Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/Hz-bNjOewKosqvkhbdq7wllugqY.roa
File:                     Hz-bNjOewKosqvkhbdq7wllugqY.roa (raw, json)
Hash identifier:          Wg09CLCh3LKvZ9uP5X7eZQr1mwx5+JIzjmdsHdfrN+M=
Subject key identifier:   1F:3F:9B:36:33:9E:C0:AA:2C:AA:F9:21:6D:DA:BB:C2:59:6E:82:A6
Certificate issuer:       /CN=1ccf33cf78477313c7382e89b17573ed68588b93
Certificate serial:       0194214437F046854F1DDA641B1D7C853024
Authority key identifier: 1C:CF:33:CF:78:47:73:13:C7:38:2E:89:B1:75:73:ED:68:58:8B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/Hz-bNjOewKosqvkhbdq7wllugqY.roa
Signing time:             Wed 01 Jan 2025 09:48:26 +0000
ROA not before:           Wed 01 Jan 2025 09:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213727
IP address blocks:        2a14:ec00::/48 maxlen: 48
                          2a14:ec00:1::/48 maxlen: 48
                          2a14:ec00:2::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Mar 2025 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:37:f0:46:85:4f:1d:da:64:1b:1d:7c:85:30:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ccf33cf78477313c7382e89b17573ed68588b93
        Validity
            Not Before: Jan  1 09:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f3f9b36339ec0aa2caaf9216ddabbc2596e82a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:11:3d:4d:26:c3:ac:8d:6c:ba:1e:91:ad:a5:
                    ae:88:c8:fb:4a:6d:61:50:03:57:1c:1d:07:21:0c:
                    bd:7c:16:d1:ec:c3:f9:fe:2a:f8:66:5b:b5:e8:cb:
                    12:ed:8b:1d:f0:4d:c7:f6:45:d9:e9:57:b0:d5:ff:
                    15:a7:6d:ab:d6:c7:04:77:25:8b:c1:37:b7:03:b5:
                    90:2c:86:97:2a:35:93:4d:7d:42:a6:cf:80:41:f9:
                    b5:18:c1:14:e2:31:79:29:2f:f1:36:ef:45:a6:51:
                    4e:98:b6:8f:78:a6:8d:69:6a:64:1e:78:d1:88:c5:
                    52:b8:35:dd:1e:70:a1:3d:ef:bf:a0:cf:b9:45:22:
                    76:7b:89:9f:9e:2b:c6:2e:12:0e:ed:93:ee:52:fd:
                    9c:05:a0:59:56:a9:a3:c0:ad:f1:0a:2e:7d:44:11:
                    39:c3:5f:61:7d:47:86:6e:3f:77:66:e1:cb:21:22:
                    5b:5b:6a:04:81:69:2d:bf:e7:1a:f1:9f:9a:da:7c:
                    9c:59:28:7a:8f:f8:71:4e:8d:b5:01:3b:2b:63:f3:
                    b8:f2:7e:4f:3d:81:4f:a5:7a:b2:8d:a7:05:f7:37:
                    61:ad:a3:6a:1d:5f:82:e1:bf:ca:e6:37:78:a6:21:
                    34:42:30:ff:ce:7a:a5:df:6b:ec:2d:77:62:2f:81:
                    6e:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3F:9B:36:33:9E:C0:AA:2C:AA:F9:21:6D:DA:BB:C2:59:6E:82:A6
            X509v3 Authority Key Identifier:
