHfCAHGXMI
JYCz0jiz3CBKqKOt5i9Y9gvyNXesokoUna995ow6k+pCaFunwnDvZwDlxR+1+UKw
fJOyDVf6eJA9mPzhIEe0Y/1v5adugYJls4U7cTvs9qTv5bjO18tXuNyG13LvUII2
lpXkUUI8OBeCdFyjrOUIhNCXtiiC/0OxtOqjhtUcD4LduWHwq20K9mPvcN+b0QDT
qxh2+IS5kyfKlRewELB8hKnnJaP+iqcaRKn3eWeI23B4Q1hsHzjMGw94WG/SzNd9
DeugY9E7ZvW4l7wW3+RBXzaaXwKlPSeXls+NOyLU+3774g==
-----END CERTIFICATE-----