Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/04a223-e1c0-4e12-91fd-d198f010b15a/1/JzGs8inn7txEGMEMBRCVzNZdRVg.roa
File:                     JzGs8inn7txEGMEMBRCVzNZdRVg.roa (raw, json)
Hash identifier:          gvrw7Emqkgw3IJnnGKeYcShf4Bw5yVCq/dWSjUTjfvI=
Subject key identifier:   27:31:AC:F2:29:E7:EE:DC:44:18:C1:0C:05:10:95:CC:D6:5D:45:58
Certificate issuer:       /CN=36ee73f12de22b634068d2ce8b7a6fae2291862a
Certificate serial:       01943D325FAC3C7DD728C700E22CBAB307E3
Authority key identifier: 36:EE:73:F1:2D:E2:2B:63:40:68:D2:CE:8B:7A:6F:AE:22:91:86:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nu5z8S3iK2NAaNLOi3pvriKRhio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/04a223-e1c0-4e12-91fd-d198f010b15a/1/JzGs8inn7txEGMEMBRCVzNZdRVg.roa
Signing time:             Mon 06 Jan 2025 19:58:18 +0000
ROA not before:           Mon 06 Jan 2025 19:58:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213647
IP address blocks:        2a14:8b00:fd0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/04a223-e1c0-4e12-91fd-d198f010b15a/1/Nu5z8S3iK2NAaNLOi3pvriKRhio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/04a223-e1c0-4e12-91fd-d198f010b15a/1/Nu5z8S3iK2NAaNLOi3pvriKRhio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nu5z8S3iK2NAaNLOi3pvriKRhio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 15:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3d:32:5f:ac:3c:7d:d7:28:c7:00:e2:2c:ba:b3:07:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36ee73f12de22b634068d2ce8b7a6fae2291862a
        Validity
            Not Before: Jan  6 19:58:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2731acf229e7eedc4418c10c051095ccd65d4558
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8e:20:57:f1:74:2c:62:93:c7:63:52:28:3b:
                    96:85:68:7a:0b:b2:6c:eb:ae:b6:9d:d0:75:9c:47:
                    a3:9c:48:c2:85:bc:6e:28:67:6f:25:61:8a:3b:81:
                    da:a5:ab:ff:a9:88:53:0a:b0:a3:71:7d:77:07:d3:
                    14:cf:31:6a:d0:f6:4d:56:2d:92:ab:c8:c0:a6:e6:
                    32:bc:16:e8:41:b0:78:25:44:0b:87:67:0f:a7:5f:
                    c0:78:e4:5f:64:96:38:34:0b:f5:9f:23:b3:50:9a:
                    ed:2d:0b:09:12:47:d5:e9:ca:da:d0:9e:6a:cc:bb:
                    f2:c2:f9:a2:86:06:e4:6a:33:b1:ba:26:d0:04:a3:
                    a8:9c:dc:c7:1f:f1:ee:43:de:48:d1:a5:2f:e5:60:
                    81:5b:0c:33:ec:bf:20:cc:c6:fc:6a:65:0e:c8:4e:
                    ad:4c:90:b6:3e:3f:d2:e1:ca:30:b7:4b:e1:db:42:
                    7e:8c:30:9f:73:5d:7a:84:e7:56:76:b2:3d:27:10:
                    55:8f:62:17:20:c1:99:0c:53:03:92:5a:f5:ab:31:
                    00:6d:af:0c:ed:d9:a0:66:0f:07:b5:40:95:66:a4:
                    15:4d:1a:ae:2f:3c:08:ee:80:60:20:72:b0:22:6a:
                    5b:e7:6d:f7:59:b7:7d:cd:86:a5:9f:7d:21:ec:93:
                    db:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:31:AC:F2:29:E7:EE:DC:44:18:C1:0C:05:10:95:CC:D6:5D:45:58
            X509v3 Authority Key Identifier:
