Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CkiB6cstURwa21Z1XbsWK8cKbZA.roa
File:                     CkiB6cstURwa21Z1XbsWK8cKbZA.roa (raw, json)
Hash identifier:          OThbUwQAIBMgd2wQ9/4RWpNo32VaplHce9LaJpTTg4I=
Subject key identifier:   0A:48:81:E9:CB:2D:51:1C:1A:DB:56:75:5D:BB:16:2B:C7:0A:6D:90
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019DB30D5A5709B37ABC31C9F000FCC1DEBE
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CkiB6cstURwa21Z1XbsWK8cKbZA.roa
Signing time:             Wed 22 Apr 2026 02:38:09 +0000
ROA not before:           Wed 22 Apr 2026 02:38:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199592
IP address blocks:        2a14:67c1:500::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:0d:5a:57:09:b3:7a:bc:31:c9:f0:00:fc:c1:de:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 22 02:38:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0a4881e9cb2d511c1adb56755dbb162bc70a6d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:d6:83:12:a7:8a:af:c7:0d:15:a7:71:b7:f9:
                    98:19:ea:19:ba:1b:84:d9:e1:4b:0b:1a:51:6c:4e:
                    00:10:3f:62:92:d0:53:26:49:1d:8b:30:6d:a3:16:
                    95:83:be:c4:75:3a:cc:e7:70:31:54:6c:f8:59:0e:
                    58:ad:81:94:ca:f4:94:16:44:4f:86:96:cf:25:d8:
                    3d:d7:c2:f3:79:ce:6c:e2:00:c1:21:94:13:b0:ef:
                    ef:ad:eb:0f:14:fe:17:4a:49:de:14:01:64:d2:32:
                    f9:10:38:23:1d:59:87:a3:22:11:2d:b1:a0:5f:09:
                    c1:88:47:0e:38:ae:f4:c3:90:f1:cd:1c:86:b8:49:
                    4b:a4:dd:93:12:51:24:7f:0e:9d:4e:3f:4c:ae:c9:
                    5a:40:7e:0f:3e:fe:d7:22:16:a6:29:8d:0b:97:d5:
                    57:be:30:2d:6d:b2:f1:5f:2b:f0:d8:0a:ae:f5:4d:
                    f9:67:16:76:0e:ee:7a:45:64:98:5e:2c:b2:5e:95:
                    33:fb:a4:4b:bc:3d:82:9f:cb:75:9d:fb:78:9b:a5:
                    e9:98:f1:ce:e2:ff:6e:ea:8e:d6:48:b9:af:00:c0:
                    9a:a9:d2:23:b8:41:f8:15:ea:46:e8:aa:38:00:7d:
                    10:d4:58:72:aa:09:44:38:0b:33:9e:e6:b4:87:84:
                    7a:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:48:81:E9:CB:2D:51:1C:1A:DB:56:75:5D:BB:16:2B:C7:0A:6D:90
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CkiB6cstURwa21Z1XbsWK8cKbZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         d3:49:eb:19:45:bc:4c:69:7a:8f:d8:4c:55:c3:af:22:f4:7d:
         00:08:5d:ad:17:63:0c:b8:73:3c:ac:08:eb:4f:e9:b6:90:1a:
         d3:15:18:73:3e:09:c2:f1:d1:59:dc:60:c6:ea:75:cc:cd:95:
         0c:c4:6b:84:5d:f8:08:c0:d8:a8:cc:31:1a:ce:87:94:84:41:
         5d:52:67:4f:6e:90:51:a7:c8:4a:de:7f:8b:be:df:c7:3b:fa:
         22:85:14:e1:53:6f:44:2b:5e:40:71:13:7e:c5:13:b6:27:a9:
         06:87:cf:1b:b3:44:a5:18:da:71:f5:75:7b:68:c4:92:24:b2:
         3d:54:13:c8:57:fe:53:9a:82:6c:ad:b7:2c:c6:36:3a:df:9b:
         41:38:10:29:d0:60:df:ae:94:5a:23:fe:6a:a0:a7:42:e2:11:
         33:c0:46:c4:17:93:b8:fa:80:95:46:8c:36:8d:95:62:30:79:
         ee:3b:b1:bd:a1:14:3e:2e:94:e9:2e:c8:3d:e8:0c:a0:7b:00:
         87:25:07:03:ab:85:0e:0c:91:58:aa:23:21:c9:55:1e:b1:9f:
         e6:33:5a:be:e4:16:45:4d:d3:34:2b:93:7f:6a:ec:86:85:c4:
         2a:70:88:9f:17:a9:15:a7:af:3d:e5:6d:a3:32:10:74:dd:79:
         24:10:e3:5f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ2zDVpXCbN6vDHJ8AD8wd6+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNDIyMDIzODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQ4ODFlOWNiMmQ1MTFjMWFkYjU2NzU1ZGJiMTYyYmM3MGE2ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdaDEqeKr8cNFadxt/mYGeoZuhuE
2eFLCxpRbE4AED9iktBTJkkdizBtoxaVg77EdTrM53AxVGz4WQ5YrYGUyvSUFkRP
hpbPJdg918Lzec5s4gDBIZQTsO/vresPFP4XSkneFAFk0jL5EDgjHVmHoyIRLbGg
XwnBiEcOOK70w5DxzRyGuElLpN2TElEkfw6dTj9MrslaQH4PPv7XIhamKY0Ll9VX
vjAtbbLxXyvw2Aqu9U35ZxZ2Du56RWSYXiyyXpUz+6RLvD2Cn8t1nft4m6XpmPHO
4v9u6o7WSLmvAMCaqdIjuEH4FepG6Ko4AH0Q1FhyqglEOAsznua0h4R6NQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFApIgenLLVEcGttWdV27FivHCm2QMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvQ2tpQjZjc3RVUndhMjFaMVhic1dLOGNLYlpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwQUw
DQYJKoZIhvcNAQELBQADggEBANNJ6xlFvExpeo/YTFXDryL0fQAIXa0XYwy4czys
COtP6baQGtMVGHM+CcLx0VncYMbqdczNlQzEa4Rd+AjA2KjMMRrOh5SEQV1SZ09u
kFGnyEref4u+38c7+iKFFOFTb0QrXkBxE37FE7YnqQaHzxuzRKUY2nH1dXtoxJIk
sj1UE8hX/lOagmyttyzGNjrfm0E4ECnQYN+ulFoj/mqgp0LiETPARsQXk7j6gJVG
jDaNlWIwee47sb2hFD4ulOkuyD3oDKB7AIclBwOrhQ4MkViqIyHJVR6xn+YzWr7k
FkVN0zQrk39q7IaFxCpwiJ8XqRWnrz3lbaMyEHTdeSQQ418=
-----END CERTIFICATE-----