Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/iQ-sxRu8ifzDfbWPuZcQgpWowuo.roa
File:                     iQ-sxRu8ifzDfbWPuZcQgpWowuo.roa (raw, json)
Hash identifier:          b3fDGmUBqk0KR0yQwJC7EmZb6fMWemneP4tvWDlIH+s=
Subject key identifier:   89:0F:AC:C5:1B:BC:89:FC:C3:7D:B5:8F:B9:97:10:82:95:A8:C2:EA
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019DB30D5AB050B68C04469E6312F988EEEE
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/iQ-sxRu8ifzDfbWPuZcQgpWowuo.roa
Signing time:             Wed 22 Apr 2026 02:38:10 +0000
ROA not before:           Wed 22 Apr 2026 02:38:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213436
IP address blocks:        2a14:67c1:600::/40 maxlen: 48
                          2a14:67c1:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b3:0d:5a:b0:50:b6:8c:04:46:9e:63:12:f9:88:ee:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 22 02:38:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=890facc51bbc89fcc37db58fb997108295a8c2ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d1:ae:98:03:76:19:06:46:e6:3d:72:99:a8:
                    14:b8:08:c3:9b:aa:2d:82:38:9d:3e:fb:b9:23:20:
                    12:54:3b:de:72:cb:8e:c7:a5:31:fb:ca:7b:80:2b:
                    3f:18:e7:37:d7:fb:b5:c7:10:a3:c2:c0:46:f1:6b:
                    2f:c6:5e:03:d7:8d:37:d0:b3:e9:da:b1:8d:73:ac:
                    43:86:af:48:1b:80:c4:16:50:18:32:7f:3d:d5:9f:
                    55:5d:4f:d8:30:38:c8:2c:62:25:4a:01:f9:ef:51:
                    d0:14:4b:2f:9a:22:de:70:56:4a:95:48:25:a2:e6:
                    00:98:ac:6a:56:81:71:14:16:c5:69:6d:c1:e0:1a:
                    95:13:da:6c:eb:62:ca:0a:15:42:4d:76:67:0a:2a:
                    d4:e8:3f:46:35:a3:44:44:5e:87:c7:c8:21:ba:c4:
                    a6:b8:b0:a6:49:88:57:67:60:2a:bf:2f:e5:f2:9f:
                    ee:0e:f5:df:4c:65:43:7b:e8:92:7e:a4:dd:ab:7a:
                    0d:78:e3:21:a2:a6:a3:59:08:42:77:5d:80:a0:19:
                    e5:14:82:bb:03:97:44:f0:e6:ba:5b:3d:25:ab:2d:
                    7d:67:92:ea:98:f6:03:94:4d:57:8c:ae:3a:43:cd:
                    f0:b7:75:eb:c6:08:e4:0c:58:c5:98:a2:51:83:2e:
                    34:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:0F:AC:C5:1B:BC:89:FC:C3:7D:B5:8F:B9:97:10:82:95:A8:C2:EA
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/iQ-sxRu8ifzDfbWPuZcQgpWowuo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:600::/40
                  2a14:67c1:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7e:14:29:f9:c6:e9:39:c0:c0:6a:93:09:da:67:59:43:21:5d:
         77:81:0e:1a:98:99:3c:ce:91:b5:98:21:53:8d:55:9f:30:76:
         cb:41:f9:99:22:bb:11:a3:55:b9:1e:af:59:ee:b9:0d:9b:08:
         f6:d2:a6:7a:b8:af:b9:9f:45:88:6e:c9:7e:d1:70:0a:b9:41:
         5f:8e:5c:30:2e:fc:9d:a1:23:79:c4:a3:f7:67:a2:b0:98:2d:
         d8:5e:bb:de:d8:c4:2f:bd:42:76:00:1c:8e:dd:ed:d8:48:bf:
         61:5e:d7:e0:da:ae:6b:4b:63:7d:9d:98:9a:0d:86:7b:05:ee:
         d0:69:6d:37:db:2e:9e:dc:e4:58:09:56:56:c6:d5:d4:d6:8a:
         80:a8:17:7b:ad:5d:d9:82:7e:0f:5b:d4:c0:11:36:1d:ba:ac:
         dc:a6:bc:8b:3a:21:e7:95:08:95:70:ac:60:ef:3b:a8:4b:85:
         41:63:43:c7:e5:b4:e8:bd:71:a5:13:62:7b:d4:47:54:21:54:
         27:1f:90:5f:79:db:d8:0f:07:59:a5:9a:cc:ce:74:41:b8:bb:
         e5:73:fc:26:6d:a6:09:87:d7:38:a1:dd:90:80:84:bc:e4:35:
         c4:21:e9:88:ea:4f:e1:f9:3e:ff:fa:51:f3:7d:98:06:de:5f:
         17:79:f9:ca
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ2zDVqwULaMBEaeYxL5iO7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNDIyMDIzODEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTBmYWNjNTFiYmM4OWZjYzM3ZGI1OGZiOTk3MTA4Mjk1YThjMmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtGumAN2GQZG5j1ymagUuAjDm6ot
gjidPvu5IyASVDvecsuOx6Ux+8p7gCs/GOc31/u1xxCjwsBG8Wsvxl4D14030LPp
2rGNc6xDhq9IG4DEFlAYMn891Z9VXU/YMDjILGIlSgH571HQFEsvmiLecFZKlUgl
ouYAmKxqVoFxFBbFaW3B4BqVE9ps62LKChVCTXZnCirU6D9GNaNERF6Hx8ghusSm
uLCmSYhXZ2Aqvy/l8p/uDvXfTGVDe+iSfqTdq3oNeOMhoqajWQhCd12AoBnlFIK7
A5dE8Oa6Wz0lqy19Z5LqmPYDlE1XjK46Q83wt3XrxgjkDFjFmKJRgy40WwIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFIkPrMUbvIn8w321j7mXEIKVqMLqMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvaVEtc3hSdThpZnpEZmJXUHVaY1FncFdvd3VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYAKhRnwQYD
BgQqFGfBEDANBgkqhkiG9w0BAQsFAAOCAQEAfhQp+cbpOcDAapMJ2mdZQyFdd4EO
GpiZPM6RtZghU41VnzB2y0H5mSK7EaNVuR6vWe65DZsI9tKmerivuZ9FiG7JftFw
CrlBX45cMC78naEjecSj92eisJgt2F673tjEL71CdgAcjt3t2Ei/YV7X4Nqua0tj
fZ2Ymg2GewXu0GltN9suntzkWAlWVsbV1NaKgKgXe61d2YJ+D1vUwBE2Hbqs3Ka8
izoh55UIlXCsYO87qEuFQWNDx+W06L1xpRNie9RHVCFUJx+QX3nb2A8HWaWazM50
Qbi75XP8Jm2mCYfXOKHdkICEvOQ1xCHpiOpP4fk+//pR832YBt5fF3n5yg==
-----END CERTIFICATE-----