Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/RValACi-UYrsL-Opn_uzRdDHQcI.roa
File:                     RValACi-UYrsL-Opn_uzRdDHQcI.roa (raw, json)
Hash identifier:          f6TXKBKr3x8Kf1OUW9IQ6v092jR5paxszT+WUbeiuAI=
Subject key identifier:   45:56:A5:00:28:BE:51:8A:EC:2F:E3:A9:9F:FB:B3:45:D0:C7:41:C2
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019E8BCA06EDC56F83031121641828BAA71B
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/RValACi-UYrsL-Opn_uzRdDHQcI.roa
Signing time:             Wed 03 Jun 2026 04:42:13 +0000
ROA not before:           Wed 03 Jun 2026 04:42:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197127
IP address blocks:        2a14:67c3:ff0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 06 Jun 2026 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8b:ca:06:ed:c5:6f:83:03:11:21:64:18:28:ba:a7:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jun  3 04:42:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4556a50028be518aec2fe3a99ffbb345d0c741c2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:fe:af:41:2c:89:64:2c:a4:7e:a0:54:55:2f:
                    7e:d6:00:a8:5c:b9:78:10:60:2b:fe:50:53:a1:b5:
                    93:13:d9:d2:0b:1a:ce:48:30:29:ba:a9:e0:de:18:
                    10:03:2c:01:98:61:69:10:61:43:e0:b2:fa:18:99:
                    69:e6:45:94:28:12:b5:c8:3b:4c:72:e4:3a:e8:b4:
                    59:ab:43:9c:d5:11:34:6d:3b:a0:1f:ec:0d:a9:8e:
                    b1:d7:a6:86:a4:2f:27:57:d6:f4:16:fe:d1:9b:2c:
                    ad:00:2e:3e:57:09:7c:ba:7b:8a:c2:ee:dc:33:21:
                    c4:4d:ec:9d:b0:2f:94:5b:3e:ab:b7:14:e8:11:0d:
                    5e:5d:9f:f7:02:e5:c7:76:8b:e8:55:a1:05:c1:97:
                    59:09:03:99:a3:e8:35:24:16:de:e7:cf:a3:44:25:
                    68:91:86:35:4e:ab:62:cf:0d:4b:db:21:70:3a:65:
                    5b:39:94:67:76:b2:9d:e9:ff:af:38:a6:d8:6d:c4:
                    c4:1b:a8:99:e2:7e:ea:91:a1:e4:08:92:a5:46:60:
                    34:cb:65:39:be:bf:8d:41:0e:b9:72:1a:57:64:68:
                    ef:79:39:9d:87:36:53:8c:56:2c:bb:76:7d:08:cb:
                    35:e4:2c:21:22:a8:3c:e5:f1:d9:ef:59:b9:50:2f:
                    f6:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:56:A5:00:28:BE:51:8A:EC:2F:E3:A9:9F:FB:B3:45:D0:C7:41:C2
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/RValACi-UYrsL-Opn_uzRdDHQcI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:ff0::/44

    Signature Algorithm: sha256WithRSAEncryption
         5a:57:4f:08:52:15:0d:f1:20:42:17:2b:cb:74:91:5c:4d:8b:
         5a:96:77:00:ad:12:95:1d:61:a8:9c:e3:b4:c5:4f:9c:99:49:
         c2:56:8c:3e:5c:4f:a0:f4:77:82:3a:c1:e7:4b:0d:93:d7:0f:
         93:74:b7:f1:4e:fc:6a:b0:3e:9b:ee:6f:a3:be:e1:60:59:f3:
         31:7f:d4:2a:8e:7c:4b:e9:ba:f1:8b:41:af:56:41:87:c5:42:
         89:15:b2:1a:f2:11:0f:79:50:ae:55:d7:3d:98:e8:dd:2b:64:
         dd:3e:a6:94:5e:ca:65:b5:c9:07:bc:31:99:5d:8a:fe:0e:fa:
         07:f6:7f:b7:c3:b7:87:27:1b:c9:d5:65:94:f1:4c:eb:58:5f:
         3e:19:c1:ed:0b:da:1a:32:33:87:68:77:c5:56:a5:29:66:35:
         4b:4b:08:58:8a:e3:60:af:3a:8f:60:36:61:52:c8:2d:17:26:
         a0:67:e2:f3:cb:29:25:ed:e9:2c:f6:f1:54:b4:c6:20:01:a9:
         5d:e9:6e:3d:14:c1:45:60:1b:5c:4a:f3:f0:14:52:0d:63:ff:
         a6:02:af:bd:a5:86:bf:f0:d2:f1:22:97:94:f1:29:1b:d1:93:
         ba:05:ed:dc:c6:fe:e5:5b:35:33:18:83:cb:b6:8c:81:be:c2:
         ab:d7:83:d7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6LygbtxW+DAxEhZBgouqcbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNjAzMDQ0MjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTU2YTUwMDI4YmU1MThhZWMyZmUzYTk5ZmZiYjM0NWQwYzc0MWMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4v6vQSyJZCykfqBUVS9+1gCoXLl4
EGAr/lBTobWTE9nSCxrOSDApuqng3hgQAywBmGFpEGFD4LL6GJlp5kWUKBK1yDtM
cuQ66LRZq0Oc1RE0bTugH+wNqY6x16aGpC8nV9b0Fv7RmyytAC4+Vwl8unuKwu7c
MyHETeydsC+UWz6rtxToEQ1eXZ/3AuXHdovoVaEFwZdZCQOZo+g1JBbe58+jRCVo
kYY1Tqtizw1L2yFwOmVbOZRndrKd6f+vOKbYbcTEG6iZ4n7qkaHkCJKlRmA0y2U5
vr+NQQ65chpXZGjveTmdhzZTjFYsu3Z9CMs15CwhIqg85fHZ71m5UC/2BwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEVWpQAovlGK7C/jqZ/7s0XQx0HCMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvUlZhbEFDaS1VWXJzTC1PcG5fdXpSZERIUWNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnww/w
MA0GCSqGSIb3DQEBCwUAA4IBAQBaV08IUhUN8SBCFyvLdJFcTYtalncArRKVHWGo
nOO0xU+cmUnCVow+XE+g9HeCOsHnSw2T1w+TdLfxTvxqsD6b7m+jvuFgWfMxf9Qq
jnxL6brxi0GvVkGHxUKJFbIa8hEPeVCuVdc9mOjdK2TdPqaUXspltckHvDGZXYr+
DvoH9n+3w7eHJxvJ1WWU8UzrWF8+GcHtC9oaMjOHaHfFVqUpZjVLSwhYiuNgrzqP
YDZhUsgtFyagZ+Lzyykl7eks9vFUtMYgAald6W49FMFFYBtcSvPwFFINY/+mAq+9
pYa/8NLxIpeU8Skb0ZO6Be3cxv7lWzUzGIPLtoyBvsKr14PX
-----END CERTIFICATE-----