Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/XOgtYYEpZxD-3_-uy7vtgcIK3_A.roa
File:                     XOgtYYEpZxD-3_-uy7vtgcIK3_A.roa (raw, json)
Hash identifier:          x3cQde5PSIvbgaMAuXTUCB1xDFM2RVZJZ4pk25VT+jI=
Subject key identifier:   5C:E8:2D:61:81:29:67:10:FE:DF:FF:AE:CB:BB:ED:81:C2:0A:DF:F0
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019CC3B15ECFEA53591763F6D3B6B3019824
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/XOgtYYEpZxD-3_-uy7vtgcIK3_A.roa
Signing time:             Fri 06 Mar 2026 15:08:27 +0000
ROA not before:           Fri 06 Mar 2026 15:08:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215760
IP address blocks:        2a14:67c2:f00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 06:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:b1:5e:cf:ea:53:59:17:63:f6:d3:b6:b3:01:98:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Mar  6 15:08:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5ce82d6181296710fedfffaecbbbed81c20adff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:ed:ce:c5:a7:f2:ec:29:10:39:d0:bf:34:84:
                    a4:a5:71:de:3c:85:cf:fa:6d:4e:04:aa:70:0c:1f:
                    b2:ad:59:1d:1b:ac:a5:2d:33:66:ea:c4:73:2c:d2:
                    32:a2:53:75:a5:03:dd:9d:e2:a2:2c:68:61:d1:a7:
                    85:4f:5e:4b:8f:99:29:e5:55:fc:c4:b6:03:a4:5e:
                    26:b0:5c:e4:dc:23:01:be:89:f7:a3:0c:be:2d:7a:
                    27:2b:9b:7c:d5:b9:b3:d3:e7:ee:1a:48:71:20:3c:
                    51:74:d5:fa:0f:29:6d:96:93:a8:b6:d8:7c:4f:ce:
                    df:02:fa:f4:08:14:ad:44:f7:46:92:30:47:13:b5:
                    02:56:42:1d:d1:ca:85:c4:1c:71:1a:58:aa:aa:1d:
                    4c:ea:91:43:a5:78:af:7a:f2:bb:32:44:37:88:64:
                    92:e9:9e:0d:85:ae:30:32:55:26:c1:d3:48:b1:7e:
                    05:a7:09:64:26:09:c1:12:ed:20:0b:59:cd:2c:3e:
                    ef:75:17:99:68:e2:ea:35:6a:cc:42:4b:18:97:eb:
                    31:94:7a:0c:60:a8:39:de:36:1d:13:cf:d5:3b:bb:
                    c0:4a:01:47:9c:5b:cd:68:f7:fe:04:b2:bf:2f:21:
                    f5:2f:be:54:9e:22:da:7b:85:77:85:aa:c4:72:04:
                    39:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:E8:2D:61:81:29:67:10:FE:DF:FF:AE:CB:BB:ED:81:C2:0A:DF:F0
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/XOgtYYEpZxD-3_-uy7vtgcIK3_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c2:f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         b2:c3:45:c0:6c:ce:e4:fc:1f:46:d9:a0:db:9c:a6:fd:04:eb:
         cc:7f:b8:ed:ea:b2:ea:de:9b:ee:e2:fd:ab:47:12:f2:71:de:
         27:f8:bb:19:3c:aa:e7:96:c5:ed:d6:24:f9:93:63:78:73:b8:
         4a:47:fc:fb:49:7e:dd:8b:6b:6f:94:9c:11:98:f8:32:f0:3e:
         d6:00:00:f5:c0:81:81:a9:71:44:52:0d:cd:43:29:50:aa:05:
         69:31:da:4d:e4:3f:b4:fd:44:be:af:fd:0e:f7:9d:43:33:8f:
         4f:8b:d6:87:c7:74:66:ac:67:b9:28:35:06:30:fa:a5:45:8e:
         06:66:de:07:46:3e:1f:f5:bb:1b:b0:ca:a5:24:df:c1:f6:67:
         8b:12:ac:9e:ca:9c:34:1c:e7:42:48:0c:ca:a7:f7:86:e0:f9:
         aa:4a:3f:a5:4f:63:31:fc:98:fc:96:b9:50:77:e1:ee:00:86:
         2d:0c:da:26:76:fe:cf:cf:ca:66:c7:ac:60:ed:64:fa:2f:3e:
         1f:ee:1e:f8:48:fd:42:b8:d2:7f:38:d6:72:1e:9e:4f:a0:d1:
         8c:f9:ca:16:aa:60:1b:c5:c6:6d:41:d7:b1:28:0d:a6:c1:30:
         0e:d4:9d:52:87:34:65:6f:c2:bd:18:ac:f1:1d:9a:0d:b3:9b:
         c9:40:bd:3e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZzDsV7P6lNZF2P207azAZgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMzA2MTUwODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2U4MmQ2MTgxMjk2NzEwZmVkZmZmYWVjYmJiZWQ4MWMyMGFkZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApO3Oxafy7CkQOdC/NISkpXHePIXP
+m1OBKpwDB+yrVkdG6ylLTNm6sRzLNIyolN1pQPdneKiLGhh0aeFT15Lj5kp5VX8
xLYDpF4msFzk3CMBvon3owy+LXonK5t81bmz0+fuGkhxIDxRdNX6DyltlpOotth8
T87fAvr0CBStRPdGkjBHE7UCVkId0cqFxBxxGliqqh1M6pFDpXivevK7MkQ3iGSS
6Z4Nha4wMlUmwdNIsX4FpwlkJgnBEu0gC1nNLD7vdReZaOLqNWrMQksYl+sxlHoM
YKg53jYdE8/VO7vASgFHnFvNaPf+BLK/LyH1L75UniLae4V3harEcgQ5SQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFzoLWGBKWcQ/t//rsu77YHCCt/wMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvWE9ndFlZRXBaeEQtM18tdXk3dnRnY0lLM19BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwg8w
DQYJKoZIhvcNAQELBQADggEBALLDRcBszuT8H0bZoNucpv0E68x/uO3qsurem+7i
/atHEvJx3if4uxk8queWxe3WJPmTY3hzuEpH/PtJft2La2+UnBGY+DLwPtYAAPXA
gYGpcURSDc1DKVCqBWkx2k3kP7T9RL6v/Q73nUMzj0+L1ofHdGasZ7koNQYw+qVF
jgZm3gdGPh/1uxuwyqUk38H2Z4sSrJ7KnDQc50JIDMqn94bg+apKP6VPYzH8mPyW
uVB34e4Ahi0M2iZ2/s/PymbHrGDtZPovPh/uHvhI/UK40n841nIenk+g0Yz5yhaq
YBvFxm1B17EoDabBMA7UnVKHNGVvwr0YrPEdmg2zm8lAvT4=
-----END CERTIFICATE-----