Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/yrGwIrOAoK4xGr48AVRHObfwyXY.roa
File:                     yrGwIrOAoK4xGr48AVRHObfwyXY.roa (raw, json)
Hash identifier:          d3caYyvsL3nZRCJFU4/IMUWrcjQnNkKCMk7Kak+q1oY=
Subject key identifier:   CA:B1:B0:22:B3:80:A0:AE:31:1A:BE:3C:01:54:47:39:B7:F0:C9:76
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019E6341D1994BE22DC854AB8F6B9B44B656
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/yrGwIrOAoK4xGr48AVRHObfwyXY.roa
Signing time:             Tue 26 May 2026 07:48:38 +0000
ROA not before:           Tue 26 May 2026 07:48:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205548
IP address blocks:        2a14:67c1:c800::/40 maxlen: 48
                          2a14:67c1:c800::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 09:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:63:41:d1:99:4b:e2:2d:c8:54:ab:8f:6b:9b:44:b6:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: May 26 07:48:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cab1b022b380a0ae311abe3c01544739b7f0c976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7a:84:b5:0c:e2:70:13:2f:d7:01:3e:12:a0:
                    8d:04:8d:9a:98:f7:26:2a:95:e8:5c:d3:97:e3:35:
                    e7:59:3f:72:ed:ec:8e:ba:6f:66:b9:c4:bb:27:a3:
                    5b:fb:b5:c4:08:17:6b:14:e8:fa:10:ce:62:3b:db:
                    de:bb:6d:e4:43:89:35:3d:6d:b2:ff:cb:22:b3:fb:
                    81:7d:9d:33:e8:a2:f9:87:54:c4:c6:f7:ce:b8:06:
                    25:f1:1d:b7:ec:5a:40:11:a4:79:71:32:87:50:96:
                    87:3b:ee:13:14:03:54:4d:21:68:56:b8:ff:5d:fd:
                    0b:f4:23:25:1d:be:d2:7c:73:8a:c9:70:82:99:48:
                    05:4b:b3:0c:6c:c7:c9:a5:f9:b1:9f:70:f0:20:e4:
                    f4:b9:eb:ac:c3:2c:eb:fb:4f:b2:14:4a:88:4b:27:
                    94:ba:a5:d9:d0:07:e6:db:96:07:9d:be:12:7f:2d:
                    4b:58:c1:ca:e9:33:c6:be:16:b3:24:75:99:45:4f:
                    ed:99:b4:e9:76:8a:0c:81:c1:1b:b7:27:97:dc:2a:
                    72:14:4c:0e:e0:6a:76:4c:b1:46:c3:76:a3:9e:1d:
                    83:ec:a8:89:18:ad:02:e5:d5:1c:9d:c8:07:99:45:
                    04:37:de:58:74:e0:e5:e5:df:a4:7d:e0:22:a7:57:
                    3b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:B1:B0:22:B3:80:A0:AE:31:1A:BE:3C:01:54:47:39:B7:F0:C9:76
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/yrGwIrOAoK4xGr48AVRHObfwyXY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         9f:9a:1c:f8:8e:80:20:ba:0a:a7:0f:b6:c4:a9:cf:ba:bd:ad:
         18:e6:1f:57:54:d4:de:cb:56:11:09:d2:3d:b5:7b:67:93:f8:
         ed:45:94:a0:34:35:17:48:69:ca:53:a4:70:63:16:79:43:85:
         fc:43:1c:71:b6:27:81:69:6e:e4:28:be:55:7d:5e:13:5f:84:
         34:d8:2f:0b:38:93:d5:86:ad:cd:df:35:49:aa:3b:60:d9:66:
         5c:35:83:ae:ff:a8:18:f2:d3:89:3f:d3:29:c2:5f:35:26:ed:
         fe:51:0d:96:ba:94:01:20:15:bf:a9:68:ba:5b:6a:01:aa:69:
         e9:d9:c1:94:55:74:2f:54:4f:ae:9a:12:a7:99:ba:01:fe:f4:
         ab:ed:f1:b8:43:63:a1:c5:e7:07:a1:60:09:2c:53:ed:df:41:
         a0:60:d8:bb:e9:ec:63:ad:26:c1:ca:3b:db:f9:3e:60:41:fd:
         49:64:2e:28:54:b1:8c:b6:ca:cb:cc:67:9f:26:8c:c0:82:5e:
         f8:c8:50:41:3a:07:c3:23:d6:e2:83:1e:27:a6:93:2c:9c:3b:
         1f:42:bb:97:c2:6e:13:35:a4:aa:9d:9b:d1:c6:1a:51:6b:07:
         b0:3f:11:7f:02:ab:3a:22:d9:70:67:3c:b9:78:f1:88:62:f4:
         4d:fa:b9:b7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ5jQdGZS+ItyFSrj2ubRLZWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNTI2MDc0ODM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWIxYjAyMmIzODBhMGFlMzExYWJlM2MwMTU0NDczOWI3ZjBjOTc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnqEtQzicBMv1wE+EqCNBI2amPcm
KpXoXNOX4zXnWT9y7eyOum9mucS7J6Nb+7XECBdrFOj6EM5iO9veu23kQ4k1PW2y
/8sis/uBfZ0z6KL5h1TExvfOuAYl8R237FpAEaR5cTKHUJaHO+4TFANUTSFoVrj/
Xf0L9CMlHb7SfHOKyXCCmUgFS7MMbMfJpfmxn3DwIOT0ueuswyzr+0+yFEqISyeU
uqXZ0Afm25YHnb4Sfy1LWMHK6TPGvhazJHWZRU/tmbTpdooMgcEbtyeX3CpyFEwO
4Gp2TLFGw3ajnh2D7KiJGK0C5dUcncgHmUUEN95YdODl5d+kfeAip1c7qQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMqxsCKzgKCuMRq+PAFURzm38Ml2MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEveXJHd0lyT0FvSzR4R3I0OEFWUkhPYmZ3eVhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwcgw
DQYJKoZIhvcNAQELBQADggEBAJ+aHPiOgCC6CqcPtsSpz7q9rRjmH1dU1N7LVhEJ
0j21e2eT+O1FlKA0NRdIacpTpHBjFnlDhfxDHHG2J4FpbuQovlV9XhNfhDTYLws4
k9WGrc3fNUmqO2DZZlw1g67/qBjy04k/0ynCXzUm7f5RDZa6lAEgFb+paLpbagGq
aenZwZRVdC9UT66aEqeZugH+9Kvt8bhDY6HF5wehYAksU+3fQaBg2Lvp7GOtJsHK
O9v5PmBB/UlkLihUsYy2ysvMZ58mjMCCXvjIUEE6B8Mj1uKDHiemkyycOx9Cu5fC
bhM1pKqdm9HGGlFrB7A/EX8Cqzoi2XBnPLl48Yhi9E36ubc=
-----END CERTIFICATE-----