Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/FK7pSi84dUbTsWRnptOtD8c2Lwk.roa
File:                     FK7pSi84dUbTsWRnptOtD8c2Lwk.roa (raw, json)
Hash identifier:          4/tEmXo+EvQe4T0BfzDmel2pOzZuercBXbtv5UuJe0w=
Subject key identifier:   14:AE:E9:4A:2F:38:75:46:D3:B1:64:67:A6:D3:AD:0F:C7:36:2F:09
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019D61504E34002C4E6A2C231FDD4976B1A1
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/FK7pSi84dUbTsWRnptOtD8c2Lwk.roa
Signing time:             Mon 06 Apr 2026 05:42:26 +0000
ROA not before:           Mon 06 Apr 2026 05:42:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202939
IP address blocks:        2a14:67c2:300::/40 maxlen: 48
                          2a14:67c2:3f0::/48 maxlen: 48
                          2a14:67c2:3f1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:61:50:4e:34:00:2c:4e:6a:2c:23:1f:dd:49:76:b1:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr  6 05:42:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=14aee94a2f387546d3b16467a6d3ad0fc7362f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:7b:f9:d7:56:95:b3:20:4e:90:7f:b1:4e:f8:
                    fd:5e:48:21:98:78:57:b9:2d:24:25:7d:8f:55:fc:
                    9f:71:92:31:9b:a1:fd:3c:0c:b9:5a:b7:8e:3b:b7:
                    1b:d1:28:04:e1:f3:a1:da:79:15:d4:09:ac:65:de:
                    0d:c8:ac:a9:57:31:7f:d4:11:b5:2f:2f:75:54:18:
                    03:5d:5c:c3:bd:bc:91:d9:cf:67:fa:6c:97:10:6e:
                    32:24:ea:15:07:1c:eb:bb:25:50:1d:53:5a:53:33:
                    8a:b5:53:c1:f8:58:48:6c:e1:e1:c0:36:1a:55:a7:
                    e6:78:c7:b7:d8:b6:00:e5:2a:8b:78:ba:8c:ec:c3:
                    c4:6a:58:41:76:ff:48:fe:be:4b:95:4f:c5:78:7a:
                    88:01:48:6f:f7:85:7e:45:c1:3c:ed:4e:db:e4:cd:
                    88:23:9a:48:48:f6:96:39:0c:07:8c:b5:68:f1:ab:
                    92:37:38:7d:96:80:60:92:b0:73:77:e2:a4:a1:00:
                    88:ee:34:78:eb:75:d5:9e:2a:ed:d7:e9:ee:75:27:
                    ce:ff:2e:1c:20:e4:d3:88:e0:0a:eb:d3:ea:ce:8d:
                    59:b8:eb:da:c5:ac:45:54:85:9e:1c:ff:ef:e7:fe:
                    e8:25:f2:6d:91:79:b6:6a:39:6c:24:0a:fa:ba:f5:
                    c0:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:AE:E9:4A:2F:38:75:46:D3:B1:64:67:A6:D3:AD:0F:C7:36:2F:09
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/FK7pSi84dUbTsWRnptOtD8c2Lwk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c2:300::/40

    Signature Algorithm: sha256WithRSAEncryption
         ad:0f:6d:3f:06:e0:6a:fa:11:ab:81:3b:b6:d3:cb:c9:bf:42:
         d4:6c:04:64:07:2f:af:ea:0d:c8:ff:dc:1d:fd:68:34:8a:cb:
         4a:9f:89:e5:f2:f0:bf:36:76:a2:d9:a0:3a:da:ce:80:d4:b5:
         98:97:8d:d4:05:c7:e5:41:fd:8a:19:49:19:cc:49:85:98:c6:
         81:7f:5b:4e:9f:44:f8:3d:a2:00:af:6d:8d:4e:c8:2f:07:a0:
         ea:0a:ad:88:ce:7e:1b:0c:c9:b4:3d:7f:9e:4b:99:da:9f:96:
         93:a8:3a:b0:24:ff:3f:20:ad:44:65:2f:7f:f8:82:7a:0e:48:
         69:d0:fc:bf:65:df:3f:2c:bd:20:08:af:75:a9:c0:14:0f:e6:
         30:39:bb:97:f5:25:c1:25:f2:e9:a3:d7:f8:b6:91:2c:2a:73:
         c1:f0:50:12:64:fd:8e:94:75:9d:aa:03:8c:fd:53:15:46:dc:
         83:a5:fc:11:ac:b1:0e:50:ad:8a:db:c5:e2:a4:d4:c5:c4:33:
         35:82:c3:46:c8:a4:a0:1d:9a:7b:28:bc:bf:e6:d2:f1:65:41:
         ab:7b:6f:ce:b6:79:e2:24:e8:9a:d8:7f:6f:d7:4b:e2:d9:32:
         1c:7a:47:e8:c6:bf:62:19:0e:8f:8a:9f:f9:d8:e6:e7:fb:22:
         59:e2:03:04
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ1hUE40ACxOaiwjH91JdrGhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNDA2MDU0MjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGFlZTk0YTJmMzg3NTQ2ZDNiMTY0NjdhNmQzYWQwZmM3MzYyZjA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXv511aVsyBOkH+xTvj9XkghmHhX
uS0kJX2PVfyfcZIxm6H9PAy5WreOO7cb0SgE4fOh2nkV1AmsZd4NyKypVzF/1BG1
Ly91VBgDXVzDvbyR2c9n+myXEG4yJOoVBxzruyVQHVNaUzOKtVPB+FhIbOHhwDYa
VafmeMe32LYA5SqLeLqM7MPEalhBdv9I/r5LlU/FeHqIAUhv94V+RcE87U7b5M2I
I5pISPaWOQwHjLVo8auSNzh9loBgkrBzd+KkoQCI7jR463XVnirt1+nudSfO/y4c
IOTTiOAK69Pqzo1ZuOvaxaxFVIWeHP/v5/7oJfJtkXm2ajlsJAr6uvXAvQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFBSu6UovOHVG07FkZ6bTrQ/HNi8JMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvRks3cFNpODRkVWJUc1dSbnB0T3REOGMyTHdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwgMw
DQYJKoZIhvcNAQELBQADggEBAK0PbT8G4Gr6EauBO7bTy8m/QtRsBGQHL6/qDcj/
3B39aDSKy0qfieXy8L82dqLZoDrazoDUtZiXjdQFx+VB/YoZSRnMSYWYxoF/W06f
RPg9ogCvbY1OyC8HoOoKrYjOfhsMybQ9f55LmdqflpOoOrAk/z8grURlL3/4gnoO
SGnQ/L9l3z8svSAIr3WpwBQP5jA5u5f1JcEl8umj1/i2kSwqc8HwUBJk/Y6UdZ2q
A4z9UxVG3IOl/BGssQ5QrYrbxeKk1MXEMzWCw0bIpKAdmnsovL/m0vFlQat7b862
eeIk6JrYf2/XS+LZMhx6R+jGv2IZDo+Kn/nY5uf7IlniAwQ=
-----END CERTIFICATE-----