Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VWObvOSvF1AXNIIRn3xBmcVBaCA.roa
File:                     VWObvOSvF1AXNIIRn3xBmcVBaCA.roa (raw, json)
Hash identifier:          k2TM3+amiq1VQwMqtDCgTlWYgVGq94+g2GBovKDeCf0=
Subject key identifier:   55:63:9B:BC:E4:AF:17:50:17:34:82:11:9F:7C:41:99:C5:41:68:20
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0195FC689F24C2C3A8D66A9738C441D484E9
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VWObvOSvF1AXNIIRn3xBmcVBaCA.roa
Signing time:             Thu 03 Apr 2025 16:07:49 +0000
ROA not before:           Thu 03 Apr 2025 16:07:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210870
IP address blocks:        2a14:67c1:a070::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:fc:68:9f:24:c2:c3:a8:d6:6a:97:38:c4:41:d4:84:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr  3 16:07:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55639bbce4af1750173482119f7c4199c5416820
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ee:1b:20:5a:67:9f:26:da:1e:55:2a:57:f5:
                    76:1c:f5:fc:ec:4b:64:ef:c2:bd:8e:85:80:2c:5b:
                    69:9e:f9:c9:4b:94:21:8c:86:ac:df:6b:f4:99:a8:
                    55:45:af:76:34:1b:ef:04:87:40:95:b6:24:f6:1f:
                    68:d1:0c:ee:cc:52:88:80:a5:c3:22:e6:04:fb:17:
                    c5:3c:c6:2c:00:1f:87:e8:11:34:35:4b:19:24:5b:
                    f9:ac:da:58:a7:77:00:2d:22:47:2e:f3:79:80:ec:
                    ae:26:a6:79:c6:79:1b:57:c8:6f:8e:06:56:c1:c9:
                    27:fc:c7:b6:5c:7f:28:cd:6a:8e:6e:11:75:67:a5:
                    e8:1a:2d:24:ca:1d:9b:dc:ca:53:14:15:89:e5:85:
                    4d:21:6a:f9:01:9e:27:00:ed:59:e4:84:05:57:3d:
                    7f:fa:90:b8:1d:01:b5:72:d5:83:2a:d5:b6:98:17:
                    5e:c1:41:92:af:6e:06:ba:e5:81:6a:d4:81:a8:19:
                    9a:0f:1b:f3:61:6e:55:63:02:85:be:a8:49:da:7f:
                    65:d6:f2:75:68:c4:95:09:08:80:1b:9e:86:a5:1b:
                    ab:7e:61:e1:33:83:07:84:33:e6:52:d2:0c:f6:eb:
                    0e:cf:64:f0:16:ab:d3:43:e4:4b:12:4a:8b:0c:a8:
                    9a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:63:9B:BC:E4:AF:17:50:17:34:82:11:9F:7C:41:99:C5:41:68:20
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VWObvOSvF1AXNIIRn3xBmcVBaCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a070::/44

    Signature Algorithm: sha256WithRSAEncryption
         5c:42:e3:04:c9:8c:fa:e0:34:b7:eb:7f:01:a0:14:cb:fe:a3:
         a4:73:cf:34:f4:d7:eb:84:f6:6d:ad:31:22:52:78:b4:66:14:
         80:cc:ca:ca:7b:4b:40:70:22:2a:80:4b:aa:62:d6:b1:ce:42:
         f5:d7:d8:9f:32:58:e7:b7:f8:bb:de:d3:64:b9:f4:16:19:86:
         f6:10:2f:4d:e6:82:2b:32:d8:06:96:9a:a3:35:1f:62:5d:17:
         f3:59:d0:59:bc:8f:45:f4:60:95:ae:bb:fd:18:6f:90:33:2f:
         ed:d8:bf:5d:a0:fc:1f:ea:95:77:fc:b1:1a:0b:e9:7f:07:4a:
         df:55:e9:34:50:29:09:58:fe:85:ff:f0:4d:62:1f:22:37:fd:
         37:b5:d6:e0:38:69:0e:ca:73:b5:f6:25:4b:2f:af:3a:c2:22:
         5a:97:69:f1:2c:e7:6a:00:71:de:35:8c:c9:09:d0:3c:aa:18:
         de:a2:7b:04:c7:af:61:5a:27:74:a3:41:b5:dc:6e:cc:0f:b5:
         67:84:b4:c4:44:b8:58:9c:cd:08:f7:da:4b:c4:4e:78:0a:67:
         b9:e0:5b:b7:8a:0a:2e:f4:f8:d1:ad:3f:94:d0:0b:ca:9c:32:
         b5:18:f3:75:39:75:9c:92:f3:3d:a7:22:87:e8:ba:aa:47:17:
         c5:6a:ef:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZX8aJ8kwsOo1mqXOMRB1ITpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNDAzMTYwNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NTYzOWJiY2U0YWYxNzUwMTczNDgyMTE5ZjdjNDE5OWM1NDE2ODIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne4bIFpnnybaHlUqV/V2HPX87Etk
78K9joWALFtpnvnJS5QhjIas32v0mahVRa92NBvvBIdAlbYk9h9o0QzuzFKIgKXD
IuYE+xfFPMYsAB+H6BE0NUsZJFv5rNpYp3cALSJHLvN5gOyuJqZ5xnkbV8hvjgZW
wckn/Me2XH8ozWqObhF1Z6XoGi0kyh2b3MpTFBWJ5YVNIWr5AZ4nAO1Z5IQFVz1/
+pC4HQG1ctWDKtW2mBdewUGSr24GuuWBatSBqBmaDxvzYW5VYwKFvqhJ2n9l1vJ1
aMSVCQiAG56GpRurfmHhM4MHhDPmUtIM9usOz2TwFqvTQ+RLEkqLDKiaAwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFVjm7zkrxdQFzSCEZ98QZnFQWggMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvVldPYnZPU3ZGMUFYTklJUm4zeEJtY1ZCYUNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwaBw
MA0GCSqGSIb3DQEBCwUAA4IBAQBcQuMEyYz64DS3638BoBTL/qOkc8809NfrhPZt
rTEiUni0ZhSAzMrKe0tAcCIqgEuqYtaxzkL119ifMljnt/i73tNkufQWGYb2EC9N
5oIrMtgGlpqjNR9iXRfzWdBZvI9F9GCVrrv9GG+QMy/t2L9doPwf6pV3/LEaC+l/
B0rfVek0UCkJWP6F//BNYh8iN/03tdbgOGkOynO19iVLL686wiJal2nxLOdqAHHe
NYzJCdA8qhjeonsEx69hWid0o0G13G7MD7VnhLTERLhYnM0I99pLxE54Cme54Fu3
igou9PjRrT+U0AvKnDK1GPN1OXWckvM9pyKH6LqqRxfFau/u
-----END CERTIFICATE-----