Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/at2vhN_4iIkfFF8DW2EfC_JVNTQ.roa
File:                     at2vhN_4iIkfFF8DW2EfC_JVNTQ.roa (raw, json)
Hash identifier:          er+u5okIY2uFMvUQuW7xEMQT9DFvqp/RJQce+MNC2Eo=
Subject key identifier:   6A:DD:AF:84:DF:F8:88:89:1F:14:5F:03:5B:61:1F:0B:F2:55:35:34
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       019345169D2946104B6E11C685F1AB5ACD97
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/at2vhN_4iIkfFF8DW2EfC_JVNTQ.roa
Signing time:             Tue 19 Nov 2024 15:42:10 +0000
ROA not before:           Tue 19 Nov 2024 15:42:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213220
IP address blocks:        2a14:7b85::/32 maxlen: 32
                          2a14:7b86::/32 maxlen: 32
                          2a14:7b87::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:45:16:9d:29:46:10:4b:6e:11:c6:85:f1:ab:5a:cd:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Nov 19 15:42:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6addaf84dff888891f145f035b611f0bf2553534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:00:72:c4:46:b1:cf:03:ea:28:63:72:bb:a9:
                    55:50:a3:73:4d:56:d9:1d:2f:ee:11:23:51:10:55:
                    28:2e:f6:d1:07:c6:c4:0d:f0:4e:3a:80:2c:20:28:
                    4a:b6:91:a8:f4:9f:3a:af:05:73:0b:7d:c0:97:37:
                    98:fc:23:f8:1e:4d:f4:5b:39:a3:8c:b2:e6:a8:78:
                    a3:a4:02:68:ee:e5:70:75:c7:1e:0a:4e:c3:66:df:
                    ec:eb:b8:0b:89:1c:30:39:8a:f2:97:31:87:0a:b6:
                    6a:92:87:6a:a4:0b:7a:db:58:7d:3a:df:bc:61:fa:
                    6b:d6:ff:5b:af:ff:e4:d3:2f:71:da:d7:ef:4a:57:
                    c1:1f:8e:8d:d5:29:9e:61:fd:64:ea:d7:56:77:ae:
                    e1:18:36:e3:22:bf:15:e5:ab:ff:a8:50:04:5e:87:
                    d2:7a:58:6d:0d:74:7a:c0:46:d6:22:d5:6d:df:d8:
                    eb:b4:3c:21:ef:03:5e:08:c7:b2:25:3e:0b:e4:3b:
                    2a:de:37:52:ae:ff:18:6a:f1:7b:f5:5e:d9:12:86:
                    bc:9b:4f:39:da:da:09:85:de:55:60:ff:30:03:77:
                    81:29:5b:cc:41:0b:34:77:e0:c2:1d:ef:a2:c9:b3:
                    3c:40:57:a3:f8:f6:6a:2b:76:63:f3:d6:e9:a1:38:
                    01:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:DD:AF:84:DF:F8:88:89:1F:14:5F:03:5B:61:1F:0B:F2:55:35:34
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/at2vhN_4iIkfFF8DW2EfC_JVNTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7b85::-2a14:7b87:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         88:f5:b4:ce:f6:4d:81:e5:06:d6:a3:28:72:b8:f3:e8:2e:a8:
         47:19:68:64:d6:e0:8b:c2:54:ed:56:13:d0:42:e1:d7:c7:40:
         55:d7:6a:d8:6e:3c:0a:bb:b3:0d:24:31:b3:a3:a4:7c:a2:60:
         99:5e:d7:29:05:54:7d:17:22:7d:7c:ee:86:2f:a0:fe:f8:db:
         69:31:7c:b3:b4:50:51:90:8d:73:fb:bc:2d:b7:1f:e5:28:83:
         ee:f7:41:52:89:1d:b1:46:d5:aa:f6:f4:64:b8:94:18:92:76:
         d7:ea:ec:0f:28:cc:70:c1:36:4c:bb:43:a4:6c:12:9f:50:e2:
         5b:38:45:54:45:a0:77:c6:a9:39:22:b6:38:4c:21:38:fd:3f:
         fe:73:8f:42:51:e3:65:cc:7c:c8:a8:80:45:6c:60:f9:f2:12:
         2a:43:1b:bd:ee:d7:57:a9:19:af:8b:3c:68:94:17:e2:14:f0:
         3f:55:fd:86:3c:67:ee:33:20:6e:9b:32:19:cd:db:6e:ed:a6:
         f5:1e:b1:c6:c2:45:f0:8d:a8:d0:b9:3a:a3:3e:fa:cd:31:0d:
         df:6a:0d:95:2a:a0:bc:78:86:01:b0:85:cf:7c:ff:ce:5c:26:
         39:90:01:4d:bb:d3:4e:fd:65:7d:cc:c3:5b:94:ad:58:27:90:
         0c:65:bc:96
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZNFFp0pRhBLbhHGhfGrWs2XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQxMTE5MTU0MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YWRkYWY4NGRmZjg4ODg5MWYxNDVmMDM1YjYxMWYwYmYyNTUzNTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2wByxEaxzwPqKGNyu6lVUKNzTVbZ
HS/uESNREFUoLvbRB8bEDfBOOoAsIChKtpGo9J86rwVzC33AlzeY/CP4Hk30Wzmj
jLLmqHijpAJo7uVwdcceCk7DZt/s67gLiRwwOYrylzGHCrZqkodqpAt621h9Ot+8
Yfpr1v9br//k0y9x2tfvSlfBH46N1SmeYf1k6tdWd67hGDbjIr8V5av/qFAEXofS
elhtDXR6wEbWItVt39jrtDwh7wNeCMeyJT4L5Dsq3jdSrv8YavF79V7ZEoa8m085
2toJhd5VYP8wA3eBKVvMQQs0d+DCHe+iybM8QFej+PZqK3Zj89bpoTgBDQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFGrdr4Tf+IiJHxRfA1thHwvyVTU0MB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvYXQydmhOXzRpSWtmRkY4RFcyRWZDX0pWTlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqFHuF
AwUDKhR7gDANBgkqhkiG9w0BAQsFAAOCAQEAiPW0zvZNgeUG1qMocrjz6C6oRxlo
ZNbgi8JU7VYT0ELh18dAVddq2G48CruzDSQxs6OkfKJgmV7XKQVUfRcifXzuhi+g
/vjbaTF8s7RQUZCNc/u8Lbcf5SiD7vdBUokdsUbVqvb0ZLiUGJJ21+rsDyjMcME2
TLtDpGwSn1DiWzhFVEWgd8apOSK2OEwhOP0//nOPQlHjZcx8yKiARWxg+fISKkMb
ve7XV6kZr4s8aJQX4hTwP1X9hjxn7jMgbpsyGc3bbu2m9R6xxsJF8I2o0Lk6oz76
zTEN32oNlSqgvHiGAbCFz3z/zlwmOZABTbvTTv1lfczDW5StWCeQDGW8lg==
-----END CERTIFICATE-----