Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/q1YDJvj7Veync8vosdT5MgsSZK0.roa
File:                     q1YDJvj7Veync8vosdT5MgsSZK0.roa (raw, json)
Hash identifier:          3i7G+FQ5wobaoWNPIaIt6Bd7iYj+i/vaW405OFJl0NM=
Subject key identifier:   AB:56:03:26:F8:FB:55:EC:A7:73:CB:E8:B1:D4:F9:32:0B:12:64:AD
Certificate issuer:       /CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
Certificate serial:       0196644B2DFD06EC5233D8250502556F6A24
Authority key identifier: 31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/q1YDJvj7Veync8vosdT5MgsSZK0.roa
Signing time:             Wed 23 Apr 2025 20:16:10 +0000
ROA not before:           Wed 23 Apr 2025 20:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209641
IP address blocks:        2a0d:3040::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 21:27:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:64:4b:2d:fd:06:ec:52:33:d8:25:05:02:55:6f:6a:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=310b05251378994cfa8088d23b6eeed4e9e6ab08
        Validity
            Not Before: Apr 23 20:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ab560326f8fb55eca773cbe8b1d4f9320b1264ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:ec:4a:b7:09:6b:b6:96:c2:13:11:2b:05:da:
                    d6:c7:e1:63:0a:80:20:61:3a:b6:d7:72:73:f5:9a:
                    42:9a:62:da:af:19:b3:13:ed:b8:8f:6d:fc:e5:17:
                    fc:8c:0b:7c:89:fb:20:73:41:c8:e5:ee:97:0a:40:
                    79:ab:fa:57:e2:8c:28:45:31:47:8a:51:17:2d:64:
                    d1:5f:87:6b:06:c4:39:13:04:a3:2f:42:61:33:a9:
                    38:f6:fc:24:79:e3:70:f2:c0:32:31:c8:3d:18:1e:
                    6c:b1:27:05:9a:72:ce:db:e3:48:b4:d1:a8:9c:3a:
                    b2:9d:3d:d3:ac:91:c8:cc:d7:68:7c:28:de:e1:18:
                    90:32:f8:48:6d:dd:16:16:69:48:b9:0e:a4:d2:16:
                    db:65:c3:66:8b:f8:b6:79:6d:ed:9e:2e:ea:22:07:
                    10:17:50:f6:2e:58:31:2b:9e:62:94:11:69:67:fe:
                    1b:b2:1f:7e:d3:a8:ef:f0:3c:a4:61:c8:58:00:f3:
                    65:f1:ad:a5:8d:02:16:28:b1:cf:4b:a9:31:74:dd:
                    21:6b:0e:f3:fa:7b:b1:5c:0f:69:bb:12:17:10:53:
                    55:c6:43:6f:4a:9d:de:f3:ed:be:d5:43:b3:d3:63:
                    a2:68:2c:cf:07:ef:69:69:96:60:3d:0d:a6:54:e0:
                    03:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:56:03:26:F8:FB:55:EC:A7:73:CB:E8:B1:D4:F9:32:0B:12:64:AD
            X509v3 Authority Key Identifier:
                keyid:31:0B:05:25:13:78:99:4C:FA:80:88:D2:3B:6E:EE:D4:E9:E6:AB:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MQsFJRN4mUz6gIjSO27u1Onmqwg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/q1YDJvj7Veync8vosdT5MgsSZK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/771486-bee3-424a-b341-7cfdf2df6632/1/MQsFJRN4mUz6gIjSO27u1Onmqwg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:3040::/32

