Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/cd0a81-64b9-4cec-bad8-8ec1bf9fda2b/1/KWqCd7XulXabFqkZ_5vnPaHQ620.roa
File:                     KWqCd7XulXabFqkZ_5vnPaHQ620.roa (raw, json)
Hash identifier:          Qgcv1rZVLxwbLU0p66F4vMHpUruyOYwh527AT7wx/TM=
Subject key identifier:   29:6A:82:77:B5:EE:95:76:9B:16:A9:19:FF:9B:E7:3D:A1:D0:EB:6D
Certificate issuer:       /CN=4f4777d49134eab75a79c111832ad7ece7267145
Certificate serial:       018DD70C5E0740D7523D8BBDE697987F1344
Authority key identifier: 4F:47:77:D4:91:34:EA:B7:5A:79:C1:11:83:2A:D7:EC:E7:26:71:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0d31JE06rdaecERgyrX7OcmcUU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/cd0a81-64b9-4cec-bad8-8ec1bf9fda2b/1/KWqCd7XulXabFqkZ_5vnPaHQ620.roa
Signing time:             Fri 23 Feb 2024 17:38:48 +0000
ROA not before:           Fri 23 Feb 2024 17:38:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215423
IP address blocks:        2a14:bc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/cd0a81-64b9-4cec-bad8-8ec1bf9fda2b/1/T0d31JE06rdaecERgyrX7OcmcUU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/cd0a81-64b9-4cec-bad8-8ec1bf9fda2b/1/T0d31JE06rdaecERgyrX7OcmcUU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0d31JE06rdaecERgyrX7OcmcUU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d7:0c:5e:07:40:d7:52:3d:8b:bd:e6:97:98:7f:13:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4777d49134eab75a79c111832ad7ece7267145
        Validity
            Not Before: Feb 23 17:38:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=296a8277b5ee95769b16a919ff9be73da1d0eb6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:4c:ff:34:ac:fe:44:bb:de:ce:9e:66:fe:5e:
                    42:53:61:91:64:f9:51:a1:0e:49:68:87:88:22:66:
                    ce:f0:c0:b2:fa:28:d5:dc:2e:7d:e6:7d:d1:6d:b4:
                    bb:32:10:9f:29:57:5d:e1:e9:6c:c0:77:cb:09:da:
                    44:01:11:76:a3:e9:6a:2b:90:2a:fe:7a:50:64:7d:
                    8a:76:a2:d3:b0:ba:85:44:dc:e1:bd:d9:de:64:3d:
                    8c:cb:a9:87:ac:76:de:d7:8d:9a:8b:54:cd:72:c0:
                    0c:42:3c:95:5a:83:5e:08:c7:89:3f:c8:ec:c6:30:
                    09:e0:27:12:84:8d:35:11:0e:28:4f:6b:d7:a4:5d:
                    33:2b:ce:fe:e5:4d:2d:14:11:66:57:35:a2:51:ea:
                    09:ff:69:55:f0:6b:e3:bd:09:a2:4f:a9:05:0b:4d:
                    b5:dc:45:e6:88:f5:0f:49:fa:a0:a8:83:e9:96:44:
                    b2:ba:79:89:0f:c0:9b:af:50:5b:d3:6e:40:ee:d5:
                    9b:7e:63:8a:55:aa:3a:2c:c7:c8:f9:88:7e:f1:0c:
                    56:ee:82:bc:19:b9:b3:91:1a:8c:ed:2e:b8:99:77:
                    33:24:22:58:b9:bb:31:03:38:2d:f0:c4:ca:35:5b:
                    fc:a8:6f:e6:97:89:a2:c4:32:d2:ff:12:c7:e2:6f:
                    bd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6A:82:77:B5:EE:95:76:9B:16:A9:19:FF:9B:E7:3D:A1:D0:EB:6D
            X509v3 Authority Key Identifier:
