Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hIsb24dWsZ8VsBWOEEjl3fdkCsE.roa
File:                     hIsb24dWsZ8VsBWOEEjl3fdkCsE.roa (raw, json)
Hash identifier:          A4XAyp6Fewl0t4Uxa5BTFhXjIGGvivyuEJQWo21WUn8=
Subject key identifier:   84:8B:1B:DB:87:56:B1:9F:15:B0:15:8E:10:48:E5:DD:F7:64:0A:C1
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01941F8C7402A8494C2B1C46D6B5FFCC5342
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hIsb24dWsZ8VsBWOEEjl3fdkCsE.roa
Signing time:             Wed 01 Jan 2025 01:48:05 +0000
ROA not before:           Wed 01 Jan 2025 01:48:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214880
IP address blocks:        2a14:67c1:30::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:74:02:a8:49:4c:2b:1c:46:d6:b5:ff:cc:53:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  1 01:48:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=848b1bdb8756b19f15b0158e1048e5ddf7640ac1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:05:dd:e8:ff:9d:bc:cf:90:1c:62:c3:c5:bb:
                    3a:23:09:c1:ed:7f:07:06:ce:e9:87:08:8b:fb:62:
                    c6:bb:03:8e:0e:2e:5c:b6:07:86:f4:60:29:6f:69:
                    bb:d0:b5:49:17:44:e4:87:d1:73:79:9b:e5:2a:54:
                    9e:25:5a:e7:18:17:65:70:c0:ea:c6:cb:5e:ce:a1:
                    61:92:f6:cd:9f:42:71:a1:58:ee:4b:22:8f:a6:2b:
                    d5:3d:e7:14:83:46:75:2c:dc:c2:ed:4c:df:b0:dd:
                    f9:ac:9c:a3:99:9f:24:c2:ac:88:32:f1:ad:6d:70:
                    b6:e9:01:67:42:db:ca:18:a9:6e:18:38:c3:09:91:
                    80:99:31:b7:a4:16:8a:0f:0b:a4:5c:56:ba:dc:7a:
                    93:02:e0:4e:81:e0:cc:78:b8:92:48:19:fd:e7:c9:
                    37:a3:00:31:fb:db:eb:71:8b:66:0b:8f:75:b3:bb:
                    74:9c:d2:85:81:14:ec:90:94:13:dc:d0:95:d2:d3:
                    3d:3c:9c:fc:a9:17:05:cf:de:5a:bc:d5:af:61:c7:
                    38:d3:92:db:0b:cb:11:e7:3e:84:a9:5a:02:a3:7e:
                    f0:13:db:d0:66:30:d0:a8:cf:db:cb:99:f6:79:3f:
                    1d:81:dd:77:02:79:90:b8:50:15:a3:21:c2:75:34:
                    10:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:8B:1B:DB:87:56:B1:9F:15:B0:15:8E:10:48:E5:DD:F7:64:0A:C1
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/hIsb24dWsZ8VsBWOEEjl3fdkCsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:30::/44

    Signature Algorithm: sha256WithRSAEncryption
         1a:52:65:86:62:41:4a:0c:7f:db:75:bb:bd:ec:6b:ef:ad:31:
         f2:18:ae:2e:6d:e6:a4:2d:6c:b5:f9:83:2a:8e:f5:4c:53:be:
         1b:17:88:c5:4b:83:e9:d9:16:ee:49:43:a6:45:47:c6:60:2b:
         b8:2c:a5:5c:a9:a9:5c:8b:c0:d9:ed:26:93:b3:b3:67:ed:6f:
         68:8d:cd:b7:87:f1:de:c6:df:9e:0d:b0:18:f2:0f:b7:66:0e:
         aa:03:97:15:2b:29:42:db:24:b5:82:a0:b4:20:2d:04:c7:c7:
         ab:07:de:d5:7d:81:79:0f:7c:8a:09:d0:13:62:b8:5b:64:7a:
         07:cd:1d:1c:df:43:fd:40:96:95:db:50:20:dc:d7:3f:a4:b7:
         b5:85:15:dc:75:53:06:c6:ae:cb:4d:31:67:a6:cf:43:c8:fe:
         d1:91:55:ec:73:c5:2a:26:8e:b8:9b:8b:da:94:9f:64:88:a9:
         e4:f0:97:55:19:15:51:3c:7c:78:4d:68:86:5d:ba:d8:47:62:
         13:14:0d:cc:48:b4:3c:3e:1b:2f:3c:79:78:86:0f:65:d7:a1:
         6d:a8:e9:77:36:bf:b8:90:4e:64:c7:a6:a7:48:81:8e:f9:fb:
         9d:6c:14:79:3d:14:a1:dc:67:7c:8f:18:f5:ec:0a:1f:c8:d1:
         f0:96:7a:a2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQfjHQCqElMKxxG1rX/zFNCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwMTAxMDE0ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDhiMWJkYjg3NTZiMTlmMTViMDE1OGUxMDQ4ZTVkZGY3NjQwYWMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAXd6P+dvM+QHGLDxbs6IwnB7X8H
Bs7phwiL+2LGuwOODi5ctgeG9GApb2m70LVJF0Tkh9FzeZvlKlSeJVrnGBdlcMDq
xstezqFhkvbNn0JxoVjuSyKPpivVPecUg0Z1LNzC7UzfsN35rJyjmZ8kwqyIMvGt
bXC26QFnQtvKGKluGDjDCZGAmTG3pBaKDwukXFa63HqTAuBOgeDMeLiSSBn958k3
owAx+9vrcYtmC491s7t0nNKFgRTskJQT3NCV0tM9PJz8qRcFz95avNWvYcc405Lb
C8sR5z6EqVoCo37wE9vQZjDQqM/by5n2eT8dgd13AnmQuFAVoyHCdTQQsQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFISLG9uHVrGfFbAVjhBI5d33ZArBMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvaElzYjI0ZFdzWjhWc0JXT0VFamwzZmRrQ3NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwQAw
MA0GCSqGSIb3DQEBCwUAA4IBAQAaUmWGYkFKDH/bdbu97GvvrTHyGK4ubeakLWy1
+YMqjvVMU74bF4jFS4Pp2RbuSUOmRUfGYCu4LKVcqalci8DZ7SaTs7Nn7W9ojc23
h/Hext+eDbAY8g+3Zg6qA5cVKylC2yS1gqC0IC0Ex8erB97VfYF5D3yKCdATYrhb
ZHoHzR0c30P9QJaV21Ag3Nc/pLe1hRXcdVMGxq7LTTFnps9DyP7RkVXsc8UqJo64
m4valJ9kiKnk8JdVGRVRPHx4TWiGXbrYR2ITFA3MSLQ8PhsvPHl4hg9l16FtqOl3
Nr+4kE5kx6anSIGO+fudbBR5PRSh3Gd8jxj17AofyNHwlnqi
-----END CERTIFICATE-----