Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/087d25-6db5-4285-ad76-ad7dec11bc5c/1/TXFkFxk0go0Y2-GlYi6JLFAQr8E.roa
File:                     TXFkFxk0go0Y2-GlYi6JLFAQr8E.roa (raw, json)
Hash identifier:          /I3Hs2InDf2N1C0cd7n3+qfO4ge9onR8lMBOsgpKwyE=
Subject key identifier:   4D:71:64:17:19:34:82:8D:18:DB:E1:A5:62:2E:89:2C:50:10:AF:C1
Certificate issuer:       /CN=5cf4583e014eb857018feeb5c92ce1753a09cba0
Certificate serial:       019541DC2B150BC6EC1AEF128D1CE14A201E
Authority key identifier: 5C:F4:58:3E:01:4E:B8:57:01:8F:EE:B5:C9:2C:E1:75:3A:09:CB:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XPRYPgFOuFcBj-61ySzhdToJy6A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/087d25-6db5-4285-ad76-ad7dec11bc5c/1/TXFkFxk0go0Y2-GlYi6JLFAQr8E.roa
Signing time:             Wed 26 Feb 2025 10:45:02 +0000
ROA not before:           Wed 26 Feb 2025 10:45:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212634
IP address blocks:        2a14:9080::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/087d25-6db5-4285-ad76-ad7dec11bc5c/1/XPRYPgFOuFcBj-61ySzhdToJy6A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/087d25-6db5-4285-ad76-ad7dec11bc5c/1/XPRYPgFOuFcBj-61ySzhdToJy6A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XPRYPgFOuFcBj-61ySzhdToJy6A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:41:dc:2b:15:0b:c6:ec:1a:ef:12:8d:1c:e1:4a:20:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5cf4583e014eb857018feeb5c92ce1753a09cba0
        Validity
            Not Before: Feb 26 10:45:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d7164171934828d18dbe1a5622e892c5010afc1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:98:cd:0c:40:ed:e8:39:d1:b2:5e:ad:29:d7:
                    30:a6:0d:12:a8:29:f9:e1:b9:5e:a9:a2:7f:c5:00:
                    bf:fa:31:43:ff:77:cb:f8:bd:22:e6:27:24:7c:d8:
                    5c:6d:a1:63:6a:fb:1f:94:78:97:5d:63:9f:13:95:
                    7c:0b:fa:33:a5:bc:89:01:f0:f3:19:c8:51:87:9f:
                    02:cc:7c:12:bb:cb:0b:94:42:c4:4f:1d:68:75:57:
                    6f:c9:94:a1:36:71:ac:89:b7:8e:74:5f:05:b3:de:
                    96:0c:c0:3a:90:63:f0:b4:52:8d:3e:d7:5f:e4:e1:
                    f7:8d:73:32:54:a9:5c:92:87:f3:b1:4f:3c:38:d9:
                    42:ca:aa:2d:3c:b4:bf:54:30:f1:8a:4f:7a:af:85:
                    42:fa:d4:7e:d1:b3:bc:79:e3:34:0c:5b:6c:45:a3:
                    8f:19:b2:35:a6:d9:6b:23:1c:0f:6f:d8:b8:b0:aa:
                    63:f5:af:e7:e2:ed:52:5e:63:00:32:93:1a:88:23:
                    87:cb:9f:7f:76:d2:4c:fd:38:70:1b:a8:b2:57:60:
                    52:a4:61:ba:10:df:c0:01:df:5d:91:da:4d:d6:8a:
                    6f:1b:0b:29:3a:9e:7d:7a:d4:32:af:76:d2:57:ee:
                    08:86:c4:fb:c1:e5:44:06:c0:d3:43:81:b1:5b:bf:
                    b2:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:71:64:17:19:34:82:8D:18:DB:E1:A5:62:2E:89:2C:50:10:AF:C1
            X509v3 Authority Key Identifier:
                keyid:5C:F4:58:3E:01:4E:B8:57:01:8F:EE:B5:C9:2C:E1:75:3A:09:CB:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XPRYPgFOuFcBj-61ySzhdToJy6A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/087d25-6db5-4285-ad76-ad7dec11bc5c/1/TXFkFxk0go0Y2-GlYi6JLFAQr8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/087d25-6db5-4285-ad76-ad7dec11bc5c/1/XPRYPgFOuFcBj-61ySzhdToJy6A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9080::/29

    Signature Algorithm: sha256WithRSAEncryption
         56:ff:d7:c0:05:0a:5d:1a:da:05:31:1f:49:df:fe:49:0f:cb:
         07:e4:a1:d3:f1:af:4a:7a:29:3f:65:f8:05:7b:b3:18:a7:47:
         6f:65:1c:1d:d9:38:b5:3c:e4:57:06:96:ba:da:b6:eb:b7:4d:
         8c:87:2c:98:4f:8e:f6:9f:01:f0:fe:9c:fd:3e:9e:02:b6:0e:
         88:ae:a5:80:e9:c7:5c:a8:00:c9:93:36:d0:43:2e:99:39:ce:
         56:9c:f8:d2:2e:3f:90:fc:3e:4b:0f:7b:74:82:e5:47:5b:6e:
         94:b2:be:0a:24:a4:17:bc:bc:df:3a:33:96:d8:7c:63:7d:78:
         cb:8a:3a:a0:71:1f:93:1d:5b:17:c2:3b:bf:f6:e4:5b:33:e9:
         7e:a3:d4:5d:d0:96:ba:39:a8:f3:59:ad:c0:d2:04:b7:98:47:
         ea:e7:81:b4:46:22:f5:14:a5:3f:2f:14:4e:b3:c1:55:3a:28:
         cb:0a:97:62:26:92:db:f4:f4:d0:82:b4:26:23:59:35:21:9a:
         4a:bf:5f:30:49:c3:81:f7:e1:33:6f:05:c0:fa:0f:b4:03:63:
         d8:3b:4b:53:53:77:a8:0c:9d:9a:02:68:c3:7c:d8:c2:af:02:
         e4:a7:f7:de:dd:66:e8:ba:e0:f2:be:3d:39:d5:c9:91:91:25:
         33:24:a5:a9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVB3CsVC8bsGu8SjRzhSiAeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjZjQ1ODNlMDE0ZWI4NTcwMThmZWViNWM5MmNlMTc1M2Ew
OWNiYTAwHhcNMjUwMjI2MTA0NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDcxNjQxNzE5MzQ4MjhkMThkYmUxYTU2MjJlODkyYzUwMTBhZmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+JjNDEDt6DnRsl6tKdcwpg0SqCn5
4bleqaJ/xQC/+jFD/3fL+L0i5ickfNhcbaFjavsflHiXXWOfE5V8C/ozpbyJAfDz
GchRh58CzHwSu8sLlELETx1odVdvyZShNnGsibeOdF8Fs96WDMA6kGPwtFKNPtdf
5OH3jXMyVKlckofzsU88ONlCyqotPLS/VDDxik96r4VC+tR+0bO8eeM0DFtsRaOP
GbI1ptlrIxwPb9i4sKpj9a/n4u1SXmMAMpMaiCOHy59/dtJM/ThwG6iyV2BSpGG6
EN/AAd9dkdpN1opvGwspOp59etQyr3bSV+4IhsT7weVEBsDTQ4GxW7+yBwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE1xZBcZNIKNGNvhpWIuiSxQEK/BMB8GA1UdIwQY
MBaAFFz0WD4BTrhXAY/utcks4XU6CcugMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWFBSWVBnRk91RmNCai02MXlTemhkVG9KeTZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi8wODdkMjUtNmRiNS00Mjg1LWFkNzYt
YWQ3ZGVjMTFiYzVjLzEvVFhGa0Z4azBnbzBZMi1HbFlpNkpMRkFRcjhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi8wODdkMjUtNmRiNS00Mjg1LWFkNzYtYWQ3ZGVjMTFiYzVj
LzEvWFBSWVBnRk91RmNCai02MXlTemhkVG9KeTZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSQgDAN
BgkqhkiG9w0BAQsFAAOCAQEAVv/XwAUKXRraBTEfSd/+SQ/LB+Sh0/GvSnopP2X4
BXuzGKdHb2UcHdk4tTzkVwaWutq267dNjIcsmE+O9p8B8P6c/T6eArYOiK6lgOnH
XKgAyZM20EMumTnOVpz40i4/kPw+Sw97dILlR1tulLK+CiSkF7y83zozlth8Y314
y4o6oHEfkx1bF8I7v/bkWzPpfqPUXdCWujmo81mtwNIEt5hH6ueBtEYi9RSlPy8U
TrPBVTooywqXYiaS2/T00IK0JiNZNSGaSr9fMEnDgffhM28FwPoPtANj2DtLU1N3
qAydmgJow3zYwq8C5Kf33t1m6Lrg8r49OdXJkZElMySlqQ==
-----END CERTIFICATE-----