Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/vYbrgEe3s8Xwnk2Q-tdDi9pP67w.roa
File:                     vYbrgEe3s8Xwnk2Q-tdDi9pP67w.roa (raw, json)
Hash identifier:          sZUqyUqxvAk47zVadoETy0k/ei7YYrQheQqMZd0wsOs=
Subject key identifier:   BD:86:EB:80:47:B7:B3:C5:F0:9E:4D:90:FA:D7:43:8B:DA:4F:EB:BC
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019E8D730A7DEFC9D61040E39A88B0F75E26
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/vYbrgEe3s8Xwnk2Q-tdDi9pP67w.roa
Signing time:             Wed 03 Jun 2026 12:26:27 +0000
ROA not before:           Wed 03 Jun 2026 12:26:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25085
IP address blocks:        2a14:67c1:c700::/48 maxlen: 48
                          2a14:67c1:c701::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:8d:73:0a:7d:ef:c9:d6:10:40:e3:9a:88:b0:f7:5e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jun  3 12:26:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd86eb8047b7b3c5f09e4d90fad7438bda4febbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:8b:fb:56:e4:a8:a2:e6:3e:47:e1:5c:07:ec:
                    66:00:09:75:83:d6:85:8c:2d:db:01:01:75:d3:bb:
                    2e:d0:0c:96:a1:90:45:9b:d0:5e:12:be:3b:d3:24:
                    7c:68:5e:09:ec:5b:f7:b0:51:dd:14:6e:f3:c8:b3:
                    3c:5e:1f:ac:a0:ce:84:4d:1a:30:63:c5:ef:cd:14:
                    7d:cf:13:34:3b:9b:77:f7:84:43:6f:11:fa:a5:ae:
                    1a:49:99:e6:43:74:07:e1:d3:3b:ea:3e:a1:fd:0e:
                    26:c3:b8:8e:1f:4c:18:41:b1:13:ae:3b:e0:c5:37:
                    14:7f:df:26:bb:43:9b:e5:dd:f7:b2:59:77:a5:aa:
                    f6:72:93:b4:4f:74:69:65:19:15:16:f4:4f:7b:e1:
                    1d:b7:cc:1f:cb:2e:43:f9:0f:d8:ad:e9:29:11:aa:
                    7c:61:c8:3b:a5:02:ca:32:3a:8c:e7:2e:2c:e8:bf:
                    c9:a8:03:7f:79:61:7e:03:14:57:a4:b8:8f:49:18:
                    2c:2e:9b:56:a9:86:8f:6d:68:0f:d8:0a:91:df:c9:
                    e2:bc:b7:fe:c7:7f:2e:fc:04:20:88:1d:68:fc:18:
                    fd:70:b5:b8:e8:5d:d6:99:d1:b2:6b:77:05:18:b2:
                    0e:0c:b4:6e:18:39:c3:21:66:f2:69:d8:70:ca:b1:
                    49:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:86:EB:80:47:B7:B3:C5:F0:9E:4D:90:FA:D7:43:8B:DA:4F:EB:BC
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/vYbrgEe3s8Xwnk2Q-tdDi9pP67w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:c700::/47

    Signature Algorithm: sha256WithRSAEncryption
         3a:de:29:61:6c:aa:2d:db:6a:14:4f:26:33:1e:43:35:f6:1c:
         5d:2b:fc:9f:bf:dd:e3:93:34:5f:d6:eb:dd:1c:41:bf:f7:17:
         dd:57:10:e9:1b:85:0e:0b:65:9a:52:8a:de:74:11:1f:23:be:
         b3:5a:d1:0b:d8:65:a0:6d:7c:b3:a7:0b:49:3a:b7:8d:59:5c:
         72:93:73:fa:44:37:da:9c:7d:4c:04:03:a1:32:e5:45:46:20:
         fe:4f:86:30:7f:4d:9b:09:b7:e2:00:74:06:fb:01:ce:95:69:
         d5:e5:d5:22:a3:21:d2:61:f1:de:e5:f8:f1:11:78:09:f1:22:
         b5:c5:e7:92:f6:fe:6d:a4:5e:8e:2c:3a:b5:f9:16:16:87:b4:
         da:87:f7:95:15:b0:75:1c:77:bd:1b:f0:45:cf:47:26:d0:3c:
         66:72:26:00:e7:35:07:19:6b:6c:ca:62:4f:4d:75:15:c3:5e:
         8f:6b:ef:a1:88:15:16:31:68:c1:cf:ae:8f:46:ba:9b:4d:8c:
         b7:9b:a6:74:79:f4:3b:60:5e:e7:bb:9f:5e:8d:66:f4:41:61:
         1c:04:f3:a4:f5:07:ee:62:69:75:e4:89:9e:cf:6f:a1:ec:26:
         3b:c4:10:3e:65:54:1b:0b:d0:31:63:82:7b:b7:ad:4a:a8:9e:
         0e:d5:e3:3b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6Ncwp978nWEEDjmoiw914mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNjAzMTIyNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDg2ZWI4MDQ3YjdiM2M1ZjA5ZTRkOTBmYWQ3NDM4YmRhNGZlYmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyIv7VuSoouY+R+FcB+xmAAl1g9aF
jC3bAQF107su0AyWoZBFm9BeEr470yR8aF4J7Fv3sFHdFG7zyLM8Xh+soM6ETRow
Y8XvzRR9zxM0O5t394RDbxH6pa4aSZnmQ3QH4dM76j6h/Q4mw7iOH0wYQbETrjvg
xTcUf98mu0Ob5d33sll3par2cpO0T3RpZRkVFvRPe+Edt8wfyy5D+Q/YrekpEap8
Ycg7pQLKMjqM5y4s6L/JqAN/eWF+AxRXpLiPSRgsLptWqYaPbWgP2AqR38nivLf+
x38u/AQgiB1o/Bj9cLW46F3WmdGya3cFGLIODLRuGDnDIWbyadhwyrFJ1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFL2G64BHt7PF8J5NkPrXQ4vaT+u8MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvdllicmdFZTNzOFh3bmsyUS10ZERpOXBQNjd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhRnwccA
MA0GCSqGSIb3DQEBCwUAA4IBAQA63ilhbKot22oUTyYzHkM19hxdK/yfv93jkzRf
1uvdHEG/9xfdVxDpG4UOC2WaUoredBEfI76zWtEL2GWgbXyzpwtJOreNWVxyk3P6
RDfanH1MBAOhMuVFRiD+T4Ywf02bCbfiAHQG+wHOlWnV5dUioyHSYfHe5fjxEXgJ
8SK1xeeS9v5tpF6OLDq1+RYWh7Tah/eVFbB1HHe9G/BFz0cm0DxmciYA5zUHGWts
ymJPTXUVw16Pa++hiBUWMWjBz66PRrqbTYy3m6Z0efQ7YF7nu59ejWb0QWEcBPOk
9QfuYml15Imez2+h7CY7xBA+ZVQbC9AxY4J7t61KqJ4O1eM7
-----END CERTIFICATE-----