Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uON2AZKewn22ph48wsucePPeGGs.roa
File:                     uON2AZKewn22ph48wsucePPeGGs.roa (raw, json)
Hash identifier:          fM2a4O9fUH4LhlB9C9HNNSyscgd8emrCgv/XCKrRpN8=
Subject key identifier:   B8:E3:76:01:92:9E:C2:7D:B6:A6:1E:3C:C2:CB:9C:78:F3:DE:18:6B
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01957C203429207B6E002D3369895F5B074B
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uON2AZKewn22ph48wsucePPeGGs.roa
Signing time:             Sun 09 Mar 2025 18:17:20 +0000
ROA not before:           Sun 09 Mar 2025 18:17:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213605
IP address blocks:        2a14:67c1:a020::/44 maxlen: 48
                          2a14:67c1:b100::/40 maxlen: 48
                          2a14:67c1:b100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 10:01:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:7c:20:34:29:20:7b:6e:00:2d:33:69:89:5f:5b:07:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Mar  9 18:17:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b8e37601929ec27db6a61e3cc2cb9c78f3de186b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:39:e1:2e:ba:af:79:f7:d4:5d:0f:0e:de:02:
                    06:a2:4c:2e:aa:ca:39:af:13:76:4b:96:cc:2a:80:
                    94:f8:20:ed:08:d9:c9:07:f0:1c:8a:a2:cd:d3:78:
                    d5:8b:1a:d9:25:1d:26:de:d9:de:c2:2d:64:49:e2:
                    96:de:02:8d:14:18:ad:01:4d:b4:b9:5d:44:8f:8f:
                    2b:19:01:a4:56:ab:a6:74:ab:24:d1:2c:8a:38:8a:
                    a5:1b:21:95:0e:3e:b9:97:38:22:55:23:07:be:f8:
                    08:8b:4b:fa:a7:c9:7d:b5:40:c0:d5:79:74:90:96:
                    eb:72:bd:15:c4:f7:9f:eb:4a:d3:c7:8b:60:64:d6:
                    1a:8b:f3:07:b6:46:d9:05:7f:14:64:3c:7e:92:33:
                    4a:82:b5:3c:0c:e1:92:f7:ef:22:d4:4c:73:ef:a8:
                    6e:0b:99:88:30:2b:7d:67:0f:2b:7d:e9:a6:ff:0d:
                    f5:2d:df:56:fa:c9:f9:5f:a3:35:3e:12:1e:34:85:
                    e1:8e:59:eb:61:c8:f7:38:28:c9:f2:dd:36:d6:6e:
                    62:4c:bc:1f:13:67:09:04:dc:f3:0d:58:1f:8d:20:
                    fd:a9:01:8b:de:b1:60:45:a2:d6:04:03:af:65:8d:
                    12:a1:20:08:f6:4f:32:59:2c:08:bb:31:44:84:a3:
                    54:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:E3:76:01:92:9E:C2:7D:B6:A6:1E:3C:C2:CB:9C:78:F3:DE:18:6B
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uON2AZKewn22ph48wsucePPeGGs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a020::/44
                  2a14:67c1:b100::/40

    Signature Algorithm: sha256WithRSAEncryption
         14:cb:7a:1d:4e:05:8e:bf:12:c0:5c:1f:05:4f:17:55:a6:27:
         ce:6b:46:c8:1e:e7:b8:3a:3b:0f:f9:f5:ec:cc:0f:71:fa:f7:
         f1:61:bc:6a:23:c1:e8:1a:73:61:b9:ef:4a:4f:da:53:dd:09:
         f2:e3:2c:6c:aa:e5:e6:d0:2b:38:38:f0:9d:16:e0:e6:45:da:
         24:8a:da:b7:84:f4:7d:31:2d:29:e4:26:00:40:f4:8a:81:10:
         1e:4b:f0:e7:97:ed:51:d1:cc:9f:47:31:7c:b7:41:3d:5c:47:
         78:09:83:3e:92:89:ad:43:f1:fa:1e:10:b4:bb:f8:3e:61:0b:
         4c:0d:4b:9f:69:32:e8:15:6d:be:b0:3b:ed:e1:86:02:f7:74:
         1b:e6:d2:3d:7f:de:0b:cf:ca:46:84:c2:84:d1:ca:39:06:d0:
         2c:58:df:0a:c9:55:cc:3f:0e:4e:d1:62:6e:fc:09:c1:51:5d:
         c1:3e:f3:9f:e2:39:45:aa:e6:c4:0c:41:ea:7c:8d:a3:ac:cb:
         cb:a0:0b:3d:1c:4c:2b:37:e9:54:04:89:ee:81:b9:8c:e9:9f:
         ea:e4:f2:a7:3d:30:54:a9:44:88:50:97:77:e4:e2:fb:b2:df:
         08:25:35:bf:dd:1a:89:b3:f4:27:13:e3:11:be:e3:cb:c3:25:
         1c:cf:93:c8
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZV8IDQpIHtuAC0zaYlfWwdLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwMzA5MTgxNzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGUzNzYwMTkyOWVjMjdkYjZhNjFlM2NjMmNiOWM3OGYzZGUxODZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwznhLrqveffUXQ8O3gIGokwuqso5
rxN2S5bMKoCU+CDtCNnJB/AciqLN03jVixrZJR0m3tnewi1kSeKW3gKNFBitAU20
uV1Ej48rGQGkVqumdKsk0SyKOIqlGyGVDj65lzgiVSMHvvgIi0v6p8l9tUDA1Xl0
kJbrcr0VxPef60rTx4tgZNYai/MHtkbZBX8UZDx+kjNKgrU8DOGS9+8i1Exz76hu
C5mIMCt9Zw8rfemm/w31Ld9W+sn5X6M1PhIeNIXhjlnrYcj3OCjJ8t021m5iTLwf
E2cJBNzzDVgfjSD9qQGL3rFgRaLWBAOvZY0SoSAI9k8yWSwIuzFEhKNU7QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFLjjdgGSnsJ9tqYePMLLnHjz3hhrMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvdU9OMkFaS2V3bjIycGg0OHdzdWNlUFBlR0dzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKhRnwaAg
AwYAKhRnwbEwDQYJKoZIhvcNAQELBQADggEBABTLeh1OBY6/EsBcHwVPF1WmJ85r
Rsge57g6Ow/59ezMD3H69/FhvGojwegac2G570pP2lPdCfLjLGyq5ebQKzg48J0W
4OZF2iSK2reE9H0xLSnkJgBA9IqBEB5L8OeX7VHRzJ9HMXy3QT1cR3gJgz6Sia1D
8foeELS7+D5hC0wNS59pMugVbb6wO+3hhgL3dBvm0j1/3gvPykaEwoTRyjkG0CxY
3wrJVcw/Dk7RYm78CcFRXcE+85/iOUWq5sQMQep8jaOsy8ugCz0cTCs36VQEie6B
uYzpn+rk8qc9MFSpRIhQl3fk4vuy3wglNb/dGomz9CcT4xG+48vDJRzPk8g=
-----END CERTIFICATE-----