Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/j7Zp9pLXc2B98TTAlZzxUsAaGKc.roa
File:                     j7Zp9pLXc2B98TTAlZzxUsAaGKc.roa (raw, json)
Hash identifier:          QKTth6fi1+kuyUPTMW5Vops1MKDst5N8x0Jd3FnIeV0=
Subject key identifier:   8F:B6:69:F6:92:D7:73:60:7D:F1:34:C0:95:9C:F1:52:C0:1A:18:A7
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019354F2F964F5C08692C7CF85F04557EAE9
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/j7Zp9pLXc2B98TTAlZzxUsAaGKc.roa
Signing time:             Fri 22 Nov 2024 17:37:09 +0000
ROA not before:           Fri 22 Nov 2024 17:37:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214512
IP address blocks:        2a14:67c1:10::/44 maxlen: 48
                          2a14:67c1:2000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:54:f2:f9:64:f5:c0:86:92:c7:cf:85:f0:45:57:ea:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Nov 22 17:37:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8fb669f692d773607df134c0959cf152c01a18a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ed:a1:e3:1a:64:e8:dd:7a:d4:a4:0b:91:22:
                    84:62:9d:03:d5:69:c4:e7:26:ed:97:ec:12:aa:23:
                    bc:1d:74:73:73:d6:f8:67:ae:dd:c6:49:ec:62:16:
                    b6:9a:8e:f0:0d:1c:c2:b7:41:c4:4f:c5:ee:0b:cf:
                    12:84:08:35:6c:86:21:ac:10:18:0a:43:7a:b5:42:
                    59:5b:b8:fd:1d:15:d6:64:8b:f5:dc:ac:30:cf:cb:
                    9c:4b:d0:9f:c6:21:9d:26:92:7e:12:ee:18:f3:cf:
                    1e:b4:99:f9:32:95:de:fd:e2:4c:ab:e0:59:94:59:
                    56:bd:af:e6:c7:d8:da:ab:86:0c:ce:e7:91:0e:b7:
                    fb:88:46:25:9a:5d:ee:37:55:86:69:09:45:7d:bd:
                    a6:77:45:71:dc:fa:74:7f:ea:dc:44:93:e1:33:e5:
                    1b:ca:1e:1e:3e:c0:c6:1b:4f:c9:2c:ae:ee:18:e1:
                    db:69:94:e1:74:71:1a:5f:d7:e4:3f:da:35:73:05:
                    d3:a3:65:91:bf:4a:b1:e2:61:cc:58:34:33:ed:2b:
                    e4:12:3a:60:02:bb:31:dd:c5:83:5e:0e:3f:30:7f:
                    55:cb:8d:69:6c:ba:91:17:81:da:8e:2a:77:9c:27:
                    0c:69:5b:29:95:42:77:72:55:d8:43:47:d1:58:70:
                    60:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:B6:69:F6:92:D7:73:60:7D:F1:34:C0:95:9C:F1:52:C0:1A:18:A7
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/j7Zp9pLXc2B98TTAlZzxUsAaGKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:10::/44
                  2a14:67c1:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         9e:54:ea:78:b8:0c:f8:cb:96:da:be:27:cf:b1:0f:7f:da:2e:
         cb:fc:40:4d:00:f6:f8:06:98:e7:3e:3c:ac:1e:46:59:49:bf:
         fe:fc:5e:5f:16:e9:32:39:c8:b7:f8:0e:00:74:b1:4b:b8:86:
         21:66:bf:0e:b1:70:8f:59:68:6b:2c:3a:11:ae:d2:77:92:85:
         88:f8:19:68:cd:2e:7f:d2:1a:15:30:51:82:96:04:db:c7:fc:
         24:61:0c:80:b1:e0:cf:aa:8a:3e:7e:5c:50:78:bc:e2:77:af:
         83:c6:fa:5a:46:b1:b7:c5:cf:2a:a2:72:66:1e:92:31:71:45:
         ef:a9:a6:ba:20:5f:2b:36:30:54:67:8d:ba:0c:7d:f0:8d:fe:
         4e:a3:72:a5:20:cf:db:8f:a6:7f:c4:f6:1c:5e:7a:98:77:64:
         39:48:02:e3:74:b4:07:67:14:a1:52:8a:cf:51:5a:41:d2:b0:
         96:2d:c9:92:b9:be:85:4b:65:a4:b2:68:7b:83:88:6b:83:2e:
         47:6a:04:6a:2f:e5:9d:88:9f:5c:9d:9a:a2:85:a9:f7:6d:57:
         d9:c8:18:c5:11:99:77:88:e9:56:e5:73:36:81:3b:2d:ef:6c:
         a4:42:14:f5:28:df:0d:db:4c:63:16:6b:ea:74:6c:ae:9b:d2:
         96:2c:df:3b
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZNU8vlk9cCGksfPhfBFV+rpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQxMTIyMTczNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmI2NjlmNjkyZDc3MzYwN2RmMTM0YzA5NTljZjE1MmMwMWExOGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5+2h4xpk6N161KQLkSKEYp0D1WnE
5ybtl+wSqiO8HXRzc9b4Z67dxknsYha2mo7wDRzCt0HET8XuC88ShAg1bIYhrBAY
CkN6tUJZW7j9HRXWZIv13Kwwz8ucS9CfxiGdJpJ+Eu4Y888etJn5MpXe/eJMq+BZ
lFlWva/mx9jaq4YMzueRDrf7iEYlml3uN1WGaQlFfb2md0Vx3Pp0f+rcRJPhM+Ub
yh4ePsDGG0/JLK7uGOHbaZThdHEaX9fkP9o1cwXTo2WRv0qx4mHMWDQz7SvkEjpg
Arsx3cWDXg4/MH9Vy41pbLqRF4Hajip3nCcMaVsplUJ3clXYQ0fRWHBgmQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFI+2afaS13NgffE0wJWc8VLAGhinMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvajdacDlwTFhjMkI5OFRUQWxaenhVc0FhR0tjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKhRnwQAQ
AwYEKhRnwSAwDQYJKoZIhvcNAQELBQADggEBAJ5U6ni4DPjLltq+J8+xD3/aLsv8
QE0A9vgGmOc+PKweRllJv/78Xl8W6TI5yLf4DgB0sUu4hiFmvw6xcI9ZaGssOhGu
0neShYj4GWjNLn/SGhUwUYKWBNvH/CRhDICx4M+qij5+XFB4vOJ3r4PG+lpGsbfF
zyqicmYekjFxRe+pprogXys2MFRnjboMffCN/k6jcqUgz9uPpn/E9hxeeph3ZDlI
AuN0tAdnFKFSis9RWkHSsJYtyZK5voVLZaSyaHuDiGuDLkdqBGov5Z2In1ydmqKF
qfdtV9nIGMURmXeI6VblczaBOy3vbKRCFPUo3w3bTGMWa+p0bK6b0pYs3zs=
-----END CERTIFICATE-----