Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ahnmZFGei6LFgpz9xxiT2mvbYOw.roa
File:                     ahnmZFGei6LFgpz9xxiT2mvbYOw.roa (raw, json)
Hash identifier:          VpNipjK5vWj9H0cIByNEsI+BOfUc5uByjC1UbwBziWg=
Subject key identifier:   6A:19:E6:64:51:9E:8B:A2:C5:82:9C:FD:C7:18:93:DA:6B:DB:60:EC
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0190C70AD5C412C083AE201796C3C9B7AC51
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ahnmZFGei6LFgpz9xxiT2mvbYOw.roa
Signing time:             Thu 18 Jul 2024 18:11:34 +0000
ROA not before:           Thu 18 Jul 2024 18:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215355
IP address blocks:        2a14:67c0:100::/40 maxlen: 48
                          2a14:67c0:110::/44 maxlen: 48
                          2a14:67c0:200::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c7:0a:d5:c4:12:c0:83:ae:20:17:96:c3:c9:b7:ac:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jul 18 18:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a19e664519e8ba2c5829cfdc71893da6bdb60ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:b9:de:1d:6c:8e:0f:41:d6:dc:49:5d:91:ec:
                    4e:0c:12:18:d7:44:b3:f8:ef:65:2b:f9:00:2d:71:
                    b2:31:17:7b:27:ef:d4:83:79:b5:62:22:c6:77:b5:
                    e4:30:6c:bd:20:6d:29:19:fc:7c:cf:b0:d0:80:09:
                    92:31:7e:b7:b6:60:a1:d5:1f:dc:a3:eb:5a:61:4f:
                    a7:5d:e0:6c:e2:5a:db:60:69:ef:13:ea:36:f3:ef:
                    a4:05:1a:bf:5d:21:4e:7a:14:2e:38:ff:51:24:dc:
                    4f:e2:b8:ed:9c:cb:c6:e0:8b:c1:f4:9a:8a:c7:2e:
                    ed:27:57:8e:84:98:88:41:ed:ad:1b:87:9f:33:a4:
                    40:15:7f:19:0b:33:b2:4b:b9:d6:8c:20:e5:f0:4f:
                    f9:d3:17:9b:d0:ca:88:36:cd:98:c9:78:2e:37:87:
                    2d:7e:9a:5d:7c:08:1f:c7:aa:d6:2e:f8:af:5c:23:
                    41:5a:ae:b9:87:60:b4:38:e5:32:7c:ba:84:7e:98:
                    d5:19:f8:d6:7f:38:39:1d:64:d5:8b:25:76:59:fb:
                    19:de:82:c8:ec:60:b8:59:1a:c1:47:1e:a3:7d:8c:
                    48:fd:d3:13:a3:ea:1e:9b:41:62:82:22:f3:4c:3f:
                    cc:70:ef:78:d2:c2:f1:9d:aa:70:8e:72:8a:52:22:
                    0a:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:19:E6:64:51:9E:8B:A2:C5:82:9C:FD:C7:18:93:DA:6B:DB:60:EC
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ahnmZFGei6LFgpz9xxiT2mvbYOw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c0:100::-2a14:67c0:2ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         2a:28:40:0a:3c:89:ed:e7:dc:fd:46:e8:08:ce:2c:af:7b:2f:
         2c:3c:75:eb:4d:0d:c7:0d:c5:9f:ef:ce:9e:86:bf:6f:fe:0c:
         f1:3d:7b:33:65:e1:9c:f8:8b:03:c3:5a:7e:8e:f4:82:0f:0f:
         73:42:e9:3b:55:e1:61:15:94:b3:df:f0:29:49:46:10:80:51:
         f6:8b:2f:38:0f:b6:0c:84:4f:61:e7:23:3e:66:de:48:af:de:
         38:9d:8f:95:61:83:04:b6:98:39:33:9c:c4:e5:7c:43:a2:58:
         32:31:d3:02:30:dc:e3:70:17:3c:bd:6f:36:5b:b7:6a:27:4c:
         5e:4b:22:a4:ab:2f:90:ea:6a:76:de:14:c6:6f:95:43:27:30:
         cb:60:64:29:88:4d:93:6d:ab:41:ae:61:1b:e1:23:a6:4c:6d:
         d6:bc:de:0a:d6:9d:a4:82:cb:0f:84:bf:df:e9:ed:bd:39:c2:
         03:8e:ef:f8:dc:8a:af:05:b2:78:c8:ee:d1:cf:d3:65:fc:4e:
         5f:71:8a:f4:bb:f9:75:5f:c3:6f:79:47:69:f4:53:26:de:0c:
         13:71:19:af:92:49:38:e9:8d:4e:1a:2e:9a:d8:b3:32:5e:2e:
         4e:42:66:de:51:24:78:90:a3:33:41:0b:e0:43:64:cd:a2:34:
         26:52:da:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZDHCtXEEsCDriAXlsPJt6xRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQwNzE4MTgxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTE5ZTY2NDUxOWU4YmEyYzU4MjljZmRjNzE4OTNkYTZiZGI2MGVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkLneHWyOD0HW3EldkexODBIY10Sz
+O9lK/kALXGyMRd7J+/Ug3m1YiLGd7XkMGy9IG0pGfx8z7DQgAmSMX63tmCh1R/c
o+taYU+nXeBs4lrbYGnvE+o28++kBRq/XSFOehQuOP9RJNxP4rjtnMvG4IvB9JqK
xy7tJ1eOhJiIQe2tG4efM6RAFX8ZCzOyS7nWjCDl8E/50xeb0MqINs2YyXguN4ct
fppdfAgfx6rWLvivXCNBWq65h2C0OOUyfLqEfpjVGfjWfzg5HWTViyV2WfsZ3oLI
7GC4WRrBRx6jfYxI/dMTo+oem0FigiLzTD/McO940sLxnapwjnKKUiIKiQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGoZ5mRRnouixYKc/ccYk9pr22DsMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvYWhubVpGR2VpNkxGZ3B6OXh4aVQybXZiWU93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgAqFGfA
AQMGACoUZ8ACMA0GCSqGSIb3DQEBCwUAA4IBAQAqKEAKPInt59z9RugIziyvey8s
PHXrTQ3HDcWf786ehr9v/gzxPXszZeGc+IsDw1p+jvSCDw9zQuk7VeFhFZSz3/Ap
SUYQgFH2iy84D7YMhE9h5yM+Zt5Ir944nY+VYYMEtpg5M5zE5XxDolgyMdMCMNzj
cBc8vW82W7dqJ0xeSyKkqy+Q6mp23hTGb5VDJzDLYGQpiE2TbatBrmEb4SOmTG3W
vN4K1p2kgssPhL/f6e29OcIDju/43IqvBbJ4yO7Rz9Nl/E5fcYr0u/l1X8NveUdp
9FMm3gwTcRmvkkk46Y1OGi6a2LMyXi5OQmbeUSR4kKMzQQvgQ2TNojQmUtq1
-----END CERTIFICATE-----