                keyid:36:EE:73:F1:2D:E2:2B:63:40:68:D2:CE:8B:7A:6F:AE:22:91:86:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nu5z8S3iK2NAaNLOi3pvriKRhio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/04a223-e1c0-4e12-91fd-d198f010b15a/1/JzGs8inn7txEGMEMBRCVzNZdRVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/04a223-e1c0-4e12-91fd-d198f010b15a/1/Nu5z8S3iK2NAaNLOi3pvriKRhio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:8b00:fd0::/48

    Signature Algorithm: sha256WithRSAEncryption
         11:90:a9:94:63:d2:4d:bb:83:78:3b:fe:b9:96:31:0c:da:8b:
         d3:b6:4b:0b:c9:24:42:49:32:07:30:a9:23:4e:44:1e:8a:0e:
         d8:b2:4e:60:9a:11:6f:c3:b6:45:7f:69:e5:99:5a:4e:7a:f2:
         89:c9:a0:8e:13:77:67:1d:96:b7:0d:9a:15:11:d7:95:bd:27:
         15:e5:dd:a5:75:42:82:bc:cd:d3:02:a0:95:8f:81:94:cc:a4:
         e8:87:07:6b:67:5c:0e:fe:52:04:15:e5:bc:c3:33:25:ad:d4:
         97:86:db:54:b0:b4:16:76:28:a7:c1:5f:c1:af:bc:d5:e9:cb:
         5d:e9:71:98:96:49:39:b2:d0:28:af:6b:49:41:f9:0a:82:c3:
         da:dc:43:58:6c:14:2a:52:6f:b3:94:43:52:1c:55:e7:c7:7c:
         64:eb:21:b1:f3:81:67:8b:87:ee:f6:45:30:59:b9:51:ca:8a:
         5c:9c:6a:29:6d:19:0e:98:98:f7:a9:be:2b:9e:43:54:14:74:
         37:a9:5d:4a:7d:cc:36:eb:20:94:34:c1:d8:40:68:47:1a:de:
         5a:57:b0:46:7e:be:cb:51:40:9a:74:b2:71:31:e1:1b:35:4d:
         46:bd:33:60:d2:46:b7:f4:9b:c7:11:65:01:57:89:e4:e3:ca:
         2a:ce:36:86
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQ9Ml+sPH3XKMcA4iy6swfjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2ZWU3M2YxMmRlMjJiNjM0MDY4ZDJjZThiN2E2ZmFlMjI5
MTg2MmEwHhcNMjUwMTA2MTk1ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzMxYWNmMjI5ZTdlZWRjNDQxOGMxMGMwNTEwOTVjY2Q2NWQ0NTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqI4gV/F0LGKTx2NSKDuWhWh6C7Js
6662ndB1nEejnEjChbxuKGdvJWGKO4Hapav/qYhTCrCjcX13B9MUzzFq0PZNVi2S
q8jApuYyvBboQbB4JUQLh2cPp1/AeORfZJY4NAv1nyOzUJrtLQsJEkfV6cra0J5q
zLvywvmihgbkajOxuibQBKOonNzHH/HuQ95I0aUv5WCBWwwz7L8gzMb8amUOyE6t
TJC2Pj/S4cowt0vh20J+jDCfc116hOdWdrI9JxBVj2IXIMGZDFMDklr1qzEAba8M
7dmgZg8HtUCVZqQVTRquLzwI7oBgIHKwImpb5233Wbd9zYaln30h7JPb5wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCcxrPIp5+7cRBjBDAUQlczWXUVYMB8GA1UdIwQY
MBaAFDbuc/Et4itjQGjSzot6b64ikYYqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnU1ejhTM2lLMk5BYU5MT2kzcHZyaUtSaGlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi8wNGEyMjMtZTFjMC00ZTEyLTkxZmQt
ZDE5OGYwMTBiMTVhLzEvSnpHczhpbm43dHhFR01FTUJSQ1Z6TlpkUlZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi8wNGEyMjMtZTFjMC00ZTEyLTkxZmQtZDE5OGYwMTBiMTVh
LzEvTnU1ejhTM2lLMk5BYU5MT2kzcHZyaUtSaGlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSLAA/Q
MA0GCSqGSIb3DQEBCwUAA4IBAQARkKmUY9JNu4N4O/65ljEM2ovTtksLySRCSTIH
MKkjTkQeig7Ysk5gmhFvw7ZFf2nlmVpOevKJyaCOE3dnHZa3DZoVEdeVvScV5d2l
dUKCvM3TAqCVj4GUzKTohwdrZ1wO/lIEFeW8wzMlrdSXhttUsLQWdiinwV/Br7zV
6ctd6XGYlkk5stAor2tJQfkKgsPa3ENYbBQqUm+zlENSHFXnx3xk6yGx84Fni4fu
9kUwWblRyopcnGopbRkOmJj3qb4rnkNUFHQ3qV1Kfcw26yCUNMHYQGhHGt5aV7BG
fr7LUUCadLJxMeEbNU1GvTNg0ka39JvHEWUBV4nk48oqzjaG
-----END CERTIFICATE-----