Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/DtO0l2KObxn2SgMsufr987Iu-1Q.roa
File:                     DtO0l2KObxn2SgMsufr987Iu-1Q.roa (raw, json)
Hash identifier:          HcrzvLcKRWzsqIifK8x0aDu1R3NXhKAokO9wLJS3yek=
Subject key identifier:   0E:D3:B4:97:62:8E:6F:19:F6:4A:03:2C:B9:FA:FD:F3:B2:2E:FB:54
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0190C70BC06CDB6AFFE84C1A393DF071221A
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/DtO0l2KObxn2SgMsufr987Iu-1Q.roa
Signing time:             Thu 18 Jul 2024 18:12:34 +0000
ROA not before:           Thu 18 Jul 2024 18:12:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214512
IP address blocks:        2a14:67c1:10::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c7:0b:c0:6c:db:6a:ff:e8:4c:1a:39:3d:f0:71:22:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jul 18 18:12:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ed3b497628e6f19f64a032cb9fafdf3b22efb54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:63:e7:05:ba:b2:ec:83:40:2d:68:7f:65:45:
                    31:2a:0c:a9:e8:6b:b9:2e:b6:bf:3d:75:98:b2:63:
                    3d:e4:11:d6:98:59:2c:82:f7:97:7b:49:83:2b:ff:
                    0e:b3:e1:d7:de:6c:94:da:1a:50:27:ff:cd:ae:9f:
                    4b:86:6c:7c:72:11:d7:b6:29:cd:cc:fa:d7:fa:c9:
                    ef:c1:0d:b2:8f:5d:ca:c2:f2:80:55:71:1c:08:88:
                    56:79:ac:bc:e5:46:bf:c7:48:f6:35:6b:8b:50:de:
                    8a:f4:2c:35:4d:a4:61:65:95:ba:f8:20:72:72:1a:
                    bc:15:c9:83:da:a6:e5:e3:96:3f:52:b1:87:24:71:
                    6f:ad:01:e7:ba:da:6a:6f:a4:a2:42:aa:72:0d:b5:
                    dd:12:cf:22:ab:1e:20:c6:8d:46:41:35:b9:9a:58:
                    a0:b3:82:97:51:63:7e:85:b3:e7:59:07:e6:3d:b3:
                    97:a9:69:ff:4b:0b:71:ff:5a:b1:2b:b9:4f:b7:ce:
                    8e:ee:a5:c8:ee:f5:8f:9f:26:3c:72:28:a8:40:c0:
                    71:53:7b:7d:d6:5d:bb:c3:a0:fd:89:d8:c2:83:64:
                    46:cb:c6:bb:90:0d:7b:4f:1c:de:f7:d3:de:a7:51:
                    6f:0b:81:ef:5a:4d:ef:3c:70:79:e4:7f:6b:7b:ec:
                    f9:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:D3:B4:97:62:8E:6F:19:F6:4A:03:2C:B9:FA:FD:F3:B2:2E:FB:54
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/DtO0l2KObxn2SgMsufr987Iu-1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         a3:05:9d:bf:df:58:b0:38:48:3b:a0:68:de:a3:a2:fa:46:ed:
         4b:be:60:db:9f:71:a2:2f:d4:14:7f:4b:d8:85:53:15:84:2f:
         35:f5:03:df:4e:2f:ee:03:f5:53:6a:34:a5:4f:5e:38:d2:38:
         3b:65:2c:be:86:58:35:e3:43:26:8b:76:35:fe:5c:ec:dd:93:
         5b:fa:88:0d:4e:f9:b8:9b:33:df:19:f1:81:5a:fd:0b:f8:29:
         27:cb:d6:92:ad:f5:f6:23:55:28:27:fd:9e:0a:e8:38:6f:5a:
         85:d4:33:d3:66:c7:91:81:4b:2e:f2:7f:4b:bf:58:1b:39:82:
         69:9a:02:f9:b0:17:55:cf:a2:a5:b5:84:9c:c8:45:ef:ec:dc:
         d8:80:c0:c9:0b:a4:cc:ee:94:b4:02:8b:81:dd:f1:d2:2c:17:
         b9:84:f3:dd:25:70:e4:10:39:71:f0:e1:28:18:87:56:3f:6a:
         a3:65:e0:54:6a:26:94:b2:c4:fc:77:4e:b7:cb:d4:c0:23:d0:
         72:a7:18:5b:08:5f:63:bd:57:20:55:5c:53:1c:9f:71:e6:e0:
         f5:7a:e7:09:ac:f4:85:a6:18:c6:7a:6a:90:90:a3:2a:1a:d0:
         68:6c:0f:7a:cf:89:8b:98:f7:df:63:df:98:05:36:08:32:84:
         bb:68:6f:14
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZDHC8Bs22r/6EwaOT3wcSIaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQwNzE4MTgxMjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWQzYjQ5NzYyOGU2ZjE5ZjY0YTAzMmNiOWZhZmRmM2IyMmVmYjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2mPnBbqy7INALWh/ZUUxKgyp6Gu5
Lra/PXWYsmM95BHWmFksgveXe0mDK/8Os+HX3myU2hpQJ//Nrp9Lhmx8chHXtinN
zPrX+snvwQ2yj13KwvKAVXEcCIhWeay85Ua/x0j2NWuLUN6K9Cw1TaRhZZW6+CBy
chq8FcmD2qbl45Y/UrGHJHFvrQHnutpqb6SiQqpyDbXdEs8iqx4gxo1GQTW5mlig
s4KXUWN+hbPnWQfmPbOXqWn/Swtx/1qxK7lPt86O7qXI7vWPnyY8ciioQMBxU3t9
1l27w6D9idjCg2RGy8a7kA17Txze99Pep1FvC4HvWk3vPHB55H9re+z5twIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFA7TtJdijm8Z9koDLLn6/fOyLvtUMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvRHRPMGwyS09ieG4yU2dNc3Vmcjk4N0l1LTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwQAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCjBZ2/31iwOEg7oGjeo6L6Ru1LvmDbn3GiL9QU
f0vYhVMVhC819QPfTi/uA/VTajSlT1440jg7ZSy+hlg140Mmi3Y1/lzs3ZNb+ogN
Tvm4mzPfGfGBWv0L+Ckny9aSrfX2I1UoJ/2eCug4b1qF1DPTZseRgUsu8n9Lv1gb
OYJpmgL5sBdVz6KltYScyEXv7NzYgMDJC6TM7pS0AouB3fHSLBe5hPPdJXDkEDlx
8OEoGIdWP2qjZeBUaiaUssT8d063y9TAI9BypxhbCF9jvVcgVVxTHJ9x5uD1eucJ
rPSFphjGemqQkKMqGtBobA96z4mLmPffY9+YBTYIMoS7aG8U
-----END CERTIFICATE-----