Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/TltYSS4ISDYt9-KUDP1Vj6VxvVk.roa
File:                     TltYSS4ISDYt9-KUDP1Vj6VxvVk.roa (raw, json)
Hash identifier:          8JcOjfOJJsU6570PaqojejoP0nfqEYH6Y+crJU4gz7E=
Subject key identifier:   4E:5B:58:49:2E:08:48:36:2D:F7:E2:94:0C:FD:55:8F:A5:71:BD:59
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01963F0BF5851E63151CA8624E0C3744E458
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/TltYSS4ISDYt9-KUDP1Vj6VxvVk.roa
Signing time:             Wed 16 Apr 2025 14:41:10 +0000
ROA not before:           Wed 16 Apr 2025 14:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210352
IP address blocks:        2a14:67c1:a068::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3f:0b:f5:85:1e:63:15:1c:a8:62:4e:0c:37:44:e4:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 16 14:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e5b58492e0848362df7e2940cfd558fa571bd59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b4:a1:70:e2:94:83:8c:b4:df:09:26:f4:94:
                    93:dc:ab:9c:f2:0b:3c:fb:b5:99:8b:f3:6c:93:97:
                    9c:02:c1:34:3f:93:ab:e6:bf:13:b7:da:11:65:90:
                    98:d2:28:73:e6:ef:63:c6:61:71:86:44:88:60:c8:
                    36:78:12:ef:95:81:52:43:0a:e5:57:92:6f:b0:7f:
                    2c:b1:da:34:83:fb:bd:27:87:6b:f6:c9:67:a7:bf:
                    87:70:42:25:17:27:e9:45:45:64:5d:fd:c9:d7:b6:
                    ee:58:4f:52:7e:4b:8c:3b:cd:76:32:db:6a:02:90:
                    99:60:79:65:53:b1:7b:f3:73:80:68:ae:54:c5:af:
                    94:f2:47:ca:35:9e:96:0a:ff:d2:23:b0:c5:02:c1:
                    94:89:1b:4c:8b:e5:00:46:0f:c4:d8:a5:b3:a6:12:
                    6e:d5:cb:4a:f2:00:b3:62:27:44:b0:70:b7:65:e1:
                    76:34:16:1b:71:df:de:6e:19:a0:67:b6:ba:42:55:
                    29:00:d6:b6:63:40:a4:d2:b9:2c:f2:74:ca:1c:1e:
                    cf:e8:5e:6c:fc:c2:49:56:7b:31:36:a8:4a:78:7d:
                    e4:5a:9c:b4:56:a7:55:93:b9:b1:c1:16:83:73:9c:
                    d6:db:5a:f0:a3:93:54:28:de:09:67:5c:19:73:d4:
                    d5:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:5B:58:49:2E:08:48:36:2D:F7:E2:94:0C:FD:55:8F:A5:71:BD:59
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/TltYSS4ISDYt9-KUDP1Vj6VxvVk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a068::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:77:58:e7:6d:14:b8:f8:f9:e9:6a:c6:cf:95:ac:e9:8a:58:
         80:68:8e:cc:47:dc:e4:fd:e1:dc:8a:06:a6:48:ea:7b:3f:7a:
         70:05:e6:0a:86:58:a3:c2:3c:81:19:be:0b:17:f9:6e:2e:b8:
         d4:46:5f:6c:d4:5d:24:b5:35:46:14:e7:96:fa:cd:6c:f1:33:
         30:f6:d2:f5:a5:c8:27:e0:e3:8a:79:f4:5c:c0:86:45:bc:02:
         c6:51:04:9d:af:24:02:7e:3e:a2:12:49:d3:ea:83:d2:73:d6:
         2f:0b:11:79:a3:01:ff:cd:2c:eb:71:e2:68:31:58:c3:7f:b3:
         13:78:a7:87:1b:a4:de:e9:79:5a:9e:9c:07:3b:1c:04:ea:8d:
         77:4c:c9:96:86:67:a8:bc:d6:af:7f:66:3f:3a:8f:5e:85:c4:
         32:a9:7b:90:6e:85:4c:b5:1a:83:85:d7:ff:a5:f7:cb:23:28:
         37:02:57:97:c1:bc:34:be:a9:d3:65:49:7e:96:cb:a1:36:55:
         22:82:fa:39:34:b2:5c:5d:df:dc:8f:9a:9c:7d:ec:bf:2a:34:
         d5:d1:6b:1f:98:eb:24:21:ab:bc:b0:e7:46:9e:b3:a4:4f:65:
         b6:de:6f:40:10:af:18:89:d3:bc:ac:67:70:bb:3d:74:e9:1d:
         f2:7e:51:f9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZY/C/WFHmMVHKhiTgw3RORYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNDE2MTQ0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTViNTg0OTJlMDg0ODM2MmRmN2UyOTQwY2ZkNTU4ZmE1NzFiZDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLShcOKUg4y03wkm9JST3Kuc8gs8
+7WZi/Nsk5ecAsE0P5Or5r8Tt9oRZZCY0ihz5u9jxmFxhkSIYMg2eBLvlYFSQwrl
V5JvsH8ssdo0g/u9J4dr9slnp7+HcEIlFyfpRUVkXf3J17buWE9SfkuMO812Mttq
ApCZYHllU7F783OAaK5Uxa+U8kfKNZ6WCv/SI7DFAsGUiRtMi+UARg/E2KWzphJu
1ctK8gCzYidEsHC3ZeF2NBYbcd/ebhmgZ7a6QlUpANa2Y0Ck0rks8nTKHB7P6F5s
/MJJVnsxNqhKeH3kWpy0VqdVk7mxwRaDc5zW21rwo5NUKN4JZ1wZc9TVkQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE5bWEkuCEg2LffilAz9VY+lcb1ZMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvVGx0WVNTNElTRFl0OS1LVURQMVZqNlZ4dlZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwaBo
MA0GCSqGSIb3DQEBCwUAA4IBAQAud1jnbRS4+PnpasbPlazpiliAaI7MR9zk/eHc
igamSOp7P3pwBeYKhlijwjyBGb4LF/luLrjURl9s1F0ktTVGFOeW+s1s8TMw9tL1
pcgn4OOKefRcwIZFvALGUQSdryQCfj6iEknT6oPSc9YvCxF5owH/zSzrceJoMVjD
f7MTeKeHG6Te6XlanpwHOxwE6o13TMmWhmeovNavf2Y/Oo9ehcQyqXuQboVMtRqD
hdf/pffLIyg3AleXwbw0vqnTZUl+lsuhNlUigvo5NLJcXd/cj5qcfey/KjTV0Wsf
mOskIau8sOdGnrOkT2W23m9AEK8YidO8rGdwuz106R3yflH5
-----END CERTIFICATE-----