Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/QaaRy7ABeU9cSPshLT6zQgCy8vY.roa
File:                     QaaRy7ABeU9cSPshLT6zQgCy8vY.roa (raw, json)
Hash identifier:          ClDKSK21Vz9twjL4L21G/7TWYD2/1/Ma/Dt0uF8yRp0=
Subject key identifier:   41:A6:91:CB:B0:01:79:4F:5C:48:FB:21:2D:3E:B3:42:00:B2:F2:F6
Certificate issuer:       /CN=5bea046b499780aec7d6182d2d56a75eb08968cd
Certificate serial:       0194258F25E62B483840C8CFDB91774DBB0C
Authority key identifier: 5B:EA:04:6B:49:97:80:AE:C7:D6:18:2D:2D:56:A7:5E:B0:89:68:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/W-oEa0mXgK7H1hgtLVanXrCJaM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/QaaRy7ABeU9cSPshLT6zQgCy8vY.roa
Signing time:             Thu 02 Jan 2025 05:48:45 +0000
ROA not before:           Thu 02 Jan 2025 05:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206628
IP address blocks:        2001:678:d3c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/W-oEa0mXgK7H1hgtLVanXrCJaM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/W-oEa0mXgK7H1hgtLVanXrCJaM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/W-oEa0mXgK7H1hgtLVanXrCJaM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:25:e6:2b:48:38:40:c8:cf:db:91:77:4d:bb:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5bea046b499780aec7d6182d2d56a75eb08968cd
        Validity
            Not Before: Jan  2 05:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=41a691cbb001794f5c48fb212d3eb34200b2f2f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:4c:6c:77:3e:4f:6e:6d:53:68:9d:54:f2:85:
                    d1:af:04:80:b7:40:09:ef:e0:e3:26:b6:82:ba:3b:
                    be:bd:3f:75:40:dc:07:e5:45:76:c3:d8:03:9d:a8:
                    c3:04:6f:03:81:d5:6a:23:ec:93:fb:0c:69:80:ab:
                    86:aa:b1:7e:c6:e9:ea:eb:08:ae:c3:27:e1:96:45:
                    e2:fd:4a:97:69:df:ca:fb:39:a0:e4:e0:2e:5e:d2:
                    a8:0b:a1:ff:26:40:01:ff:a8:3e:5f:74:e2:58:4f:
                    ce:12:10:80:57:87:a4:e9:fc:ce:1d:e0:ba:d7:d5:
                    83:9f:52:03:a1:ed:98:01:c8:05:1d:04:87:20:70:
                    85:31:d3:52:e0:45:85:51:4f:96:fc:ea:2e:e0:b8:
                    df:d9:e2:0b:9d:28:a1:09:8f:18:5d:2b:b7:d0:4d:
                    65:33:a5:94:52:d4:67:52:c5:74:cb:8a:8b:83:af:
                    ae:b0:8d:65:28:ab:2c:a6:97:29:7f:ec:b9:3c:50:
                    69:c0:8b:36:74:75:b5:d3:61:8d:71:57:e4:16:22:
                    54:d3:80:cf:2d:74:e7:85:9d:10:0f:c9:05:09:71:
                    69:78:92:14:4a:d1:e4:30:e8:fc:0e:f1:fd:c9:e6:
                    64:8a:bc:d4:ee:6d:05:b8:90:45:ef:f4:48:8a:53:
                    cd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                41:A6:91:CB:B0:01:79:4F:5C:48:FB:21:2D:3E:B3:42:00:B2:F2:F6
            X509v3 Authority Key Identifier:
