Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CAV0CFwhVW1XJUOsodr5UE5XdN4.roa
File:                     CAV0CFwhVW1XJUOsodr5UE5XdN4.roa (raw, json)
Hash identifier:          xOmO9UzAROheiJXJcaxQ0UI54Ie5l9CIOrhOIFpj7PY=
Subject key identifier:   08:05:74:08:5C:21:55:6D:57:25:43:AC:A1:DA:F9:50:4E:57:74:DE
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019D645A8118DB0A108652883E39BF87E56F
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CAV0CFwhVW1XJUOsodr5UE5XdN4.roa
Signing time:             Mon 06 Apr 2026 19:52:26 +0000
ROA not before:           Mon 06 Apr 2026 19:52:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211038
IP address blocks:        2a14:67c1:b300::/40 maxlen: 48
                          2a14:67c1:b300::/48 maxlen: 48
                          2a14:67c1:b301::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:64:5a:81:18:db:0a:10:86:52:88:3e:39:bf:87:e5:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr  6 19:52:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=080574085c21556d572543aca1daf9504e5774de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f6:a1:f4:c6:48:7b:cb:46:20:23:66:27:06:
                    aa:4a:d4:5d:6c:bf:87:79:f1:ac:7e:13:4b:37:48:
                    86:ba:bf:4b:f0:8c:35:ae:d3:00:1e:2f:fe:5c:42:
                    eb:14:6c:f4:cd:70:dc:9b:96:59:be:09:f6:57:fb:
                    4f:27:87:e1:3e:77:0f:d1:75:26:04:de:a2:92:cf:
                    06:90:00:db:bc:76:14:ac:d4:d6:c9:8f:8c:3c:13:
                    05:3b:13:3e:60:dd:d2:eb:c2:ef:5c:ee:f7:5c:d3:
                    e1:4a:36:e3:f0:57:4c:fb:05:9f:59:e4:85:e5:b9:
                    2f:b7:6b:00:4b:69:1d:26:b2:0d:db:9e:5a:72:04:
                    70:f8:1b:1e:25:6e:28:e4:d0:70:e5:22:23:f5:c3:
                    4e:d3:cc:13:52:2c:72:ae:62:eb:61:6f:dd:45:47:
                    da:d9:1b:c9:12:8b:e5:ef:5e:49:0f:46:17:cc:a3:
                    37:d6:19:6e:31:c4:e2:a8:01:a5:41:7d:98:b1:8d:
                    9e:85:c4:ab:27:eb:f5:8b:3d:c5:e7:f7:f3:4d:2d:
                    0d:f5:ae:ef:25:28:fc:7d:8f:35:93:03:cb:0f:9b:
                    a4:17:13:fc:aa:9a:6c:c0:72:15:bc:63:ba:ef:da:
                    f9:df:8e:f1:72:3f:9f:81:f7:67:99:ad:73:9d:df:
                    6b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:05:74:08:5C:21:55:6D:57:25:43:AC:A1:DA:F9:50:4E:57:74:DE
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/CAV0CFwhVW1XJUOsodr5UE5XdN4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b300::/40

    Signature Algorithm: sha256WithRSAEncryption
         76:c7:9a:db:e0:78:e9:2a:eb:93:04:c2:56:eb:b6:d3:01:09:
         d8:ee:ff:bf:58:79:7d:2e:1e:70:1f:2a:04:6d:ca:c0:c9:2d:
         53:1a:78:94:d0:9b:11:11:ba:ca:e3:e5:31:62:07:08:e3:19:
         54:be:dd:60:66:cf:f2:fc:64:54:96:a3:e9:3d:57:b9:c5:ca:
         22:f5:37:eb:3b:ca:f7:29:70:ee:35:7e:e2:64:c5:9c:15:ce:
         f6:b4:7e:fd:f2:96:c5:47:9a:8f:67:42:c1:b1:e4:68:be:0a:
         2d:ca:5c:79:be:be:f0:79:e1:cd:ae:95:7f:34:04:75:90:fc:
         f8:67:20:ed:a0:91:4c:57:7c:b6:9b:e8:1d:62:ac:e3:b3:d3:
         3a:85:c9:92:1c:23:10:dd:9e:6a:66:b0:4a:c7:cc:70:2d:65:
         40:8c:70:28:ed:3f:bf:46:a7:16:da:13:d6:c4:57:85:79:ea:
         c7:e1:b5:27:a4:75:73:8d:80:1b:ac:4c:36:08:1a:63:e2:34:
         11:1e:44:3e:7c:7d:f9:1e:0f:54:80:28:1a:70:c6:57:d5:93:
         e6:5c:26:fa:0e:cc:78:a9:f1:1c:dc:9f:b3:6d:06:8d:4a:f8:
         a1:91:74:2c:77:02:b7:55:fb:25:f2:aa:6b:c5:a3:15:4a:dc:
         f1:f7:74:25
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ1kWoEY2woQhlKIPjm/h+VvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNDA2MTk1MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODA1NzQwODVjMjE1NTZkNTcyNTQzYWNhMWRhZjk1MDRlNTc3NGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/ah9MZIe8tGICNmJwaqStRdbL+H
efGsfhNLN0iGur9L8Iw1rtMAHi/+XELrFGz0zXDcm5ZZvgn2V/tPJ4fhPncP0XUm
BN6iks8GkADbvHYUrNTWyY+MPBMFOxM+YN3S68LvXO73XNPhSjbj8FdM+wWfWeSF
5bkvt2sAS2kdJrIN255acgRw+BseJW4o5NBw5SIj9cNO08wTUixyrmLrYW/dRUfa
2RvJEovl715JD0YXzKM31hluMcTiqAGlQX2YsY2ehcSrJ+v1iz3F5/fzTS0N9a7v
JSj8fY81kwPLD5ukFxP8qppswHIVvGO679r5347xcj+fgfdnma1znd9rBwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFAgFdAhcIVVtVyVDrKHa+VBOV3TeMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvQ0FWMENGd2hWVzFYSlVPc29kcjVVRTVYZE40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwbMw
DQYJKoZIhvcNAQELBQADggEBAHbHmtvgeOkq65MEwlbrttMBCdju/79YeX0uHnAf
KgRtysDJLVMaeJTQmxERusrj5TFiBwjjGVS+3WBmz/L8ZFSWo+k9V7nFyiL1N+s7
yvcpcO41fuJkxZwVzva0fv3ylsVHmo9nQsGx5Gi+Ci3KXHm+vvB54c2ulX80BHWQ
/PhnIO2gkUxXfLab6B1irOOz0zqFyZIcIxDdnmpmsErHzHAtZUCMcCjtP79Gpxba
E9bEV4V56sfhtSekdXONgBusTDYIGmPiNBEeRD58ffkeD1SAKBpwxlfVk+ZcJvoO
zHip8Rzcn7NtBo1K+KGRdCx3ArdV+yXyqmvFoxVK3PH3dCU=
-----END CERTIFICATE-----