                keyid:4F:47:77:D4:91:34:EA:B7:5A:79:C1:11:83:2A:D7:EC:E7:26:71:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0d31JE06rdaecERgyrX7OcmcUU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cd0a81-64b9-4cec-bad8-8ec1bf9fda2b/1/KWqCd7XulXabFqkZ_5vnPaHQ620.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/cd0a81-64b9-4cec-bad8-8ec1bf9fda2b/1/T0d31JE06rdaecERgyrX7OcmcUU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         de:0d:de:0e:08:3a:68:9e:9e:1e:7d:77:11:02:e5:3d:7c:a4:
         19:67:b9:84:ac:6a:98:6f:20:e5:17:2b:ea:04:9d:4e:fc:6b:
         94:f3:9a:11:6a:e5:35:04:0b:8d:67:1b:d9:e9:10:c3:d4:63:
         d9:52:43:78:4c:d3:19:ca:6c:7d:7b:9e:ab:75:4c:b9:bb:d9:
         96:58:35:a9:38:e4:e0:32:b8:c4:0d:65:7b:f7:ca:a6:df:ff:
         4f:8b:54:0c:75:54:56:34:7a:fd:a9:86:bb:1f:de:b2:7d:2e:
         f2:9e:53:eb:33:d5:07:b2:f8:5d:7f:07:6c:15:d3:c7:7d:25:
         c3:01:a6:d4:c8:e8:65:87:a0:ad:d1:22:4b:01:8a:2a:40:8e:
         89:10:bc:dc:b6:28:f3:16:a2:1b:b8:da:e1:d6:4b:b2:c0:c3:
         e1:b4:bb:c7:cd:93:32:01:c8:06:d2:ef:76:25:7c:38:53:b5:
         fe:c9:10:1b:eb:83:6e:9f:a6:32:c4:81:ac:43:86:de:9c:fc:
         dd:45:ea:ef:ae:8a:3f:aa:18:8f:27:2c:f3:3e:8b:ea:a9:da:
         30:ee:a4:85:fd:65:2f:3c:3e:a8:17:95:14:90:b0:bc:28:2d:
         20:0e:7a:63:7a:64:66:82:d1:8a:56:c7:90:0a:f0:8b:06:4b:
         ea:de:21:87
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAY3XDF4HQNdSPYu95peYfxNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNDc3N2Q0OTEzNGVhYjc1YTc5YzExMTgzMmFkN2VjZTcy
NjcxNDUwHhcNMjQwMjIzMTczODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTZhODI3N2I1ZWU5NTc2OWIxNmE5MTlmZjliZTczZGExZDBlYjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiUz/NKz+RLvezp5m/l5CU2GRZPlR
oQ5JaIeIImbO8MCy+ijV3C595n3RbbS7MhCfKVdd4elswHfLCdpEARF2o+lqK5Aq
/npQZH2KdqLTsLqFRNzhvdneZD2My6mHrHbe142ai1TNcsAMQjyVWoNeCMeJP8js
xjAJ4CcShI01EQ4oT2vXpF0zK87+5U0tFBFmVzWiUeoJ/2lV8GvjvQmiT6kFC021
3EXmiPUPSfqgqIPplkSyunmJD8Cbr1Bb025A7tWbfmOKVao6LMfI+Yh+8QxW7oK8
GbmzkRqM7S64mXczJCJYubsxAzgt8MTKNVv8qG/ml4mixDLS/xLH4m+96QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFClqgne17pV2mxapGf+b5z2h0OttMB8GA1UdIwQY
MBaAFE9Hd9SRNOq3WnnBEYMq1+znJnFFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBkMzFKRTA2cmRhZWNFUmd5clg3T2NtY1VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9jZDBhODEtNjRiOS00Y2VjLWJhZDgt
OGVjMWJmOWZkYTJiLzEvS1dxQ2Q3WHVsWGFiRnFrWl81dm5QYUhRNjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9jZDBhODEtNjRiOS00Y2VjLWJhZDgtOGVjMWJmOWZkYTJi
LzEvVDBkMzFKRTA2cmRhZWNFUmd5clg3T2NtY1VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhQLwDAN
BgkqhkiG9w0BAQsFAAOCAQEA3g3eDgg6aJ6eHn13EQLlPXykGWe5hKxqmG8g5Rcr
6gSdTvxrlPOaEWrlNQQLjWcb2ekQw9Rj2VJDeEzTGcpsfXueq3VMubvZllg1qTjk
4DK4xA1le/fKpt//T4tUDHVUVjR6/amGux/esn0u8p5T6zPVB7L4XX8HbBXTx30l
wwGm1MjoZYegrdEiSwGKKkCOiRC83LYo8xaiG7ja4dZLssDD4bS7x82TMgHIBtLv
diV8OFO1/skQG+uDbp+mMsSBrEOG3pz83UXq766KP6oYjycs8z6L6qnaMO6khf1l
Lzw+qBeVFJCwvCgtIA56Y3pkZoLRilbHkArwiwZL6t4hhw==
-----END CERTIFICATE-----