Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/o9UTDerj5SkBNPSC_40DCs_7wyc.roa
File:                     o9UTDerj5SkBNPSC_40DCs_7wyc.roa (raw, json)
Hash identifier:          7gqSvQN7VD6wF2cIvKTOi/nKnwSyMGxTZqKG6dEtTe0=
Subject key identifier:   A3:D5:13:0D:EA:E3:E5:29:01:34:F4:82:FF:8D:03:0A:CF:FB:C3:27
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0196EE2B80CA9D963CE0597D4E51901E71A1
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/o9UTDerj5SkBNPSC_40DCs_7wyc.roa
Signing time:             Tue 20 May 2025 14:49:10 +0000
ROA not before:           Tue 20 May 2025 14:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210440
IP address blocks:        2a14:67c1:a080::/44 maxlen: 48
                          2a14:67c1:b000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ee:2b:80:ca:9d:96:3c:e0:59:7d:4e:51:90:1e:71:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: May 20 14:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a3d5130deae3e5290134f482ff8d030acffbc327
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0a:7f:7d:9d:9a:c0:ba:c1:3d:85:fc:91:b9:
                    62:be:01:f4:aa:59:ff:2c:86:9c:97:29:d8:df:f4:
                    a3:cb:6c:41:69:86:02:0d:34:3f:cd:6a:de:77:d2:
                    b7:6f:ea:34:b7:ed:fd:0b:5b:d3:a4:9c:b3:bd:54:
                    09:ee:35:af:63:f9:b4:91:7d:db:5b:56:4b:cc:e2:
                    1e:b0:5e:3a:0f:69:92:20:80:9c:30:70:48:9a:6c:
                    a8:34:6f:40:af:c8:3a:43:b5:31:7d:ad:7d:d6:ef:
                    c0:77:74:37:67:ec:52:75:fe:0d:02:8c:95:25:2a:
                    f7:24:4f:82:0c:20:00:55:52:24:cd:44:d0:42:32:
                    ea:cd:98:9e:bd:98:df:bb:62:73:f8:0a:40:19:24:
                    56:d0:12:52:50:ea:b5:33:75:9d:ad:b7:45:c3:35:
                    31:5d:f8:c0:8d:1d:fa:e0:52:9e:7b:8e:c1:da:48:
                    2d:c5:d3:1e:52:62:a5:22:5b:9f:89:52:1d:0f:d2:
                    7c:dd:63:42:09:7a:dc:dd:34:f8:d7:10:20:e7:db:
                    9e:a1:83:c0:41:ba:90:5e:e7:22:bd:fa:56:eb:e2:
                    b4:29:47:3e:f3:0d:8b:04:49:b9:e7:3d:7a:0d:b0:
                    05:82:de:a0:bd:92:a5:cc:48:bf:ae:81:87:71:eb:
                    1c:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:D5:13:0D:EA:E3:E5:29:01:34:F4:82:FF:8D:03:0A:CF:FB:C3:27
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/o9UTDerj5SkBNPSC_40DCs_7wyc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a080::/44
                  2a14:67c1:b000::/48

    Signature Algorithm: sha256WithRSAEncryption
         db:4e:bd:39:55:c9:1a:9f:b4:4f:e9:9d:44:c3:74:bf:ab:89:
         81:bd:74:33:ca:d9:21:04:00:6d:74:f7:a3:12:5c:f5:b0:3a:
         11:5c:64:84:a9:9f:0e:45:48:e3:1b:89:c5:4a:e7:5d:22:b6:
         ee:1c:12:6f:f4:fb:fb:aa:d6:9a:7b:ad:ab:91:c1:5e:e2:da:
         ce:ab:e4:cb:5a:1d:c6:c7:81:3c:af:dd:cc:f9:c8:f5:c8:62:
         13:0b:99:98:a9:75:9c:9a:19:81:4c:aa:19:81:8d:49:e3:32:
         89:8b:3c:f4:6b:be:d8:3f:60:a2:93:8b:95:91:39:c7:d1:e1:
         bd:11:45:5f:0b:b6:f0:5d:69:c2:36:26:0f:57:0a:30:18:cd:
         ab:95:98:dc:ff:ae:52:54:2d:e0:e4:3f:5b:80:d9:5a:86:c5:
         6c:61:36:db:3d:9c:40:07:74:75:54:b7:e5:73:63:b8:6f:5d:
         0c:b8:b6:30:09:00:7c:a3:93:9c:49:3a:43:3b:88:b3:6e:7c:
         26:fc:ad:08:c1:f8:0a:0a:b7:b8:e2:ba:d6:86:71:05:d4:b4:
         d0:84:43:98:df:93:5c:aa:62:80:0e:ac:e3:99:93:a7:1d:e6:
         0f:df:9a:b6:24:92:e9:b2:dc:37:b8:91:5f:cc:a4:4d:12:e0:
         93:be:ff:ab
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbuK4DKnZY84Fl9TlGQHnGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNTIwMTQ0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2Q1MTMwZGVhZTNlNTI5MDEzNGY0ODJmZjhkMDMwYWNmZmJjMzI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQp/fZ2awLrBPYX8kblivgH0qln/
LIaclynY3/Sjy2xBaYYCDTQ/zWred9K3b+o0t+39C1vTpJyzvVQJ7jWvY/m0kX3b
W1ZLzOIesF46D2mSIICcMHBImmyoNG9Ar8g6Q7Uxfa191u/Ad3Q3Z+xSdf4NAoyV
JSr3JE+CDCAAVVIkzUTQQjLqzZievZjfu2Jz+ApAGSRW0BJSUOq1M3WdrbdFwzUx
XfjAjR364FKee47B2kgtxdMeUmKlIlufiVIdD9J83WNCCXrc3TT41xAg59ueoYPA
QbqQXucivfpW6+K0KUc+8w2LBEm55z16DbAFgt6gvZKlzEi/roGHcesclwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKPVEw3q4+UpATT0gv+NAwrP+8MnMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvbzlVVERlcmo1U2tCTlBTQ180MERDc183d3ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhRnwaCA
AwcAKhRnwbAAMA0GCSqGSIb3DQEBCwUAA4IBAQDbTr05Vckan7RP6Z1Ew3S/q4mB
vXQzytkhBABtdPejElz1sDoRXGSEqZ8ORUjjG4nFSuddIrbuHBJv9Pv7qtaae62r
kcFe4trOq+TLWh3Gx4E8r93M+cj1yGITC5mYqXWcmhmBTKoZgY1J4zKJizz0a77Y
P2Cik4uVkTnH0eG9EUVfC7bwXWnCNiYPVwowGM2rlZjc/65SVC3g5D9bgNlahsVs
YTbbPZxAB3R1VLflc2O4b10MuLYwCQB8o5OcSTpDO4izbnwm/K0IwfgKCre44rrW
hnEF1LTQhEOY35NcqmKADqzjmZOnHeYP35q2JJLpstw3uJFfzKRNEuCTvv+r
-----END CERTIFICATE-----