Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CpJEYKXvHCDQFtQCgGsEp7fv_3Q.roa
File:                     CpJEYKXvHCDQFtQCgGsEp7fv_3Q.roa (raw, json)
Hash identifier:          nEK+P6U/6vWMdSdKNYPqcNqUWeOW83vnh2SCPWzPtIc=
Subject key identifier:   0A:92:44:60:A5:EF:1C:20:D0:16:D4:02:80:6B:04:A7:B7:EF:FF:74
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0199B66D9C960874FE9BD9013F6CB14A8DF1
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CpJEYKXvHCDQFtQCgGsEp7fv_3Q.roa
Signing time:             Sun 05 Oct 2025 22:11:00 +0000
ROA not before:           Sun 05 Oct 2025 22:11:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31898
IP address blocks:        2a14:67c1:c300::/40 maxlen: 48
                          2a14:67c1:c700::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 Oct 2025 16:33:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b6:6d:9c:96:08:74:fe:9b:d9:01:3f:6c:b1:4a:8d:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Oct  5 22:11:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a924460a5ef1c20d016d402806b04a7b7efff74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7e:14:b7:93:21:65:e0:c9:01:a3:c9:0f:a9:
                    cb:71:3a:61:74:19:ed:2c:fc:51:1a:04:86:ab:0d:
                    ae:17:bd:4d:24:c6:22:d7:5b:b0:9a:96:22:d0:b0:
                    c8:10:0b:4a:c2:4e:85:94:4f:54:4e:96:83:d8:95:
                    ba:7a:9a:99:c7:74:0d:4e:66:ee:cd:aa:61:f8:50:
                    3f:5b:41:74:f8:90:3f:71:fe:a2:25:dc:2e:9e:1c:
                    a4:85:f5:b3:6f:c0:62:6a:88:04:11:8e:d2:2d:b2:
                    d3:2e:29:c3:3c:19:00:d0:83:16:2e:e9:78:e4:80:
                    86:bd:ed:44:a5:28:0a:93:14:d8:ac:35:01:5f:82:
                    17:a5:69:1a:bf:4f:b8:ed:ca:e0:40:5e:be:68:7d:
                    85:fd:b2:a1:cb:59:13:fd:62:5c:d3:bf:c2:9f:c3:
                    8d:e1:28:75:51:21:ab:2a:47:de:e1:03:54:f7:62:
                    2c:25:81:b3:88:88:26:f5:ad:1c:1a:16:f0:c4:6f:
                    2d:dc:f2:49:1c:4e:08:1b:27:60:0c:ec:21:09:f5:
                    25:25:17:ea:bb:ed:14:4b:81:44:5c:95:fb:24:68:
                    d8:8b:15:92:76:a9:3c:88:25:09:69:8d:12:00:d5:
                    16:2b:18:a9:f7:43:52:53:f6:c2:ce:31:27:68:65:
                    ed:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:92:44:60:A5:EF:1C:20:D0:16:D4:02:80:6B:04:A7:B7:EF:FF:74
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CpJEYKXvHCDQFtQCgGsEp7fv_3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:c300::/40
                  2a14:67c1:c700::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:d9:cf:d1:f9:6b:66:3b:db:16:a8:81:bb:33:a7:36:35:1a:
         70:f4:9a:d3:3f:ec:e8:aa:59:a1:2f:e3:df:d9:0c:bb:fe:ea:
         ee:2e:69:95:1f:a3:18:06:91:11:82:0f:91:84:6a:92:70:d8:
         95:b4:bc:f9:1a:c6:f9:92:03:48:9a:e6:17:82:26:55:97:93:
         af:f8:bb:4b:ea:40:c1:d5:1b:68:cd:b0:c7:49:0f:db:7e:4d:
         9a:49:16:c5:87:fa:46:e5:7c:9b:d1:b0:40:d4:a4:a6:e2:cb:
         66:cd:10:15:4f:28:11:52:0b:f2:90:75:04:d2:42:48:6f:95:
         da:8f:a2:9a:97:85:92:53:1b:4b:30:64:35:1b:5e:6c:4e:b5:
         8e:f7:73:bd:2d:70:28:e6:62:bc:fb:11:d8:24:3b:0d:07:ad:
         0f:6c:31:c6:4d:78:bd:76:67:4c:9d:70:6f:99:c4:87:2a:6c:
         65:a0:d8:34:be:6e:ea:e0:5b:03:2f:c7:f4:f8:6a:70:14:8e:
         2c:a7:54:f6:8f:f0:f7:02:97:69:a2:f2:78:ed:1e:21:9f:a1:
         2a:1f:25:b1:9e:b8:87:27:7c:2a:e7:41:86:fc:71:56:48:f4:
         6b:05:e9:84:62:6a:81:20:18:e2:94:7c:8d:cd:10:78:28:c1:
         ff:b5:9f:37
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZm2bZyWCHT+m9kBP2yxSo3xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMDA1MjIxMTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTkyNDQ2MGE1ZWYxYzIwZDAxNmQ0MDI4MDZiMDRhN2I3ZWZmZjc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvX4Ut5MhZeDJAaPJD6nLcTphdBnt
LPxRGgSGqw2uF71NJMYi11uwmpYi0LDIEAtKwk6FlE9UTpaD2JW6epqZx3QNTmbu
zaph+FA/W0F0+JA/cf6iJdwunhykhfWzb8BiaogEEY7SLbLTLinDPBkA0IMWLul4
5ICGve1EpSgKkxTYrDUBX4IXpWkav0+47crgQF6+aH2F/bKhy1kT/WJc07/Cn8ON
4Sh1USGrKkfe4QNU92IsJYGziIgm9a0cGhbwxG8t3PJJHE4IGydgDOwhCfUlJRfq
u+0US4FEXJX7JGjYixWSdqk8iCUJaY0SANUWKxip90NSU/bCzjEnaGXt9QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFAqSRGCl7xwg0BbUAoBrBKe37/90MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvQ3BKRVlLWHZIQ0RRRnRRQ2dHc0VwN2Z2XzNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKhRnwcMD
BwAqFGfBxwAwDQYJKoZIhvcNAQELBQADggEBAArZz9H5a2Y72xaogbszpzY1GnD0
mtM/7OiqWaEv49/ZDLv+6u4uaZUfoxgGkRGCD5GEapJw2JW0vPkaxvmSA0ia5heC
JlWXk6/4u0vqQMHVG2jNsMdJD9t+TZpJFsWH+kblfJvRsEDUpKbiy2bNEBVPKBFS
C/KQdQTSQkhvldqPopqXhZJTG0swZDUbXmxOtY73c70tcCjmYrz7EdgkOw0HrQ9s
McZNeL12Z0ydcG+ZxIcqbGWg2DS+burgWwMvx/T4anAUjiynVPaP8PcCl2mi8njt
HiGfoSofJbGeuIcnfCrnQYb8cVZI9GsF6YRiaoEgGOKUfI3NEHgowf+1nzc=
-----END CERTIFICATE-----