    Signature Algorithm: sha256WithRSAEncryption
         82:13:ac:35:06:ac:40:9d:9c:97:74:67:d5:ae:8f:41:3c:8f:
         5b:fd:cb:7a:59:60:ef:97:4b:07:05:cf:a3:e5:c9:08:a3:f9:
         b9:10:e1:d9:8c:01:3f:2c:8a:f1:b5:d0:95:07:66:1d:3e:cd:
         70:31:03:02:f2:9e:e5:7a:d2:13:65:b9:2d:fa:5b:01:ae:5b:
         95:6e:e9:f6:cf:6f:d4:18:5a:89:df:84:26:e8:cc:ee:64:e4:
         b0:ee:05:7f:ce:b0:ad:0f:0e:06:7e:87:00:54:c9:d0:9d:8e:
         b6:d1:21:04:84:23:ee:72:44:89:d0:d0:92:da:81:8e:6f:94:
         8d:1f:d7:9b:6a:4a:2e:87:1f:e8:f4:7b:7f:88:b5:e2:1b:d8:
         69:b5:90:31:8c:c1:27:30:90:ce:43:75:9b:10:dd:82:b7:1d:
         2d:d6:fa:f7:f2:9e:40:fd:80:59:d8:99:f2:29:7a:85:34:4c:
         cf:55:6e:52:ee:0e:92:9f:1c:13:1b:5c:fa:eb:67:23:f7:07:
         c8:17:dc:a5:b8:96:85:16:45:3d:53:76:32:71:5a:1b:e3:ab:
         ca:79:17:da:54:85:ea:a6:ed:36:46:ce:6a:bd:11:61:c1:97:
         9a:9b:94:e2:76:a8:2c:39:87:81:1c:a5:f6:04:82:be:b8:3f:
         00:20:39:89
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZZkSy39BuxSM9glBQJVb2okMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMGIwNTI1MTM3ODk5NGNmYTgwODhkMjNiNmVlZWQ0ZTll
NmFiMDgwHhcNMjUwNDIzMjAxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjU2MDMyNmY4ZmI1NWVjYTc3M2NiZThiMWQ0ZjkzMjBiMTI2NGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+xKtwlrtpbCExErBdrWx+FjCoAg
YTq213Jz9ZpCmmLarxmzE+24j2385Rf8jAt8ifsgc0HI5e6XCkB5q/pX4owoRTFH
ilEXLWTRX4drBsQ5EwSjL0JhM6k49vwkeeNw8sAyMcg9GB5ssScFmnLO2+NItNGo
nDqynT3TrJHIzNdofCje4RiQMvhIbd0WFmlIuQ6k0hbbZcNmi/i2eW3tni7qIgcQ
F1D2LlgxK55ilBFpZ/4bsh9+06jv8DykYchYAPNl8a2ljQIWKLHPS6kxdN0haw7z
+nuxXA9puxIXEFNVxkNvSp3e8+2+1UOz02OiaCzPB+9paZZgPQ2mVOAD4wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKtWAyb4+1Xsp3PL6LHU+TILEmStMB8GA1UdIwQY
MBaAFDELBSUTeJlM+oCI0jtu7tTp5qsIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEt
N2NmZGYyZGY2NjMyLzEvcTFZREp2ajdWZXluYzh2b3NkVDVNZ3NTWkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC83NzE0ODYtYmVlMy00MjRhLWIzNDEtN2NmZGYyZGY2NjMy
LzEvTVFzRkpSTjRtVXo2Z0lqU08yN3UxT25tcXdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg0wQDAN
BgkqhkiG9w0BAQsFAAOCAQEAghOsNQasQJ2cl3Rn1a6PQTyPW/3Lellg75dLBwXP
o+XJCKP5uRDh2YwBPyyK8bXQlQdmHT7NcDEDAvKe5XrSE2W5LfpbAa5blW7p9s9v
1Bhaid+EJujM7mTksO4Ff86wrQ8OBn6HAFTJ0J2OttEhBIQj7nJEidDQktqBjm+U
jR/Xm2pKLocf6PR7f4i14hvYabWQMYzBJzCQzkN1mxDdgrcdLdb69/KeQP2AWdiZ
8il6hTRMz1VuUu4Okp8cExtc+utnI/cHyBfcpbiWhRZFPVN2MnFaG+OrynkX2lSF
6qbtNkbOar0RYcGXmpuU4naoLDmHgRyl9gSCvrg/ACA5iQ==
-----END CERTIFICATE-----