Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/iXqb1yHRH8cWOBEkajcV_nVfyfs.roa
File:                     iXqb1yHRH8cWOBEkajcV_nVfyfs.roa (raw, json)
Hash identifier:          f1TvKBxMTvL3tdYmDfpZZyeklOWRFt836EQ+ID9+WhA=
Subject key identifier:   89:7A:9B:D7:21:D1:1F:C7:16:38:11:24:6A:37:15:FE:75:5F:C9:FB
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019DCB00E63E94B5A534E14D0BE7E406978D
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/iXqb1yHRH8cWOBEkajcV_nVfyfs.roa
Signing time:             Sun 26 Apr 2026 18:15:26 +0000
ROA not before:           Sun 26 Apr 2026 18:15:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210773
IP address blocks:        2a14:67c3:190::/48 maxlen: 48
                          2a14:67c3:880::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 27 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cb:00:e6:3e:94:b5:a5:34:e1:4d:0b:e7:e4:06:97:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 26 18:15:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=897a9bd721d11fc7163811246a3715fe755fc9fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:dd:aa:01:cc:4b:07:e3:9a:8d:fc:91:21:77:
                    88:df:33:ec:25:d2:5f:c8:e3:1a:1b:6c:7b:fa:a0:
                    bf:4b:d3:23:a5:e3:62:0f:b0:13:04:02:71:10:02:
                    8e:9f:ff:2d:7f:f7:66:1e:d1:9a:ac:bf:35:bb:5c:
                    b8:e9:63:b4:17:d9:5b:1e:23:e8:97:69:50:05:e5:
                    cd:31:0a:08:ef:fb:e5:89:32:57:09:76:1a:b9:d8:
                    53:75:30:e0:b2:b0:8e:bd:34:6e:53:f8:06:c6:7e:
                    bd:23:d9:f2:85:d9:85:9f:7e:e0:96:5b:ed:8d:d4:
                    20:06:cc:2c:7b:93:75:31:1b:5b:6c:d2:ee:bf:06:
                    62:74:a3:b6:60:3f:41:fd:2a:bd:d4:90:0b:fe:65:
                    66:c2:17:7f:09:77:c0:2d:1b:22:c4:03:9c:fb:97:
                    87:40:39:8a:1a:09:52:9e:64:d7:b4:2c:b8:a6:df:
                    f2:0f:e9:08:fa:82:6f:a5:5e:72:bf:58:e5:73:16:
                    76:ab:2c:e0:e9:5a:6a:28:3b:7f:45:f5:f8:00:5a:
                    8f:5b:48:f1:6d:7e:24:d7:26:c2:11:7a:a2:08:90:
                    b8:4e:59:72:8f:6d:c2:b8:db:aa:14:eb:0a:8c:dd:
                    8f:46:49:59:42:7c:d3:12:ba:f6:0c:07:e8:02:54:
                    c4:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:7A:9B:D7:21:D1:1F:C7:16:38:11:24:6A:37:15:FE:75:5F:C9:FB
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/iXqb1yHRH8cWOBEkajcV_nVfyfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:190::/48
                  2a14:67c3:880::/44

    Signature Algorithm: sha256WithRSAEncryption
         34:dc:5a:c9:16:18:4b:31:6c:e0:43:af:9f:c3:79:a0:c9:a4:
         b0:47:07:06:58:ab:7c:c1:e4:49:0a:24:3f:1a:ca:6a:5b:bc:
         6e:ff:ea:a5:c1:61:9c:9f:3a:56:b8:17:0b:69:8a:d8:bd:bb:
         56:a5:d6:af:50:dd:fd:a8:01:f4:6b:be:ed:8f:91:c6:2b:06:
         b9:29:e5:ed:f7:35:ec:38:e5:dc:2b:67:a8:ae:6f:a4:09:f6:
         ee:82:6b:81:d4:87:32:51:96:03:3b:ee:b0:ad:c7:93:e9:9b:
         b3:c4:74:98:8b:c7:98:b9:c1:8f:3b:6f:89:90:b2:bd:4e:11:
         4d:81:bb:32:db:7a:c7:b2:bb:36:76:85:66:34:c8:63:0e:47:
         eb:5d:13:ae:c9:67:63:c7:32:e8:52:57:7f:a9:60:83:58:d3:
         53:63:3c:a9:df:c8:4f:a8:15:46:f7:a7:72:c7:94:3d:4c:92:
         4c:cb:7b:57:35:62:cd:c6:3e:63:99:ba:d3:10:ec:20:37:65:
         e0:2e:39:8a:cc:3a:a5:d8:a7:21:a2:32:fb:17:41:ff:35:3f:
         26:2a:82:fa:66:07:f9:6a:f4:f6:71:9b:1a:9d:c4:6f:5e:90:
         2e:1a:65:25:53:3b:8b:42:8e:7d:98:00:a1:af:63:4c:76:43:
         bc:89:1d:ce
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3LAOY+lLWlNOFNC+fkBpeNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNDI2MTgxNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTdhOWJkNzIxZDExZmM3MTYzODExMjQ2YTM3MTVmZTc1NWZjOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyN2qAcxLB+OajfyRIXeI3zPsJdJf
yOMaG2x7+qC/S9MjpeNiD7ATBAJxEAKOn/8tf/dmHtGarL81u1y46WO0F9lbHiPo
l2lQBeXNMQoI7/vliTJXCXYaudhTdTDgsrCOvTRuU/gGxn69I9nyhdmFn37gllvt
jdQgBswse5N1MRtbbNLuvwZidKO2YD9B/Sq91JAL/mVmwhd/CXfALRsixAOc+5eH
QDmKGglSnmTXtCy4pt/yD+kI+oJvpV5yv1jlcxZ2qyzg6VpqKDt/RfX4AFqPW0jx
bX4k1ybCEXqiCJC4Tllyj23CuNuqFOsKjN2PRklZQnzTErr2DAfoAlTEAQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIl6m9ch0R/HFjgRJGo3Ff51X8n7MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvaVhxYjF5SFJIOGNXT0JFa2FqY1ZfblZmeWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhRnwwGQ
AwcEKhRnwwiAMA0GCSqGSIb3DQEBCwUAA4IBAQA03FrJFhhLMWzgQ6+fw3mgyaSw
RwcGWKt8weRJCiQ/GspqW7xu/+qlwWGcnzpWuBcLaYrYvbtWpdavUN39qAH0a77t
j5HGKwa5KeXt9zXsOOXcK2eorm+kCfbugmuB1IcyUZYDO+6wrceT6ZuzxHSYi8eY
ucGPO2+JkLK9ThFNgbsy23rHsrs2doVmNMhjDkfrXROuyWdjxzLoUld/qWCDWNNT
Yzyp38hPqBVG96dyx5Q9TJJMy3tXNWLNxj5jmbrTEOwgN2XgLjmKzDql2KchojL7
F0H/NT8mKoL6Zgf5avT2cZsancRvXpAuGmUlUzuLQo59mAChr2NMdkO8iR3O
-----END CERTIFICATE-----