Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Gz49836kxdXbgQePsF07nE9PRB4.roa
File:                     Gz49836kxdXbgQePsF07nE9PRB4.roa (raw, json)
Hash identifier:          4vUZTWU3XRMjaw4vttsA3R2d/EkWVrPN6WbfnrSIDjk=
Subject key identifier:   1B:3E:3D:F3:7E:A4:C5:D5:DB:81:07:8F:B0:5D:3B:9C:4F:4F:44:1E
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019276D2AFDB96A72AC392886F1CAAD9EAA8
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Gz49836kxdXbgQePsF07nE9PRB4.roa
Signing time:             Thu 10 Oct 2024 14:26:11 +0000
ROA not before:           Thu 10 Oct 2024 14:26:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214055
IP address blocks:        2a14:67c1:300::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:76:d2:af:db:96:a7:2a:c3:92:88:6f:1c:aa:d9:ea:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Oct 10 14:26:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b3e3df37ea4c5d5db81078fb05d3b9c4f4f441e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:43:77:8a:19:4c:da:a6:20:50:be:fe:f8:73:
                    b8:52:5b:ec:d1:73:0d:fb:c8:29:0a:06:ec:06:89:
                    76:00:ed:96:ee:9e:68:4f:d0:f6:46:2d:bb:8f:ed:
                    63:7a:16:f5:9d:f1:62:0e:d5:4b:18:72:aa:b2:4a:
                    7d:85:26:65:80:43:74:56:c7:af:e5:50:53:8e:13:
                    e3:65:b1:a9:1a:b8:9e:58:bc:ff:6b:2d:c0:9f:e8:
                    66:aa:bd:4e:b5:ac:c0:71:2f:b3:5d:5d:9c:26:93:
                    57:0e:b3:e6:62:d3:92:f2:2c:55:af:6d:76:f1:80:
                    01:2f:46:ce:5c:cb:b3:fb:10:40:3a:1a:b2:21:d7:
                    2e:c8:8e:20:f9:f5:00:4a:b0:da:b1:49:b9:e9:0d:
                    f4:28:7a:81:e0:d4:95:c9:99:60:e1:09:91:4e:c2:
                    e1:35:d2:18:ee:8d:4e:cd:e0:ae:76:04:64:af:8c:
                    54:5e:c8:c2:da:34:ad:ee:e4:b2:45:43:0b:3d:23:
                    33:7f:fa:3a:dc:26:56:b9:90:b7:04:b3:30:d6:86:
                    d0:75:ed:b3:b2:37:16:5a:19:7f:40:d3:ed:8e:b2:
                    99:ea:fa:75:8b:f2:2d:26:9e:ce:cb:1b:29:df:96:
                    ea:cc:7e:d9:39:1b:08:aa:30:5a:75:5c:bc:59:e4:
                    ba:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:3E:3D:F3:7E:A4:C5:D5:DB:81:07:8F:B0:5D:3B:9C:4F:4F:44:1E
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Gz49836kxdXbgQePsF07nE9PRB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:36:a5:c5:eb:8f:6d:e0:c1:cb:fe:e4:ff:fc:07:5f:66:48:
         18:9f:e4:31:bc:be:d3:d1:2f:6f:00:c7:52:13:45:bc:34:22:
         fc:d4:87:6b:63:d6:39:0b:a0:f3:b2:0a:59:69:22:06:4e:0d:
         51:bf:da:2d:e6:b8:b7:47:31:4a:7f:d0:80:11:7a:79:b8:1e:
         7c:be:1e:2f:7d:82:0a:3e:8d:99:db:9f:96:64:ec:81:12:74:
         dd:e5:98:a2:8a:aa:43:b7:38:1d:f2:a6:04:09:9b:35:ce:a9:
         65:bb:cb:0d:01:06:e5:a5:92:1a:13:f7:b9:54:1c:40:73:63:
         35:41:68:12:b4:66:11:6a:01:8d:b2:95:78:66:d7:ab:34:fa:
         02:04:3c:7e:0a:1d:98:04:a6:3e:b3:21:f6:16:d4:75:0c:78:
         1f:b4:61:eb:84:b1:84:5a:53:ab:c2:75:13:83:1d:23:31:da:
         7f:08:fb:00:7c:bd:f4:98:32:90:47:e0:96:6f:b4:83:a0:de:
         77:2d:b7:b3:42:0b:d0:b9:f2:80:61:f7:df:be:c4:fc:d2:ee:
         32:2e:a0:e9:09:43:2b:40:be:1c:74:31:e1:28:80:8f:da:94:
         d8:bf:17:a4:48:30:7c:72:bf:f0:e6:32:5a:1d:bd:e9:56:78:
         1b:3c:40:ff
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZJ20q/blqcqw5KIbxyq2eqoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQxMDEwMTQyNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjNlM2RmMzdlYTRjNWQ1ZGI4MTA3OGZiMDVkM2I5YzRmNGY0NDFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkN3ihlM2qYgUL7++HO4Ulvs0XMN
+8gpCgbsBol2AO2W7p5oT9D2Ri27j+1jehb1nfFiDtVLGHKqskp9hSZlgEN0Vsev
5VBTjhPjZbGpGrieWLz/ay3An+hmqr1OtazAcS+zXV2cJpNXDrPmYtOS8ixVr212
8YABL0bOXMuz+xBAOhqyIdcuyI4g+fUASrDasUm56Q30KHqB4NSVyZlg4QmRTsLh
NdIY7o1OzeCudgRkr4xUXsjC2jSt7uSyRUMLPSMzf/o63CZWuZC3BLMw1obQde2z
sjcWWhl/QNPtjrKZ6vp1i/ItJp7Oyxsp35bqzH7ZORsIqjBadVy8WeS60QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBs+PfN+pMXV24EHj7BdO5xPT0QeMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvR3o0OTgzNmt4ZFhiZ1FlUHNGMDduRTlQUkI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwQMw
DQYJKoZIhvcNAQELBQADggEBALE2pcXrj23gwcv+5P/8B19mSBif5DG8vtPRL28A
x1ITRbw0IvzUh2tj1jkLoPOyCllpIgZODVG/2i3muLdHMUp/0IARenm4Hny+Hi99
ggo+jZnbn5Zk7IESdN3lmKKKqkO3OB3ypgQJmzXOqWW7yw0BBuWlkhoT97lUHEBz
YzVBaBK0ZhFqAY2ylXhm16s0+gIEPH4KHZgEpj6zIfYW1HUMeB+0YeuEsYRaU6vC
dRODHSMx2n8I+wB8vfSYMpBH4JZvtIOg3nctt7NCC9C58oBh99++xPzS7jIuoOkJ
QytAvhx0MeEogI/alNi/F6RIMHxyv/DmMlodvelWeBs8QP8=
-----END CERTIFICATE-----