                keyid:5B:EA:04:6B:49:97:80:AE:C7:D6:18:2D:2D:56:A7:5E:B0:89:68:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W-oEa0mXgK7H1hgtLVanXrCJaM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/QaaRy7ABeU9cSPshLT6zQgCy8vY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/ac4c2d-8ab1-4e01-b6b1-29602215add0/1/W-oEa0mXgK7H1hgtLVanXrCJaM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:678:d3c::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:39:ea:cd:35:78:eb:48:33:16:54:b6:3e:02:d5:79:89:8e:
         50:ed:93:12:63:f5:81:d9:4f:55:6f:6e:91:34:a5:73:d1:c2:
         8d:69:70:31:5d:bb:20:46:13:ce:53:2e:60:51:3e:f5:4a:1d:
         4c:d0:1d:f3:b6:c7:5c:f7:bd:2e:ea:1f:4e:fd:60:76:26:95:
         33:a4:c9:dd:87:ce:96:dd:cb:d1:81:32:8b:6c:25:16:f1:51:
         6c:f8:c4:56:c7:38:a9:79:2e:da:45:cc:f1:ac:86:bb:01:eb:
         72:40:c2:fd:0c:79:e5:24:c1:4b:52:38:3e:19:1d:56:83:0e:
         bd:f8:99:1c:71:5e:78:cf:02:68:6e:e9:9e:b0:87:3e:17:6f:
         29:ba:c5:a2:48:38:90:70:52:21:d1:ac:f1:fc:25:c4:cf:3b:
         8e:2b:85:ca:d5:a6:dd:32:53:98:46:c6:78:de:bb:7e:b6:08:
         27:64:6a:74:af:d3:ec:40:be:1d:3c:cd:27:06:24:aa:ac:15:
         42:3e:af:ac:83:e7:b9:69:45:d1:27:0f:c9:cf:a9:89:30:0a:
         6d:12:a1:da:d2:a1:4c:4c:1b:ce:5f:b5:e8:19:40:57:e6:49:
         89:6a:c4:1f:7a:41:aa:ab:7d:9a:7e:57:36:a6:25:0d:0f:91:
         48:d7:ec:61
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQljyXmK0g4QMjP25F3TbsMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZWEwNDZiNDk5NzgwYWVjN2Q2MTgyZDJkNTZhNzVlYjA4
OTY4Y2QwHhcNMjUwMTAyMDU0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MWE2OTFjYmIwMDE3OTRmNWM0OGZiMjEyZDNlYjM0MjAwYjJmMmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAukxsdz5Pbm1TaJ1U8oXRrwSAt0AJ
7+DjJraCuju+vT91QNwH5UV2w9gDnajDBG8DgdVqI+yT+wxpgKuGqrF+xunq6wiu
wyfhlkXi/UqXad/K+zmg5OAuXtKoC6H/JkAB/6g+X3TiWE/OEhCAV4ek6fzOHeC6
19WDn1IDoe2YAcgFHQSHIHCFMdNS4EWFUU+W/Oou4Ljf2eILnSihCY8YXSu30E1l
M6WUUtRnUsV0y4qLg6+usI1lKKssppcpf+y5PFBpwIs2dHW102GNcVfkFiJU04DP
LXTnhZ0QD8kFCXFpeJIUStHkMOj8DvH9yeZkirzU7m0FuJBF7/RIilPN1QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEGmkcuwAXlPXEj7IS0+s0IAsvL2MB8GA1UdIwQY
MBaAFFvqBGtJl4Cux9YYLS1Wp16wiWjNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVy1vRWEwbVhnSzdIMWhndExWYW5YckNKYU0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC9hYzRjMmQtOGFiMS00ZTAxLWI2YjEt
Mjk2MDIyMTVhZGQwLzEvUWFhUnk3QUJlVTljU1BzaExUNnpRZ0N5OHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC9hYzRjMmQtOGFiMS00ZTAxLWI2YjEtMjk2MDIyMTVhZGQw
LzEvVy1vRWEwbVhnSzdIMWhndExWYW5YckNKYU0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGeA08
MA0GCSqGSIb3DQEBCwUAA4IBAQBnOerNNXjrSDMWVLY+AtV5iY5Q7ZMSY/WB2U9V
b26RNKVz0cKNaXAxXbsgRhPOUy5gUT71Sh1M0B3ztsdc970u6h9O/WB2JpUzpMnd
h86W3cvRgTKLbCUW8VFs+MRWxzipeS7aRczxrIa7AetyQML9DHnlJMFLUjg+GR1W
gw69+JkccV54zwJobumesIc+F28pusWiSDiQcFIh0azx/CXEzzuOK4XK1abdMlOY
RsZ43rt+tggnZGp0r9PsQL4dPM0nBiSqrBVCPq+sg+e5aUXRJw/Jz6mJMAptEqHa
0qFMTBvOX7XoGUBX5kmJasQfekGqq32aflc2piUND5FI1+xh
-----END CERTIFICATE-----