Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/prJ9B6F4x33f3Q0Rnp1PSkBkTro.roa
File:                     prJ9B6F4x33f3Q0Rnp1PSkBkTro.roa (raw, json)
Hash identifier:          3c4AWEL8deHTQ9C8Ue83dN7XY2fGD3e4pekiCDo6Tj8=
Subject key identifier:   A6:B2:7D:07:A1:78:C7:7D:DF:DD:0D:11:9E:9D:4F:4A:40:64:4E:BA
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0193525A4CCFDE42B58B618475DC379D5D07
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/prJ9B6F4x33f3Q0Rnp1PSkBkTro.roa
Signing time:             Fri 22 Nov 2024 05:31:09 +0000
ROA not before:           Fri 22 Nov 2024 05:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214674
IP address blocks:        2a14:67c1:500::/40 maxlen: 48
                          2a14:67c1:600::/40 maxlen: 48
                          2a14:67c1:1000::/36 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:52:5a:4c:cf:de:42:b5:8b:61:84:75:dc:37:9d:5d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Nov 22 05:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a6b27d07a178c77ddfdd0d119e9d4f4a40644eba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:24:55:f8:79:a0:ad:0e:0e:a4:ab:30:48:44:
                    47:69:01:f8:6c:a6:3a:09:88:09:a5:3a:e7:56:1c:
                    8e:35:2a:a1:55:56:84:c7:60:52:ec:65:2b:f2:16:
                    b2:c5:60:89:3b:f1:ff:cc:89:08:88:45:84:35:54:
                    52:46:53:ba:a3:9a:f3:d7:f0:e5:e3:da:05:c2:01:
                    aa:ca:09:13:7b:e5:31:16:75:91:30:e5:f9:97:89:
                    7d:94:a8:bc:66:59:d3:f1:7e:72:5c:44:dd:cc:4f:
                    81:d8:7b:f2:b7:0f:07:0d:10:81:9a:a1:79:a7:61:
                    67:f3:42:10:be:19:c3:7f:29:94:a2:d7:df:14:d6:
                    df:61:22:45:2d:eb:18:c0:a4:7e:f0:2d:a8:85:6d:
                    30:2b:95:b8:f8:8c:f3:e4:90:14:e8:ab:c0:a5:0e:
                    6a:7b:e3:4a:4a:dc:c4:ae:a4:87:57:e1:7e:e4:1c:
                    f1:64:40:48:0b:69:ff:dc:10:e5:63:21:78:38:6d:
                    b3:5a:a5:33:b3:1d:2c:19:cf:2f:be:11:1a:50:3d:
                    dd:c6:49:dc:51:15:bf:3f:f9:87:d5:62:30:ef:87:
                    cc:74:de:32:6d:9e:08:72:7b:82:ea:5a:4e:c0:e4:
                    e0:9f:5e:e9:8a:e2:5e:cc:a4:e4:a7:ed:cf:aa:3c:
                    a0:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:B2:7D:07:A1:78:C7:7D:DF:DD:0D:11:9E:9D:4F:4A:40:64:4E:BA
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/prJ9B6F4x33f3Q0Rnp1PSkBkTro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:500::-2a14:67c1:6ff:ffff:ffff:ffff:ffff:ffff
                  2a14:67c1:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         10:fb:87:04:b9:f2:52:53:21:46:40:b0:ce:94:fa:bf:07:3d:
         cf:7d:86:72:4f:0c:3f:7e:e9:7a:10:b5:ce:6d:53:c9:3a:fb:
         06:de:c4:c7:b9:fa:e7:d9:67:4f:d9:be:2b:09:ec:bf:e5:5e:
         57:5c:10:7c:d4:26:b4:ba:76:4f:6c:2d:17:6a:5f:b2:95:db:
         68:f6:67:49:b2:9e:88:2b:6e:b0:34:e0:d9:3b:c2:54:23:4a:
         59:55:9a:d9:fb:74:bc:64:06:0e:2a:22:67:6e:8b:b0:93:82:
         3a:fc:3b:68:03:53:74:32:12:7a:c9:a0:d7:40:0e:ee:81:b5:
         0a:ba:5d:ef:92:79:c5:2b:65:d6:6d:26:45:8f:78:1c:de:04:
         fa:67:75:26:75:52:db:88:b5:65:0e:73:bf:16:af:95:0d:e6:
         08:22:3b:f0:8d:da:f5:d3:02:57:3f:a6:a3:77:5f:f7:67:3b:
         d7:22:9e:b2:de:7c:44:a4:95:71:5a:cf:6b:f0:12:5f:c8:a6:
         95:3f:13:df:f7:15:d1:2e:74:24:13:a0:70:76:e3:12:02:93:
         4a:2b:9c:15:fa:e8:0f:85:39:01:4b:39:12:b4:f7:ac:11:dd:
         b9:2e:5c:06:07:0f:b4:80:d8:6e:d5:b0:1d:6f:21:b6:c3:2b:
         d0:64:07:0c
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZNSWkzP3kK1i2GEddw3nV0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjQxMTIyMDUzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmIyN2QwN2ExNzhjNzdkZGZkZDBkMTE5ZTlkNGY0YTQwNjQ0ZWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiRV+HmgrQ4OpKswSERHaQH4bKY6
CYgJpTrnVhyONSqhVVaEx2BS7GUr8hayxWCJO/H/zIkIiEWENVRSRlO6o5rz1/Dl
49oFwgGqygkTe+UxFnWRMOX5l4l9lKi8ZlnT8X5yXETdzE+B2Hvytw8HDRCBmqF5
p2Fn80IQvhnDfymUotffFNbfYSJFLesYwKR+8C2ohW0wK5W4+Izz5JAU6KvApQ5q
e+NKStzErqSHV+F+5BzxZEBIC2n/3BDlYyF4OG2zWqUzsx0sGc8vvhEaUD3dxknc
URW/P/mH1WIw74fMdN4ybZ4IcnuC6lpOwOTgn17piuJezKTkp+3PqjygEQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFKayfQeheMd9390NEZ6dT0pAZE66MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvcHJKOUI2RjR4MzNmM1EwUm5wMVBTa0JrVHJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAAjAaMBADBgAqFGfB
BQMGACoUZ8EGAwYEKhRnwRAwDQYJKoZIhvcNAQELBQADggEBABD7hwS58lJTIUZA
sM6U+r8HPc99hnJPDD9+6XoQtc5tU8k6+wbexMe5+ufZZ0/ZvisJ7L/lXldcEHzU
JrS6dk9sLRdqX7KV22j2Z0mynogrbrA04Nk7wlQjSllVmtn7dLxkBg4qImdui7CT
gjr8O2gDU3QyEnrJoNdADu6BtQq6Xe+SecUrZdZtJkWPeBzeBPpndSZ1UtuItWUO
c78Wr5UN5ggiO/CN2vXTAlc/pqN3X/dnO9cinrLefESklXFaz2vwEl/IppU/E9/3
FdEudCQToHB24xICk0ornBX66A+FOQFLORK096wR3bkuXAYHD7SA2G7VsB1vIbbD
K9BkBww=
-----END CERTIFICATE-----