Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/59577d-2d4d-411d-86fb-00faecac7deb/1/cPxWboLauOt1xiX1g5_qcFfMwuQ.roa
File:                     cPxWboLauOt1xiX1g5_qcFfMwuQ.roa (raw, json)
Hash identifier:          F49rFgzhVx+26sTntZUKS3aBxcYFzjzC7SoWYW83au0=
Subject key identifier:   70:FC:56:6E:82:DA:B8:EB:75:C6:25:F5:83:9F:EA:70:57:CC:C2:E4
Certificate issuer:       /CN=d3ff9749ee22f009257b89d8340cc64fb40bfc91
Certificate serial:       0194D533C25A5E805FAFAC9C802AC8967338
Authority key identifier: D3:FF:97:49:EE:22:F0:09:25:7B:89:D8:34:0C:C6:4F:B4:0B:FC:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0_-XSe4i8Akle4nYNAzGT7QL_JE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/59577d-2d4d-411d-86fb-00faecac7deb/1/cPxWboLauOt1xiX1g5_qcFfMwuQ.roa
Signing time:             Wed 05 Feb 2025 08:22:06 +0000
ROA not before:           Wed 05 Feb 2025 08:22:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213473
IP address blocks:        2a14:e500::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/59577d-2d4d-411d-86fb-00faecac7deb/1/0_-XSe4i8Akle4nYNAzGT7QL_JE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/59577d-2d4d-411d-86fb-00faecac7deb/1/0_-XSe4i8Akle4nYNAzGT7QL_JE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0_-XSe4i8Akle4nYNAzGT7QL_JE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:d5:33:c2:5a:5e:80:5f:af:ac:9c:80:2a:c8:96:73:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3ff9749ee22f009257b89d8340cc64fb40bfc91
        Validity
            Not Before: Feb  5 08:22:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=70fc566e82dab8eb75c625f5839fea7057ccc2e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1e:4f:45:07:0e:83:f2:2b:08:ab:bf:23:63:
                    e4:95:be:14:22:d4:73:29:8e:63:aa:48:7f:5c:17:
                    a9:98:34:da:6c:88:af:bf:ff:e9:59:93:75:70:b2:
                    76:a1:b1:63:62:d8:07:a2:ae:d9:ee:f8:8b:f7:84:
                    89:4a:3e:c5:31:3e:15:ed:e0:22:38:ff:3a:34:f8:
                    69:8a:e4:e8:2a:a1:af:0f:6c:0e:b2:2d:60:bb:88:
                    ab:0d:e5:f5:36:ed:b2:cc:6b:73:16:ea:c1:38:86:
                    dc:a6:52:a6:a5:43:af:e0:70:01:fb:b7:4e:f1:64:
                    6e:5c:6a:3d:82:41:3f:46:b2:05:9a:e2:bc:f9:f1:
                    9e:02:e0:a3:70:b0:0b:59:6e:ca:75:bc:a4:80:ac:
                    42:29:b4:d5:be:92:e8:11:51:61:ba:8a:43:ef:d7:
                    8c:43:b6:56:2a:fa:89:98:c2:20:22:71:6b:e2:e5:
                    a4:fe:4d:ff:3e:e9:b0:4b:b2:5c:6e:50:58:0d:51:
                    82:d8:61:db:09:51:aa:8b:26:e8:5c:03:60:a1:e3:
                    73:1b:ef:39:71:5a:83:45:4a:4c:9b:1e:80:a1:d2:
                    12:a7:8d:c9:48:f0:d5:96:d7:7b:4c:ad:50:e0:5c:
                    8f:e9:4e:2e:5f:ae:cd:7a:6e:76:61:81:b0:ac:c9:
                    89:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:FC:56:6E:82:DA:B8:EB:75:C6:25:F5:83:9F:EA:70:57:CC:C2:E4
            X509v3 Authority Key Identifier:
                keyid:D3:FF:97:49:EE:22:F0:09:25:7B:89:D8:34:0C:C6:4F:B4:0B:FC:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0_-XSe4i8Akle4nYNAzGT7QL_JE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/59577d-2d4d-411d-86fb-00faecac7deb/1/cPxWboLauOt1xiX1g5_qcFfMwuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/59577d-2d4d-411d-86fb-00faecac7deb/1/0_-XSe4i8Akle4nYNAzGT7QL_JE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e500::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:5c:de:99:2f:63:8c:0f:3b:f8:68:fc:80:5e:8a:d8:09:8a:
         04:2a:b0:56:cb:8a:2e:d5:7c:2d:1f:80:bc:c5:56:ed:7b:a1:
         20:f2:c5:86:6a:d8:96:f1:4b:cd:58:98:30:4f:bd:74:40:d3:
         30:d1:fd:3d:f0:5e:b1:78:ef:eb:fb:b8:ea:d1:fc:c3:e8:7d:
         0c:3a:be:7a:cf:19:27:4c:15:b0:87:5d:b0:e5:22:e4:fc:62:
         d8:c5:b5:21:d6:2c:9e:fa:20:bd:c3:48:ae:3e:e8:7c:d7:23:
         b7:fa:3c:37:2a:26:26:18:5c:b3:f9:92:25:14:d3:2f:27:31:
         86:71:ef:03:fb:78:38:63:c0:87:2f:d4:e9:6e:d2:5a:45:74:
         e9:ff:e5:ad:7f:6d:85:b5:ef:2f:f6:8d:5e:a4:5a:1a:30:36:
         d3:6f:bd:f7:60:17:ce:f0:3c:3b:64:7e:50:0c:22:c3:07:b6:
         62:7e:77:80:12:5f:9b:f7:8c:db:5b:8b:f8:51:d6:fa:4e:78:
         ac:9b:ab:82:4d:87:18:39:4c:02:a9:8d:44:cc:a6:84:fc:8a:
         09:69:a6:97:a8:0a:8c:8c:57:00:db:84:cc:3e:18:2e:e3:74:
         59:3b:03:79:91:c8:74:fe:4e:2b:0d:26:d6:91:6f:6b:e2:f8:
         5d:fe:f5:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZTVM8JaXoBfr6ycgCrIlnM4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZmY5NzQ5ZWUyMmYwMDkyNTdiODlkODM0MGNjNjRmYjQw
YmZjOTEwHhcNMjUwMjA1MDgyMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGZjNTY2ZTgyZGFiOGViNzVjNjI1ZjU4MzlmZWE3MDU3Y2NjMmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB5PRQcOg/IrCKu/I2Pklb4UItRz
KY5jqkh/XBepmDTabIivv//pWZN1cLJ2obFjYtgHoq7Z7viL94SJSj7FMT4V7eAi
OP86NPhpiuToKqGvD2wOsi1gu4irDeX1Nu2yzGtzFurBOIbcplKmpUOv4HAB+7dO
8WRuXGo9gkE/RrIFmuK8+fGeAuCjcLALWW7KdbykgKxCKbTVvpLoEVFhuopD79eM
Q7ZWKvqJmMIgInFr4uWk/k3/PumwS7JcblBYDVGC2GHbCVGqiyboXANgoeNzG+85
cVqDRUpMmx6AodISp43JSPDVltd7TK1Q4FyP6U4uX67Nem52YYGwrMmJ3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHD8Vm6C2rjrdcYl9YOf6nBXzMLkMB8GA1UdIwQY
MBaAFNP/l0nuIvAJJXuJ2DQMxk+0C/yRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMF8tWFNlNGk4QWtsZTRuWU5BekdUN1FMX0pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi81OTU3N2QtMmQ0ZC00MTFkLTg2ZmIt
MDBmYWVjYWM3ZGViLzEvY1B4V2JvTGF1T3QxeGlYMWc1X3FjRmZNd3VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi81OTU3N2QtMmQ0ZC00MTFkLTg2ZmItMDBmYWVjYWM3ZGVi
LzEvMF8tWFNlNGk4QWtsZTRuWU5BekdUN1FMX0pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhTlADAN
BgkqhkiG9w0BAQsFAAOCAQEAr1zemS9jjA87+Gj8gF6K2AmKBCqwVsuKLtV8LR+A
vMVW7XuhIPLFhmrYlvFLzViYME+9dEDTMNH9PfBesXjv6/u46tH8w+h9DDq+es8Z
J0wVsIddsOUi5Pxi2MW1IdYsnvogvcNIrj7ofNcjt/o8NyomJhhcs/mSJRTTLycx
hnHvA/t4OGPAhy/U6W7SWkV06f/lrX9thbXvL/aNXqRaGjA202+992AXzvA8O2R+
UAwiwwe2Yn53gBJfm/eM21uL+FHW+k54rJurgk2HGDlMAqmNRMymhPyKCWmml6gK
jIxXANuEzD4YLuN0WTsDeZHIdP5OKw0m1pFva+L4Xf711w==
-----END CERTIFICATE-----