                keyid:1C:CF:33:CF:78:47:73:13:C7:38:2E:89:B1:75:73:ED:68:58:8B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HM8zz3hHcxPHOC6JsXVz7WhYi5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/Hz-bNjOewKosqvkhbdq7wllugqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/cef27e-9903-4c3f-807c-128e0053dccf/1/HM8zz3hHcxPHOC6JsXVz7WhYi5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ec00::-2a14:ec00:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1b:43:3a:bb:cf:71:55:02:a9:a7:c1:2a:70:93:36:cf:13:0e:
         9f:96:3e:67:fd:df:69:f7:6e:33:0e:1c:c9:9f:5c:ab:bc:fb:
         39:b0:b6:9a:dc:75:4f:ad:ef:6f:f6:b7:86:7c:da:c1:4e:60:
         28:c2:69:4b:fa:64:48:4f:d6:77:25:2b:3c:5a:bf:19:c4:f5:
         40:30:4e:e6:74:39:9c:8c:4c:ee:b9:0c:21:12:94:ad:1f:24:
         f7:9f:79:cc:8b:14:69:cd:da:67:73:f0:92:34:b3:ad:d3:a6:
         57:18:df:99:e8:88:f6:48:be:4b:52:5e:05:90:69:ac:21:fd:
         1a:a0:9c:ac:8b:be:1e:a9:73:ba:f3:df:c4:1f:e3:a2:a2:20:
         b1:af:f3:48:2e:fd:94:94:ee:ce:c2:17:ed:8f:9b:e1:33:73:
         9e:30:29:c6:3b:25:e2:e7:3a:8b:9a:28:75:65:4e:5a:eb:05:
         9e:a9:68:2c:9c:c2:1a:ef:57:37:c8:9e:b1:25:aa:2f:4c:34:
         e7:51:8e:ab:cc:91:c0:fc:a0:35:02:76:b2:55:59:62:75:cc:
         f2:be:76:7d:de:24:09:3a:30:85:83:70:19:5b:90:11:1b:0d:
         8c:54:93:28:ab:60:92:11:53:6f:6b:f3:e6:d5:5e:4f:eb:40:
         d2:ef:62:b5
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZQhRDfwRoVPHdpkGx18hTAkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjY2YzM2NmNzg0NzczMTNjNzM4MmU4OWIxNzU3M2VkNjg1
ODhiOTMwHhcNMjUwMTAxMDk0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjNmOWIzNjMzOWVjMGFhMmNhYWY5MjE2ZGRhYmJjMjU5NmU4MmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoRE9TSbDrI1suh6RraWuiMj7Sm1h
UANXHB0HIQy9fBbR7MP5/ir4Zlu16MsS7Ysd8E3H9kXZ6Vew1f8Vp22r1scEdyWL
wTe3A7WQLIaXKjWTTX1Cps+AQfm1GMEU4jF5KS/xNu9FplFOmLaPeKaNaWpkHnjR
iMVSuDXdHnChPe+/oM+5RSJ2e4mfnivGLhIO7ZPuUv2cBaBZVqmjwK3xCi59RBE5
w19hfUeGbj93ZuHLISJbW2oEgWktv+ca8Z+a2nycWSh6j/hxTo21ATsrY/O48n5P
PYFPpXqyjacF9zdhraNqHV+C4b/K5jd4piE0QjD/znql32vsLXdiL4Fu1wIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFB8/mzYznsCqLKr5IW3au8JZboKmMB8GA1UdIwQY
MBaAFBzPM894R3MTxzguibF1c+1oWIuTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE04enozaEhjeFBIT0M2SnNYVno3V2hZaTVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9jZWYyN2UtOTkwMy00YzNmLTgwN2Mt
MTI4ZTAwNTNkY2NmLzEvSHotYk5qT2V3S29zcXZraGJkcTd3bGx1Z3FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9jZWYyN2UtOTkwMy00YzNmLTgwN2MtMTI4ZTAwNTNkY2Nm
LzEvSE04enozaEhjeFBIT0M2SnNYVno3V2hZaTVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARMA8DBAIqFOwD
BwAqFOwAAAIwDQYJKoZIhvcNAQELBQADggEBABtDOrvPcVUCqafBKnCTNs8TDp+W
Pmf932n3bjMOHMmfXKu8+zmwtprcdU+t72/2t4Z82sFOYCjCaUv6ZEhP1nclKzxa
vxnE9UAwTuZ0OZyMTO65DCESlK0fJPefecyLFGnN2mdz8JI0s63TplcY35noiPZI
vktSXgWQaawh/RqgnKyLvh6pc7rz38Qf46KiILGv80gu/ZSU7s7CF+2Pm+Ezc54w
KcY7JeLnOouaKHVlTlrrBZ6paCycwhrvVzfInrElqi9MNOdRjqvMkcD8oDUCdrJV
WWJ1zPK+dn3eJAk6MIWDcBlbkBEbDYxUkyirYJIRU29r8+bVXk/rQNLvYrU=
-----END CERTIFICATE-----