Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/pCE1baMGsmwCYXSEoEEcUwBkH8o.roa
File:                     pCE1baMGsmwCYXSEoEEcUwBkH8o.roa (raw, json)
Hash identifier:          GsYlVdD3sX0x5By8y8crNFzjEYXJ2ZK0i/TeckVJ2AY=
Subject key identifier:   A4:21:35:6D:A3:06:B2:6C:02:61:74:84:A0:41:1C:53:00:64:1F:CA
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01943BDCE264C642765B652C24A4C441FE04
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/pCE1baMGsmwCYXSEoEEcUwBkH8o.roa
Signing time:             Mon 06 Jan 2025 13:45:18 +0000
ROA not before:           Mon 06 Jan 2025 13:45:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213629
IP address blocks:        2a14:67c1:a010::/44 maxlen: 48
                          2a14:67c5::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:3b:dc:e2:64:c6:42:76:5b:65:2c:24:a4:c4:41:fe:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jan  6 13:45:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a421356da306b26c02617484a0411c5300641fca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:58:7c:c2:0a:ac:dd:7c:28:2f:83:8f:8f:55:
                    4b:32:f9:81:92:63:09:02:74:7c:e1:4c:f9:09:37:
                    03:94:f0:58:bc:9a:04:5f:3c:f6:7b:12:35:dc:95:
                    fa:cb:74:91:85:69:bb:3a:7c:75:f9:8e:4f:c4:7a:
                    c0:8a:be:6b:62:4a:81:31:21:b0:a7:4d:b6:09:dc:
                    1b:7e:31:92:44:4b:54:0d:18:5c:c1:f0:50:03:bb:
                    30:b9:2f:b5:81:dd:19:cc:a6:ba:9e:e2:99:cb:fa:
                    c6:c8:53:24:b8:08:a9:07:1c:c6:42:1c:c0:7a:37:
                    2f:cc:64:28:90:69:4c:97:9a:c0:7a:a2:63:7a:4f:
                    14:35:44:97:73:ac:8e:41:6f:6d:5a:17:e2:af:83:
                    df:ce:53:48:65:cf:5e:a0:b3:93:f7:4c:e3:38:9a:
                    89:e8:9e:96:07:7e:1a:52:3f:24:6b:59:81:6a:93:
                    b8:3d:20:0b:6f:9b:b2:1c:1f:b1:40:a1:81:7c:e5:
                    98:9e:c5:ab:a8:ef:fb:34:77:4f:38:70:54:cf:9b:
                    36:bb:17:9b:30:20:f5:ab:82:9f:a0:e0:13:35:05:
                    b2:14:d3:a3:0c:97:cf:e9:20:b2:7b:8b:d9:98:1a:
                    ce:f7:09:a5:47:7f:de:3a:b5:c7:c8:54:8a:4f:a9:
                    3a:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:21:35:6D:A3:06:B2:6C:02:61:74:84:A0:41:1C:53:00:64:1F:CA
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/pCE1baMGsmwCYXSEoEEcUwBkH8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a010::/44
                  2a14:67c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:a2:b6:2a:fd:18:da:90:62:58:e2:f9:11:e7:4a:25:8a:93:
         46:dd:7b:7c:80:bf:1c:07:fa:dd:22:d9:61:fa:18:90:39:07:
         04:c5:20:37:3b:07:d7:ed:d5:0d:98:01:a8:ff:4e:f1:e6:45:
         db:50:c3:bd:42:7a:fd:24:35:68:9d:ee:01:47:3c:ad:59:b2:
         79:ee:b9:d7:18:f9:0a:5d:e5:6d:bf:0a:49:c4:66:1b:e7:cf:
         91:19:de:88:0e:f1:bc:6a:00:09:49:cb:6c:03:40:69:6e:f2:
         b6:33:01:f3:39:25:f7:db:75:47:9d:72:02:ad:9b:f4:bf:a2:
         fd:30:1d:22:28:30:3d:dc:7c:49:05:ef:b1:94:ef:d5:91:be:
         0d:9f:5d:6e:67:ba:14:33:72:61:2b:26:1d:cf:59:cb:02:16:
         b0:ef:4d:fa:5a:29:e5:9b:8d:0f:68:68:a6:7e:9a:bd:02:82:
         d6:b7:ac:79:5f:0f:56:4f:86:89:35:e6:c1:d3:db:e9:28:b9:
         6a:82:1b:f5:1e:ec:91:ab:c9:6c:ab:83:28:ea:5e:2b:63:b3:
         78:1e:51:de:db:a7:44:d0:0f:4e:06:c4:2a:dd:14:a5:6e:a2:
         3c:5d:b6:a0:be:13:19:16:b7:91:e6:ab:f1:4c:4a:10:84:d1:
         59:4c:bd:5f
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZQ73OJkxkJ2W2UsJKTEQf4EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwMTA2MTM0NTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDIxMzU2ZGEzMDZiMjZjMDI2MTc0ODRhMDQxMWM1MzAwNjQxZmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA01h8wgqs3XwoL4OPj1VLMvmBkmMJ
AnR84Uz5CTcDlPBYvJoEXzz2exI13JX6y3SRhWm7Onx1+Y5PxHrAir5rYkqBMSGw
p022CdwbfjGSREtUDRhcwfBQA7swuS+1gd0ZzKa6nuKZy/rGyFMkuAipBxzGQhzA
ejcvzGQokGlMl5rAeqJjek8UNUSXc6yOQW9tWhfir4PfzlNIZc9eoLOT90zjOJqJ
6J6WB34aUj8ka1mBapO4PSALb5uyHB+xQKGBfOWYnsWrqO/7NHdPOHBUz5s2uxeb
MCD1q4KfoOATNQWyFNOjDJfP6SCye4vZmBrO9wmlR3/eOrXHyFSKT6k6nQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFKQhNW2jBrJsAmF0hKBBHFMAZB/KMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvcENFMWJhTUdzbXdDWVhTRW9FRWNVd0JrSDhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwcEKhRnwaAQ
AwUAKhRnxTANBgkqhkiG9w0BAQsFAAOCAQEAXqK2Kv0Y2pBiWOL5EedKJYqTRt17
fIC/HAf63SLZYfoYkDkHBMUgNzsH1+3VDZgBqP9O8eZF21DDvUJ6/SQ1aJ3uAUc8
rVmyee651xj5Cl3lbb8KScRmG+fPkRneiA7xvGoACUnLbANAaW7ytjMB8zkl99t1
R51yAq2b9L+i/TAdIigwPdx8SQXvsZTv1ZG+DZ9dbme6FDNyYSsmHc9ZywIWsO9N
+lop5ZuND2hopn6avQKC1reseV8PVk+GiTXmwdPb6Si5aoIb9R7skavJbKuDKOpe
K2OzeB5R3tunRNAPTgbEKt0UpW6iPF22oL4TGRa3kear8UxKEITRWUy9Xw==
-----END CERTIFICATE-----