Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ntmv4GjG_0mup2wp08NsoAB722c.roa
File:                     ntmv4GjG_0mup2wp08NsoAB722c.roa (raw, json)
Hash identifier:          Wows5D7ZHuaUWzsrMO+R32O07oMsKkp11bgOii79xi4=
Subject key identifier:   9E:D9:AF:E0:68:C6:FF:49:AE:A7:6C:29:D3:C3:6C:A0:00:7B:DB:67
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0190C70AD611A16B9F5F1272AA4CCAD09C45
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ntmv4GjG_0mup2wp08NsoAB722c.roa
Signing time:             Thu 18 Jul 2024 18:11:34 +0000
ROA not before:           Thu 18 Jul 2024 18:11:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        2a14:67c6::/32 maxlen: 48
                          2a14:67c7::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 15:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:c7:0a:d6:11:a1:6b:9f:5f:12:72:aa:4c:ca:d0:9c:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jul 18 18:11:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9ed9afe068c6ff49aea76c29d3c36ca0007bdb67
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:96:6d:27:e2:f4:01:4f:cc:f0:39:70:7e:c1:
                    ad:30:3d:a6:5b:f1:77:3c:67:48:78:f8:0c:77:d1:
                    19:05:7e:fb:b4:c8:c9:7f:8f:34:6c:2f:b7:dc:6d:
                    85:04:65:e8:e1:75:5b:ee:60:91:82:50:d7:e7:54:
                    8b:c2:20:58:ad:f7:3e:fc:45:b7:01:85:1b:bb:10:
                    c7:dd:80:02:29:aa:29:b0:03:54:d0:38:17:9c:9a:
                    6b:57:bd:76:63:ed:9a:b5:c2:d5:a8:c1:5b:4d:b2:
                    68:99:06:99:e8:e6:38:0d:e8:dc:ba:5d:7f:81:75:
                    8b:05:f2:f0:fa:95:29:41:3f:0a:8a:72:5c:6b:8d:
                    70:6f:1b:c9:cc:b8:5b:24:c5:5b:e8:ee:82:e1:db:
                    20:80:ff:d5:bf:af:6b:e6:c4:45:2d:7c:11:be:36:
                    78:9c:f3:c2:5b:4e:1c:1c:38:3b:39:f3:53:d4:1f:
                    ec:9d:2a:8e:8b:45:33:ed:0e:9b:9f:32:78:d6:29:
                    f0:c8:61:23:24:4b:12:2c:3e:b2:b4:0d:47:00:1a:
                    96:5f:e9:9f:2b:a6:38:fa:63:21:e2:1f:a4:50:0b:
                    ce:07:ce:2f:d7:b3:25:e5:37:fd:f4:b7:0b:a1:6e:
                    0a:b1:2e:8d:bc:60:08:23:6d:d1:e8:91:4e:e6:d9:
                    00:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:D9:AF:E0:68:C6:FF:49:AE:A7:6C:29:D3:C3:6C:A0:00:7B:DB:67
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ntmv4GjG_0mup2wp08NsoAB722c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c6::/31

    Signature Algorithm: sha256WithRSAEncryption
         95:30:50:7c:0c:21:72:13:2c:bc:e5:77:5d:a6:19:63:40:55:
         3c:83:63:58:d0:c2:11:f9:ce:1f:b8:06:2e:55:ff:3b:90:c1:
         72:67:e2:94:48:4a:ef:85:5b:5f:fb:76:6a:2b:74:60:80:44:
         2c:a9:1c:a0:c9:f4:c7:cb:d3:f3:cb:78:81:87:58:ae:1e:f8:
         af:80:62:51:17:31:d5:0f:31:4d:33:6f:d8:f0:67:99:b9:21:
         76:db:9a:21:5e:d2:1a:df:0c:fe:fb:86:73:58:e7:57:a0:fa:
         b2:d2:26:09:e0:56:02:aa:9a:dd:4a:98:5e:f2:01:25:1e:07:
         fa:04:20:08:35:f2:8c:83:d8:df:45:b9:05:1d:e4:58:47:d1:
         f2:ae:06:8f:63:ac:1c:eb:18:7a:f8:75:48:48:0f:51:c5:3d:
         09:f6:2f:04:2b:66:ce:12:4d:f5:59:f2:5c:ff:33:04:e4:79:
         55:b9:41:23:47:ed:99:f1:ba:7b:99:d4:19:5c:bc:53:64:c0:
         2d:29:53:2b:66:1d:f2:d2:bd:6a:61:e5:aa:95:93:76:fb:33:
         88:0d:3d:60:67:0e:9c:b8:20:9a:5b:7a:c4:fa:71:78:82:08:
         b2:af:ea:0c:83:d4:79:42:71:d4:7c:92:2e:df:12:81:ef:7e:
         7d:96:d9:fe
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZDHCtYRoWufXxJyqkzK0JxFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQwNzE4MTgxMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWQ5YWZlMDY4YzZmZjQ5YWVhNzZjMjlkM2MzNmNhMDAwN2JkYjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJZtJ+L0AU/M8DlwfsGtMD2mW/F3
PGdIePgMd9EZBX77tMjJf480bC+33G2FBGXo4XVb7mCRglDX51SLwiBYrfc+/EW3
AYUbuxDH3YACKaopsANU0DgXnJprV712Y+2atcLVqMFbTbJomQaZ6OY4Dejcul1/
gXWLBfLw+pUpQT8KinJca41wbxvJzLhbJMVb6O6C4dsggP/Vv69r5sRFLXwRvjZ4
nPPCW04cHDg7OfNT1B/snSqOi0Uz7Q6bnzJ41inwyGEjJEsSLD6ytA1HABqWX+mf
K6Y4+mMh4h+kUAvOB84v17Ml5Tf99LcLoW4KsS6NvGAII23R6JFO5tkAbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ7Zr+Boxv9JrqdsKdPDbKAAe9tnMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvbnRtdjRHakdfMG11cDJ3cDA4TnNvQUI3MjJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBKhRnxjAN
BgkqhkiG9w0BAQsFAAOCAQEAlTBQfAwhchMsvOV3XaYZY0BVPINjWNDCEfnOH7gG
LlX/O5DBcmfilEhK74VbX/t2ait0YIBELKkcoMn0x8vT88t4gYdYrh74r4BiURcx
1Q8xTTNv2PBnmbkhdtuaIV7SGt8M/vuGc1jnV6D6stImCeBWAqqa3UqYXvIBJR4H
+gQgCDXyjIPY30W5BR3kWEfR8q4Gj2OsHOsYevh1SEgPUcU9CfYvBCtmzhJN9Vny
XP8zBOR5VblBI0ftmfG6e5nUGVy8U2TALSlTK2Yd8tK9amHlqpWTdvsziA09YGcO
nLggmlt6xPpxeIIIsq/qDIPUeUJx1HySLt8Sge9+fZbZ/g==
-----END CERTIFICATE-----