Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/FkwOPzZWW0aXcCxIr6PlKi6ppBA.roa
File:                     FkwOPzZWW0aXcCxIr6PlKi6ppBA.roa (raw, json)
Hash identifier:          e/JC/XwhB9AlByiFvPqqtgX9MbiULOMel8PbGfX5ZsA=
Subject key identifier:   16:4C:0E:3F:36:56:5B:46:97:70:2C:48:AF:A3:E5:2A:2E:A9:A4:10
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019C2C094E8EB72E5547A7644A51F29FE30D
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/FkwOPzZWW0aXcCxIr6PlKi6ppBA.roa
Signing time:             Thu 05 Feb 2026 04:22:13 +0000
ROA not before:           Thu 05 Feb 2026 04:22:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214677
IP address blocks:        2a14:67c3:2ad::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:2c:09:4e:8e:b7:2e:55:47:a7:64:4a:51:f2:9f:e3:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Feb  5 04:22:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=164c0e3f36565b4697702c48afa3e52a2ea9a410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ed:a8:a1:b7:12:99:67:a4:01:81:3c:de:a5:
                    83:f5:a9:33:1b:48:42:7d:ad:3c:ab:4f:52:e7:0e:
                    ad:95:5e:45:69:a9:a3:fb:9f:92:ef:eb:b3:90:54:
                    26:4e:8c:ba:40:9d:3e:f1:05:70:ad:a5:eb:31:f1:
                    9e:f5:94:f7:24:84:cc:f7:aa:e1:5f:d7:ad:96:91:
                    f7:a8:0f:49:96:30:0a:d4:45:8d:fb:44:9d:5a:dd:
                    57:f6:f9:15:22:b7:23:05:a9:a3:da:3e:cc:6e:4d:
                    7d:50:e8:9e:da:93:b4:15:a9:80:61:10:26:ba:af:
                    4d:f6:2b:05:da:28:dc:e2:42:65:26:2b:8f:96:ac:
                    b3:b7:4a:aa:d8:44:f3:bf:54:07:12:58:58:2d:9b:
                    3f:85:12:94:36:17:cc:03:38:41:6b:45:ac:f6:bc:
                    ae:d6:0b:40:a1:be:87:d4:99:cc:0c:bb:3b:de:7a:
                    8d:db:60:10:40:0b:f2:5e:67:d8:54:5f:45:7b:79:
                    be:69:ec:e6:63:40:43:bb:5c:e7:22:9f:4a:69:ff:
                    a7:64:82:ca:47:9c:69:95:f5:27:21:d0:32:5a:dd:
                    8a:d4:f0:a6:9b:75:85:a1:86:6d:0f:5d:ce:01:13:
                    e1:79:b0:2d:0e:9c:6d:7e:78:b6:30:77:a6:59:89:
                    54:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:4C:0E:3F:36:56:5B:46:97:70:2C:48:AF:A3:E5:2A:2E:A9:A4:10
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/FkwOPzZWW0aXcCxIr6PlKi6ppBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:2ad::/48

    Signature Algorithm: sha256WithRSAEncryption
         a1:85:f6:e5:22:57:21:0f:20:7c:61:bb:11:9f:31:11:1a:9e:
         8a:79:c2:a8:b5:2b:b1:96:c5:eb:a0:a3:fb:fc:da:df:9b:46:
         09:dd:b4:f9:a0:e2:3b:9d:a9:67:aa:2c:e9:35:82:08:1c:ab:
         82:da:96:bd:60:b2:e1:15:cf:ee:b8:01:eb:75:b1:9a:ed:05:
         97:84:2f:46:d5:ee:01:65:c7:66:f9:69:3e:fa:8d:de:ac:f3:
         1b:b1:a0:0b:87:7e:ea:d4:7a:58:9d:03:ca:d6:86:af:ee:ba:
         44:76:bd:21:a4:a4:28:94:93:b1:91:8b:08:e7:eb:2c:19:24:
         fa:68:35:c1:56:71:98:dd:3d:4c:d2:b7:5f:70:af:24:62:27:
         3f:73:32:f3:da:b2:e9:e4:1b:a6:1f:71:96:b5:de:7f:20:23:
         8e:b7:8f:7a:82:c0:96:3c:dd:ae:52:76:67:29:c0:60:ff:84:
         93:8f:79:b3:b6:ea:3d:6e:ca:e4:ef:55:1d:e5:41:1d:5d:6a:
         8e:95:58:a9:d3:27:66:f9:4b:94:ed:87:21:ba:2b:c7:8a:15:
         c9:a0:73:92:5b:cf:50:50:ca:a5:57:47:78:89:67:ed:33:f3:
         85:b0:89:fd:cd:3e:3f:4b:70:21:e8:2e:dd:81:ef:c5:f7:6e:
         3d:55:d2:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZwsCU6Oty5VR6dkSlHyn+MNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMjA1MDQyMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjRjMGUzZjM2NTY1YjQ2OTc3MDJjNDhhZmEzZTUyYTJlYTlhNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgu2oobcSmWekAYE83qWD9akzG0hC
fa08q09S5w6tlV5Faamj+5+S7+uzkFQmToy6QJ0+8QVwraXrMfGe9ZT3JITM96rh
X9etlpH3qA9JljAK1EWN+0SdWt1X9vkVIrcjBamj2j7Mbk19UOie2pO0FamAYRAm
uq9N9isF2ijc4kJlJiuPlqyzt0qq2ETzv1QHElhYLZs/hRKUNhfMAzhBa0Ws9ryu
1gtAob6H1JnMDLs73nqN22AQQAvyXmfYVF9Fe3m+aezmY0BDu1znIp9Kaf+nZILK
R5xplfUnIdAyWt2K1PCmm3WFoYZtD13OARPhebAtDpxtfni2MHemWYlUiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBZMDj82VltGl3AsSK+j5SouqaQQMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvRmt3T1B6WldXMGFYY0N4SXI2UGxLaTZwcEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwwKt
MA0GCSqGSIb3DQEBCwUAA4IBAQChhfblIlchDyB8YbsRnzERGp6KecKotSuxlsXr
oKP7/Nrfm0YJ3bT5oOI7nalnqizpNYIIHKuC2pa9YLLhFc/uuAHrdbGa7QWXhC9G
1e4BZcdm+Wk++o3erPMbsaALh37q1HpYnQPK1oav7rpEdr0hpKQolJOxkYsI5+ss
GST6aDXBVnGY3T1M0rdfcK8kYic/czLz2rLp5BumH3GWtd5/ICOOt496gsCWPN2u
UnZnKcBg/4STj3mztuo9bsrk71Ud5UEdXWqOlVip0ydm+UuU7YchuivHihXJoHOS
W89QUMqlV0d4iWftM/OFsIn9zT4/S3Ah6C7dge/F9249VdJK
-----END CERTIFICATE-----