Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/YFxddygUikKQiNSXC2e7ZBdEpq8.roa
File:                     YFxddygUikKQiNSXC2e7ZBdEpq8.roa (raw, json)
Hash identifier:          ybYoM7YM2Lb4n8uP3Q9yk/4t0Kyy+v46MHWIKSiPzWg=
Subject key identifier:   60:5C:5D:77:28:14:8A:42:90:88:D4:97:0B:67:BB:64:17:44:A6:AF
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019E5F1ADF2D5DAD0132B8265337C4131E4A
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/YFxddygUikKQiNSXC2e7ZBdEpq8.roa
Signing time:             Mon 25 May 2026 12:27:37 +0000
ROA not before:           Mon 25 May 2026 12:27:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199592
IP address blocks:        2a14:67c1:500::/40 maxlen: 48
                          2a14:67c1:600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5f:1a:df:2d:5d:ad:01:32:b8:26:53:37:c4:13:1e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: May 25 12:27:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=605c5d7728148a429088d4970b67bb641744a6af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:1c:20:60:ed:33:75:49:c3:d9:5a:5d:d5:80:
                    c3:38:54:ad:ef:3b:4b:21:46:5b:aa:5f:dd:2f:ab:
                    79:40:c2:e3:60:bb:34:27:d8:9e:5c:b6:d5:da:7d:
                    26:81:6c:0e:39:c7:8b:69:f2:d8:25:42:1e:2e:de:
                    ca:6d:57:51:29:04:9a:0c:07:ae:a0:d5:af:0c:33:
                    24:75:41:31:50:cc:75:11:43:c6:f3:12:31:3d:3d:
                    c6:b2:fe:56:6b:f3:2e:ef:b7:e1:39:a5:76:58:f9:
                    67:c2:88:a5:5a:68:b9:91:36:9c:95:11:56:95:ee:
                    99:c1:b8:5b:22:cf:b3:fc:7a:bc:ba:1a:f1:a7:47:
                    74:b3:b9:94:94:c8:5e:3c:1c:a4:b6:0c:d8:53:67:
                    06:4a:59:eb:9e:65:c7:f4:35:0b:74:d6:73:9e:72:
                    02:b4:b8:37:70:f8:e6:ec:fe:a4:8c:59:00:b9:ab:
                    d7:9a:91:79:b2:0c:31:4e:87:37:3d:d2:74:09:ff:
                    c5:28:c1:c1:c3:95:5d:c9:42:a0:fa:1d:b2:0a:ce:
                    8f:d1:4c:e6:e9:da:bf:71:ca:29:fc:c3:6b:ae:99:
                    13:04:f7:e3:ed:07:6c:b3:09:9a:e5:a0:cb:a2:26:
                    a6:54:d7:06:d6:9c:03:5c:f8:b5:59:8f:d0:a3:20:
                    e1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:5C:5D:77:28:14:8A:42:90:88:D4:97:0B:67:BB:64:17:44:A6:AF
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/YFxddygUikKQiNSXC2e7ZBdEpq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:500::-2a14:67c1:6ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         c2:f8:c2:e8:aa:04:ca:cc:3e:25:f6:db:7b:93:9f:fa:e7:3c:
         f2:2f:50:fa:4b:7a:dd:16:56:e3:78:01:df:50:05:c0:49:ee:
         25:85:34:9a:2b:c8:01:5f:e6:97:d6:b4:0b:c2:23:1c:4e:c8:
         62:49:ce:9d:63:a5:13:b2:2f:c6:d4:a6:85:e6:e7:5d:f9:51:
         ce:3e:1c:67:f0:76:bd:21:4b:96:04:b9:b1:14:56:0c:e2:0a:
         99:63:1d:93:c6:05:2d:8d:e2:ca:cf:9d:ba:8a:33:0b:d1:be:
         fd:20:06:8d:87:2d:9c:e2:2e:22:89:da:60:4b:c8:d4:d2:aa:
         00:82:7e:d6:71:79:74:ea:9d:ed:15:a7:44:7c:11:97:ee:15:
         a1:d6:46:22:e3:73:03:5f:79:2c:c3:16:cd:a9:61:f6:86:6e:
         60:a8:d5:7d:dd:9d:19:6f:53:61:11:36:37:8a:2c:3d:34:58:
         4f:5f:c2:dd:85:23:6e:5f:ea:bc:d4:58:32:7d:d3:62:1e:19:
         28:fd:99:8d:5f:ab:75:df:e3:ca:b1:06:58:9f:e2:8f:e7:8b:
         94:aa:98:eb:84:40:25:08:30:46:8f:fc:12:32:bd:8e:3a:6e:
         5c:b5:1e:72:d4:76:8f:ab:75:f0:52:e7:a9:64:6d:29:ab:ca:
         5c:9c:77:db
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ5fGt8tXa0BMrgmUzfEEx5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNTI1MTIyNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDVjNWQ3NzI4MTQ4YTQyOTA4OGQ0OTcwYjY3YmI2NDE3NDRhNmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhwgYO0zdUnD2Vpd1YDDOFSt7ztL
IUZbql/dL6t5QMLjYLs0J9ieXLbV2n0mgWwOOceLafLYJUIeLt7KbVdRKQSaDAeu
oNWvDDMkdUExUMx1EUPG8xIxPT3Gsv5Wa/Mu77fhOaV2WPlnwoilWmi5kTaclRFW
le6ZwbhbIs+z/Hq8uhrxp0d0s7mUlMhePByktgzYU2cGSlnrnmXH9DULdNZznnIC
tLg3cPjm7P6kjFkAuavXmpF5sgwxToc3PdJ0Cf/FKMHBw5VdyUKg+h2yCs6P0Uzm
6dq/ccop/MNrrpkTBPfj7Qdsswma5aDLoiamVNcG1pwDXPi1WY/QoyDhHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGBcXXcoFIpCkIjUlwtnu2QXRKavMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvWUZ4ZGR5Z1Vpa0tRaU5TWEMyZTdaQmRFcHE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgAqFGfB
BQMGACoUZ8EGMA0GCSqGSIb3DQEBCwUAA4IBAQDC+MLoqgTKzD4l9tt7k5/65zzy
L1D6S3rdFlbjeAHfUAXASe4lhTSaK8gBX+aX1rQLwiMcTshiSc6dY6UTsi/G1KaF
5udd+VHOPhxn8Ha9IUuWBLmxFFYM4gqZYx2TxgUtjeLKz526ijML0b79IAaNhy2c
4i4iidpgS8jU0qoAgn7WcXl06p3tFadEfBGX7hWh1kYi43MDX3kswxbNqWH2hm5g
qNV93Z0Zb1NhETY3iiw9NFhPX8LdhSNuX+q81FgyfdNiHhko/ZmNX6t13+PKsQZY
n+KP54uUqpjrhEAlCDBGj/wSMr2OOm5ctR5y1HaPq3XwUuepZG0pq8pcnHfb
-----END CERTIFICATE-----