Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uwJjJYOZ_7DUuDF8wU2KZg0dlOo.roa
File:                     uwJjJYOZ_7DUuDF8wU2KZg0dlOo.roa (raw, json)
Hash identifier:          cA4rHQb9J7DcEiVd1KVksPey2LgBKIyPGl4x9ht8hg0=
Subject key identifier:   BB:02:63:25:83:99:FF:B0:D4:B8:31:7C:C1:4D:8A:66:0D:1D:94:EA
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01973FD65FC8D93AFDDAB49E3E12BFD83D28
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uwJjJYOZ_7DUuDF8wU2KZg0dlOo.roa
Signing time:             Thu 05 Jun 2025 11:25:03 +0000
ROA not before:           Thu 05 Jun 2025 11:25:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207299
IP address blocks:        2a14:67c1:a120::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 14:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:d6:5f:c8:d9:3a:fd:da:b4:9e:3e:12:bf:d8:3d:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jun  5 11:25:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb0263258399ffb0d4b8317cc14d8a660d1d94ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:8b:d6:5f:92:04:03:3c:12:4c:9f:fc:0d:2e:
                    bf:1f:47:39:ac:a9:dc:d2:ce:fa:cf:17:b8:60:c8:
                    0e:01:8f:dc:8e:b2:54:19:68:7e:ae:01:56:1e:b9:
                    67:a1:e7:56:65:1b:b1:d8:25:2f:67:a8:4c:08:8e:
                    35:83:ed:c2:09:53:70:b6:10:99:20:a4:42:26:e0:
                    95:b9:08:41:dc:23:82:fd:c0:cf:2e:c0:6e:a1:9d:
                    d4:1d:b0:c9:76:1a:1c:03:7e:ff:1d:ed:60:0e:61:
                    17:69:b1:ec:f8:81:5d:68:ea:51:af:d4:de:9c:7f:
                    ef:81:52:64:d8:ef:9b:1c:06:48:10:93:f2:e9:21:
                    08:40:16:9c:9c:86:25:01:30:37:7c:3f:00:4b:e4:
                    e2:60:d1:c0:51:c4:49:5c:2e:7b:49:3f:35:9c:9b:
                    a6:04:cf:16:c0:4e:81:ce:0e:80:f1:e8:92:3f:9c:
                    c5:18:44:9c:01:36:1d:02:7b:9c:95:2d:71:e5:c0:
                    00:f9:3f:4d:bb:ac:5b:1c:94:60:c6:2d:e8:c0:e2:
                    5b:08:78:ed:61:82:c1:cf:77:33:37:1c:50:79:78:
                    24:2b:8d:a9:99:01:a0:a1:4c:a9:31:da:f1:c9:94:
                    26:fa:c9:54:a3:4b:4d:39:2b:20:6c:5f:69:31:10:
                    00:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:02:63:25:83:99:FF:B0:D4:B8:31:7C:C1:4D:8A:66:0D:1D:94:EA
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/uwJjJYOZ_7DUuDF8wU2KZg0dlOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a120::/44

    Signature Algorithm: sha256WithRSAEncryption
         cc:1a:45:9d:c1:76:34:25:68:ed:39:d6:8c:6b:dd:2a:d3:37:
         fd:75:b7:ff:bf:f9:b1:9a:90:90:17:3e:6b:b2:6e:c8:17:48:
         30:37:81:77:fe:e2:c0:35:96:c6:ee:02:ba:e0:df:bd:8a:56:
         b4:d4:f5:d2:eb:24:e9:57:5a:44:0c:84:eb:7c:0a:a4:c9:52:
         a1:94:58:f5:48:ee:4b:38:01:1e:11:3c:8f:c8:15:84:57:7c:
         aa:80:e6:b5:e7:ec:44:f8:ee:eb:54:22:63:90:02:68:5b:7a:
         1a:80:91:3f:e8:c9:e0:24:f4:f8:ee:a6:e9:07:7b:8f:7d:97:
         d6:05:bb:36:61:81:10:14:ac:db:ca:63:4f:0d:64:78:5f:5b:
         e3:f8:8e:c5:da:94:ca:ff:4e:e2:3e:1d:d6:78:6b:34:3f:cc:
         ed:87:36:17:94:07:39:06:a0:27:e6:5f:93:94:0f:56:22:6c:
         9a:b4:b3:e4:17:a8:f0:7f:4e:f0:55:73:a1:aa:3f:09:e2:6f:
         56:e3:af:1b:3c:b3:82:c3:ab:dc:c9:97:06:9d:ca:d6:5c:a6:
         44:0c:d7:4d:66:d5:59:cd:2c:f3:78:01:4d:63:e5:38:a5:9b:
         66:5c:d0:ef:fe:bc:47:3a:ec:d2:08:fd:f6:76:fa:5b:42:02:
         7d:92:a7:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZc/1l/I2Tr92rSePhK/2D0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNjA1MTEyNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjAyNjMyNTgzOTlmZmIwZDRiODMxN2NjMTRkOGE2NjBkMWQ5NGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4ovWX5IEAzwSTJ/8DS6/H0c5rKnc
0s76zxe4YMgOAY/cjrJUGWh+rgFWHrlnoedWZRux2CUvZ6hMCI41g+3CCVNwthCZ
IKRCJuCVuQhB3COC/cDPLsBuoZ3UHbDJdhocA37/He1gDmEXabHs+IFdaOpRr9Te
nH/vgVJk2O+bHAZIEJPy6SEIQBacnIYlATA3fD8AS+TiYNHAUcRJXC57ST81nJum
BM8WwE6Bzg6A8eiSP5zFGEScATYdAnuclS1x5cAA+T9Nu6xbHJRgxi3owOJbCHjt
YYLBz3czNxxQeXgkK42pmQGgoUypMdrxyZQm+slUo0tNOSsgbF9pMRAAcQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLsCYyWDmf+w1LgxfMFNimYNHZTqMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvdXdKakpZT1pfN0RVdURGOHdVMktaZzBkbE9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwaEg
MA0GCSqGSIb3DQEBCwUAA4IBAQDMGkWdwXY0JWjtOdaMa90q0zf9dbf/v/mxmpCQ
Fz5rsm7IF0gwN4F3/uLANZbG7gK64N+9ila01PXS6yTpV1pEDITrfAqkyVKhlFj1
SO5LOAEeETyPyBWEV3yqgOa15+xE+O7rVCJjkAJoW3oagJE/6MngJPT47qbpB3uP
fZfWBbs2YYEQFKzbymNPDWR4X1vj+I7F2pTK/07iPh3WeGs0P8zthzYXlAc5BqAn
5l+TlA9WImyatLPkF6jwf07wVXOhqj8J4m9W468bPLOCw6vcyZcGncrWXKZEDNdN
ZtVZzSzzeAFNY+U4pZtmXNDv/rxHOuzSCP32dvpbQgJ9kqe+
-----END CERTIFICATE-----