Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/g9H2LktE3c6-Sqs72dXiG041h9c.roa
File:                     g9H2LktE3c6-Sqs72dXiG041h9c.roa (raw, json)
Hash identifier:          sGtady+29HwzEbBTNubgrQ0Nflo2I8avNRSZW2kEUiA=
Subject key identifier:   83:D1:F6:2E:4B:44:DD:CE:BE:4A:AB:3B:D9:D5:E2:1B:4E:35:87:D7
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0197F34AB42908D50B413B6635C9851FD2B6
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/g9H2LktE3c6-Sqs72dXiG041h9c.roa
Signing time:             Thu 10 Jul 2025 07:44:08 +0000
ROA not before:           Thu 10 Jul 2025 07:44:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212831
IP address blocks:        2a14:67c1:a150::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f3:4a:b4:29:08:d5:0b:41:3b:66:35:c9:85:1f:d2:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jul 10 07:44:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83d1f62e4b44ddcebe4aab3bd9d5e21b4e3587d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:55:c4:0a:a0:dd:bb:1b:80:91:8c:87:56:ee:
                    2d:a4:bf:ee:40:c1:af:2e:62:0f:e9:b2:8b:d6:dd:
                    e8:3a:ca:ca:38:30:34:2b:88:42:08:5d:08:ad:5f:
                    f2:29:27:cc:b5:7e:0e:f2:c5:cc:af:3e:51:56:e2:
                    f9:79:f3:a0:cb:89:71:03:05:cf:ec:2d:23:51:4d:
                    23:95:6a:97:e8:8f:78:47:f7:97:76:cf:c5:3c:aa:
                    f6:b0:c3:79:94:ce:92:4d:a9:07:f5:62:88:32:7b:
                    a7:78:05:6d:1c:38:26:5f:48:e2:4a:44:fb:f7:5f:
                    87:26:6d:f7:97:f4:43:e2:00:6e:3b:55:c8:32:09:
                    0b:48:d8:3c:9a:b2:89:0e:82:07:5b:c1:74:2c:7b:
                    2e:51:f3:21:f4:2e:63:52:ae:53:76:f7:82:6b:85:
                    70:20:9d:13:96:52:1f:04:ac:9e:4d:f3:af:a6:6d:
                    60:37:75:2b:b4:6c:c7:72:c7:03:dd:4a:96:1e:34:
                    4a:48:9f:2b:e3:9a:e8:51:70:99:a9:6a:23:7a:53:
                    7e:ec:00:16:90:47:5b:f3:e9:4c:90:5b:73:d9:c3:
                    cc:0e:2a:db:51:b0:94:6f:a5:fc:22:b8:e3:13:af:
                    0a:6f:f5:7c:25:ad:a8:33:6b:fe:74:4c:b9:5c:ce:
                    96:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:D1:F6:2E:4B:44:DD:CE:BE:4A:AB:3B:D9:D5:E2:1B:4E:35:87:D7
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/g9H2LktE3c6-Sqs72dXiG041h9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a150::/44

    Signature Algorithm: sha256WithRSAEncryption
         c7:80:ff:51:b0:41:e0:a2:74:8e:43:83:47:fa:67:7b:5a:55:
         44:9b:15:7d:46:8b:45:e4:1e:ad:25:e0:38:02:f7:c5:17:4b:
         cd:2d:9d:d5:5f:c6:ff:61:f4:a1:a3:3a:8a:05:da:45:de:e2:
         53:8f:dd:a7:0c:1f:f8:f2:cf:cb:13:70:0a:57:17:4a:a0:b5:
         40:94:d0:b8:9a:14:52:b7:fc:43:61:bf:4b:54:70:3c:d5:37:
         f4:63:a3:d7:af:6e:4c:09:27:74:71:de:f5:0c:e7:4a:81:c3:
         e8:7e:a0:6a:f7:9b:ae:b5:a2:9e:3f:6e:c7:48:69:bf:c1:f0:
         90:ec:30:4c:28:fa:21:43:cf:4f:fc:c7:3a:36:81:b9:3d:ae:
         cf:91:2a:de:69:40:83:cc:c1:97:b5:43:d0:15:24:24:c0:71:
         5e:a7:65:bc:bb:1a:26:38:dc:f3:4c:e5:15:06:e8:ef:b6:b5:
         54:25:b9:6d:ae:a3:ba:31:9d:eb:e0:8b:de:0f:59:85:29:1c:
         6b:54:7e:d5:a4:9b:5e:f5:7b:c2:1b:45:fe:c2:63:e2:74:b1:
         8e:fc:6b:b3:fd:91:9d:9f:6e:12:ef:d4:12:38:7a:3b:b3:2d:
         c9:0e:b4:01:1c:57:db:f3:aa:4e:db:8c:3d:90:fe:23:6e:83:
         c9:1c:6b:ac
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfzSrQpCNULQTtmNcmFH9K2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNzEwMDc0NDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2QxZjYyZTRiNDRkZGNlYmU0YWFiM2JkOWQ1ZTIxYjRlMzU4N2Q3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1XECqDduxuAkYyHVu4tpL/uQMGv
LmIP6bKL1t3oOsrKODA0K4hCCF0IrV/yKSfMtX4O8sXMrz5RVuL5efOgy4lxAwXP
7C0jUU0jlWqX6I94R/eXds/FPKr2sMN5lM6STakH9WKIMnuneAVtHDgmX0jiSkT7
91+HJm33l/RD4gBuO1XIMgkLSNg8mrKJDoIHW8F0LHsuUfMh9C5jUq5TdveCa4Vw
IJ0TllIfBKyeTfOvpm1gN3UrtGzHcscD3UqWHjRKSJ8r45roUXCZqWojelN+7AAW
kEdb8+lMkFtz2cPMDirbUbCUb6X8IrjjE68Kb/V8Ja2oM2v+dEy5XM6W/wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIPR9i5LRN3OvkqrO9nV4htONYfXMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvZzlIMkxrdEUzYzYtU3FzNzJkWGlHMDQxaDljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwaFQ
MA0GCSqGSIb3DQEBCwUAA4IBAQDHgP9RsEHgonSOQ4NH+md7WlVEmxV9RotF5B6t
JeA4AvfFF0vNLZ3VX8b/YfShozqKBdpF3uJTj92nDB/48s/LE3AKVxdKoLVAlNC4
mhRSt/xDYb9LVHA81Tf0Y6PXr25MCSd0cd71DOdKgcPofqBq95uutaKeP27HSGm/
wfCQ7DBMKPohQ89P/Mc6NoG5Pa7PkSreaUCDzMGXtUPQFSQkwHFep2W8uxomONzz
TOUVBujvtrVUJbltrqO6MZ3r4IveD1mFKRxrVH7VpJte9XvCG0X+wmPidLGO/Guz
/ZGdn24S79QSOHo7sy3JDrQBHFfb86pO24w9kP4jboPJHGus
-----END CERTIFICATE-----