Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Zh-8f0tKdwJJmTErbAZbBlAu2-k.roa
File:                     Zh-8f0tKdwJJmTErbAZbBlAu2-k.roa (raw, json)
Hash identifier:          Krjl31rGf1mkJQ9LvksqzyPEEMfTl0Ol/mUhHx32Z6c=
Subject key identifier:   66:1F:BC:7F:4B:4A:77:02:49:99:31:2B:6C:06:5B:06:50:2E:DB:E9
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0195664BD26B31D9DBB54F57FCF1BC8E760D
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Zh-8f0tKdwJJmTErbAZbBlAu2-k.roa
Signing time:             Wed 05 Mar 2025 12:33:19 +0000
ROA not before:           Wed 05 Mar 2025 12:33:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215672
IP address blocks:        2a14:67c1:8000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:66:4b:d2:6b:31:d9:db:b5:4f:57:fc:f1:bc:8e:76:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Mar  5 12:33:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=661fbc7f4b4a77024999312b6c065b06502edbe9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:dc:f9:a1:8a:e0:9f:fe:b5:76:2b:3e:95:a7:
                    7e:ef:d3:45:f3:58:72:9b:13:e3:3a:26:a0:e2:f7:
                    1d:60:9e:23:e6:3c:cb:35:c0:ca:2c:5c:d2:f7:b5:
                    bd:59:0e:c8:c4:c3:ca:c6:c7:f2:e9:b3:f7:07:19:
                    28:06:af:1b:80:6c:21:78:3e:66:1d:67:55:77:3b:
                    de:93:2a:68:ad:a6:56:13:78:71:fc:dd:58:c3:da:
                    56:f9:20:2b:34:02:16:fa:a5:e7:0f:b6:29:cf:75:
                    d3:b0:df:ce:25:c8:02:a8:11:6f:f1:8e:59:87:5d:
                    43:de:62:82:9d:79:e7:70:c5:44:80:26:ea:36:c1:
                    25:57:2e:e2:7f:14:e2:61:dc:6e:67:2a:a1:9a:99:
                    60:d3:76:69:02:39:1a:a9:03:a0:35:0d:4a:2a:2b:
                    be:83:3d:dd:2a:07:e4:d8:81:4d:79:e6:83:56:9e:
                    20:ec:36:eb:31:fd:c4:b1:64:77:3c:bc:32:1d:e9:
                    3e:eb:6a:89:89:32:35:59:71:81:dc:13:4e:fd:97:
                    52:44:c8:d3:a7:38:c2:ac:a7:e4:7e:4c:53:9f:dd:
                    8b:9b:04:6e:ac:68:d8:23:20:06:50:b0:7d:a3:95:
                    75:ce:5e:84:0d:af:c3:9f:33:d9:2f:b6:d9:80:1a:
                    df:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:1F:BC:7F:4B:4A:77:02:49:99:31:2B:6C:06:5B:06:50:2E:DB:E9
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Zh-8f0tKdwJJmTErbAZbBlAu2-k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         25:d1:a2:6a:9b:6f:20:c2:48:21:57:6d:32:0e:ac:e0:2e:2b:
         76:cb:3b:6d:65:ca:0a:fb:2d:00:f9:86:68:44:8d:5c:75:ac:
         bc:ca:07:9e:95:4f:13:6f:02:09:77:af:60:65:20:30:fe:99:
         63:20:04:50:2f:d9:31:08:7e:4b:8c:db:90:63:dd:2f:07:90:
         97:d5:59:7a:b4:46:61:50:9d:55:e7:29:75:ae:ab:37:e6:49:
         c4:55:c5:8e:29:37:aa:cb:9a:6c:fd:3d:45:a6:75:f8:28:dd:
         e7:f2:b2:dc:6b:48:14:04:dc:46:71:0e:05:29:b5:dd:e4:81:
         ca:3b:a3:b4:85:e0:7b:3d:b9:bc:19:c9:d6:0c:6e:00:92:81:
         76:00:17:e9:9f:bc:f8:d9:3b:c9:f1:14:4a:99:eb:ad:e5:59:
         7d:dd:bb:73:49:a2:66:cb:59:63:69:c9:f3:2c:28:3b:a9:b2:
         51:b1:88:66:20:1e:f0:54:c7:09:ef:93:10:cd:5a:62:ea:d0:
         f7:39:6b:4e:56:d1:94:19:d9:0e:5c:03:30:65:99:7e:37:4e:
         5c:b4:aa:14:41:d6:b4:3e:ef:72:3d:41:b7:7e:99:b0:91:09:
         0b:b4:8e:41:c3:2e:3f:19:08:78:43:df:15:43:29:e8:ea:86:
         59:ef:dc:da
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZVmS9JrMdnbtU9X/PG8jnYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwMzA1MTIzMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NjFmYmM3ZjRiNGE3NzAyNDk5OTMxMmI2YzA2NWIwNjUwMmVkYmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5dz5oYrgn/61dis+lad+79NF81hy
mxPjOiag4vcdYJ4j5jzLNcDKLFzS97W9WQ7IxMPKxsfy6bP3BxkoBq8bgGwheD5m
HWdVdzvekyporaZWE3hx/N1Yw9pW+SArNAIW+qXnD7Ypz3XTsN/OJcgCqBFv8Y5Z
h11D3mKCnXnncMVEgCbqNsElVy7ifxTiYdxuZyqhmplg03ZpAjkaqQOgNQ1KKiu+
gz3dKgfk2IFNeeaDVp4g7DbrMf3EsWR3PLwyHek+62qJiTI1WXGB3BNO/ZdSRMjT
pzjCrKfkfkxTn92LmwRurGjYIyAGULB9o5V1zl6EDa/DnzPZL7bZgBrfxwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGYfvH9LSncCSZkxK2wGWwZQLtvpMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvWmgtOGYwdEtkd0pKbVRFcmJBWmJCbEF1Mi1rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhRnwYAw
DQYJKoZIhvcNAQELBQADggEBACXRomqbbyDCSCFXbTIOrOAuK3bLO21lygr7LQD5
hmhEjVx1rLzKB56VTxNvAgl3r2BlIDD+mWMgBFAv2TEIfkuM25Bj3S8HkJfVWXq0
RmFQnVXnKXWuqzfmScRVxY4pN6rLmmz9PUWmdfgo3efystxrSBQE3EZxDgUptd3k
gco7o7SF4Hs9ubwZydYMbgCSgXYAF+mfvPjZO8nxFEqZ663lWX3du3NJombLWWNp
yfMsKDupslGxiGYgHvBUxwnvkxDNWmLq0Pc5a05W0ZQZ2Q5cAzBlmX43Tly0qhRB
1rQ+73I9Qbd+mbCRCQu0jkHDLj8ZCHhD3xVDKejqhlnv3No=
-----END CERTIFICATE-----