Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/2TGBhXnKoXJARNS0wAk3f-tgiAs.roa
File:                     2TGBhXnKoXJARNS0wAk3f-tgiAs.roa (raw, json)
Hash identifier:          Decca7SNULDFLScxmhqcExR9WP9APTrBDto2LXAQjt8=
Subject key identifier:   D9:31:81:85:79:CA:A1:72:40:44:D4:B4:C0:09:37:7F:EB:60:88:0B
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019C131B6F9690BE1785D81831931F0863FF
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/2TGBhXnKoXJARNS0wAk3f-tgiAs.roa
Signing time:             Sat 31 Jan 2026 08:11:31 +0000
ROA not before:           Sat 31 Jan 2026 08:11:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214575
IP address blocks:        2a14:67c3:67c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Feb 2026 15:25:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:13:1b:6f:96:90:be:17:85:d8:18:31:93:1f:08:63:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan 31 08:11:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d931818579caa1724044d4b4c009377feb60880b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:29:38:61:41:9d:07:31:6f:ba:17:7b:02:55:
                    7f:ea:14:50:0a:3b:80:69:39:69:8e:0b:02:80:42:
                    6a:54:c7:83:40:04:f7:c7:99:f4:1b:c3:7c:e2:45:
                    09:c7:27:4d:c2:75:ab:7c:08:81:32:b0:9a:0f:99:
                    23:3e:bc:ed:ef:06:de:7c:a1:f2:e3:c7:0d:85:a5:
                    d9:ed:42:7a:6c:02:2a:66:e5:92:46:a1:f4:22:ba:
                    7f:37:5d:23:95:64:51:05:e0:9e:e2:6d:1b:2d:7b:
                    c1:ef:06:77:66:3d:49:c1:18:2e:c0:0a:d9:ef:ff:
                    5c:eb:d6:55:aa:6c:2b:77:a4:63:9d:31:36:34:4c:
                    6d:40:ab:4b:19:0a:ba:a5:13:8d:9c:17:8b:1a:f6:
                    78:7d:13:e6:6d:fe:9b:1d:87:8a:2b:42:fc:57:37:
                    7e:3c:40:d9:16:7e:fd:95:f3:7b:2d:1c:04:f2:46:
                    2c:ef:fb:be:0c:d3:a4:53:06:c6:46:77:b7:e6:7b:
                    7f:ab:2a:c8:1d:0e:0d:ad:b4:ea:b3:9f:06:3c:96:
                    f0:aa:3a:94:58:af:0f:64:c4:84:f1:0b:23:d1:e7:
                    b6:73:53:40:14:5e:d0:f2:59:2f:55:95:4a:aa:99:
                    15:3c:ce:fa:b0:fd:98:b3:a0:0b:0b:99:6a:4f:c1:
                    c2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:31:81:85:79:CA:A1:72:40:44:D4:B4:C0:09:37:7F:EB:60:88:0B
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/2TGBhXnKoXJARNS0wAk3f-tgiAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:67c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9d:8f:02:cc:4c:b5:17:9b:01:e8:dd:45:8c:3f:8d:59:57:8a:
         d1:76:95:b7:dd:9e:c2:12:0f:ec:73:8e:d5:39:f5:9e:88:7e:
         86:11:42:e8:76:05:0a:e1:84:06:4b:71:83:30:2c:4f:22:25:
         5a:b9:b0:91:0b:c3:81:ee:fe:64:2e:c5:07:42:41:bb:75:43:
         1f:19:14:85:84:37:8f:5c:73:af:9f:7f:17:10:ac:0b:7a:b7:
         c2:b4:6c:d3:f7:77:e0:48:00:d0:35:a1:23:05:ee:40:10:fd:
         fe:1b:9e:ce:fc:ba:59:6a:d7:4f:0a:66:69:fe:39:2c:06:9b:
         ee:67:b3:dc:06:f7:75:27:0c:33:a9:34:2c:ce:75:30:87:94:
         dd:15:17:5c:4d:17:0e:21:3d:34:70:33:bc:83:ca:77:58:8b:
         06:c4:75:c7:77:c9:b9:dd:49:a6:8f:76:95:4a:82:2c:f5:81:
         fc:e4:a0:31:ab:bf:26:98:89:3c:4f:6b:be:8c:a8:da:9c:b1:
         69:1b:a4:9d:96:ca:e2:c6:86:b5:94:1a:bd:91:4c:9c:0a:5e:
         6f:f5:90:62:1c:78:45:44:75:b4:8c:85:13:9a:92:24:ad:83:
         77:f1:b5:e4:6f:e6:01:3c:86:46:03:5c:d4:98:2f:af:ee:ce:
         e8:7f:ed:e2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwTG2+WkL4XhdgYMZMfCGP/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMTMxMDgxMTMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTMxODE4NTc5Y2FhMTcyNDA0NGQ0YjRjMDA5Mzc3ZmViNjA4ODBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhyk4YUGdBzFvuhd7AlV/6hRQCjuA
aTlpjgsCgEJqVMeDQAT3x5n0G8N84kUJxydNwnWrfAiBMrCaD5kjPrzt7wbefKHy
48cNhaXZ7UJ6bAIqZuWSRqH0Irp/N10jlWRRBeCe4m0bLXvB7wZ3Zj1JwRguwArZ
7/9c69ZVqmwrd6RjnTE2NExtQKtLGQq6pRONnBeLGvZ4fRPmbf6bHYeKK0L8Vzd+
PEDZFn79lfN7LRwE8kYs7/u+DNOkUwbGRne35nt/qyrIHQ4NrbTqs58GPJbwqjqU
WK8PZMSE8Qsj0ee2c1NAFF7Q8lkvVZVKqpkVPM76sP2Ys6ALC5lqT8HCLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNkxgYV5yqFyQETUtMAJN3/rYIgLMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvMlRHQmhYbktvWEpBUk5TMHdBazNmLXRnaUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnw2fA
MA0GCSqGSIb3DQEBCwUAA4IBAQCdjwLMTLUXmwHo3UWMP41ZV4rRdpW33Z7CEg/s
c47VOfWeiH6GEULodgUK4YQGS3GDMCxPIiVaubCRC8OB7v5kLsUHQkG7dUMfGRSF
hDePXHOvn38XEKwLerfCtGzT93fgSADQNaEjBe5AEP3+G57O/LpZatdPCmZp/jks
BpvuZ7PcBvd1JwwzqTQsznUwh5TdFRdcTRcOIT00cDO8g8p3WIsGxHXHd8m53Umm
j3aVSoIs9YH85KAxq78mmIk8T2u+jKjanLFpG6Sdlsrixoa1lBq9kUycCl5v9ZBi
HHhFRHW0jIUTmpIkrYN38bXkb+YBPIZGA1zUmC+v7s7of+3i
-----END CERTIFICATE-----