Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Ukci9Bg7j4Bn7kCrXEDt1C9dNSA.roa
File:                     Ukci9Bg7j4Bn7kCrXEDt1C9dNSA.roa (raw, json)
Hash identifier:          H+c80Rb+WwbpGiMbg43g9GvHTmvViqW1xacKDSZEpQI=
Subject key identifier:   52:47:22:F4:18:3B:8F:80:67:EE:40:AB:5C:40:ED:D4:2F:5D:35:20
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01966681E2B7B6BFC48F788381EC4DD9B03A
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Ukci9Bg7j4Bn7kCrXEDt1C9dNSA.roa
Signing time:             Thu 24 Apr 2025 06:35:10 +0000
ROA not before:           Thu 24 Apr 2025 06:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151673
IP address blocks:        2a14:67c1:b000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:81:e2:b7:b6:bf:c4:8f:78:83:81:ec:4d:d9:b0:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 24 06:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=524722f4183b8f8067ee40ab5c40edd42f5d3520
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:d2:0c:ad:4e:47:77:42:76:56:c1:0f:c0:f9:
                    4e:ba:56:ec:95:91:4e:09:32:df:9a:c4:c9:9e:69:
                    f0:ca:d9:28:f4:22:02:f2:b4:2d:45:99:7f:ab:81:
                    c4:5b:ec:af:71:93:c3:b4:3f:8e:9f:e7:5b:c5:af:
                    9f:b2:02:d0:03:7f:e4:0d:a7:cc:ac:81:da:e9:6b:
                    d7:f6:37:cc:62:a0:9d:d1:40:3a:bd:c2:c7:cc:d5:
                    ed:c0:b1:0b:d2:bc:84:4d:bb:bf:fc:00:73:08:25:
                    9d:95:c7:62:27:71:b2:bd:b1:b3:82:4b:31:87:d0:
                    88:ba:32:dd:3a:3e:83:85:b6:e9:04:74:98:dc:c8:
                    cd:02:f7:57:20:ee:08:7d:1c:5f:0f:ec:cb:3c:29:
                    65:ca:c6:f8:a5:9a:68:38:81:44:9e:45:28:66:48:
                    81:b9:37:19:cf:13:a8:ee:85:51:16:60:88:91:27:
                    b9:be:fe:8f:78:a5:24:42:e6:f2:cf:0a:ae:97:51:
                    ff:9e:e0:e5:15:dc:e7:34:aa:22:37:b7:cc:36:cc:
                    55:31:a5:bb:9c:15:80:34:25:e2:f8:ba:d0:2f:0c:
                    d0:80:be:df:32:02:ca:e4:e4:c3:bf:87:28:b4:37:
                    8c:5c:b5:bc:d2:a1:57:3c:a7:74:67:37:4c:c4:96:
                    6b:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:47:22:F4:18:3B:8F:80:67:EE:40:AB:5C:40:ED:D4:2F:5D:35:20
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Ukci9Bg7j4Bn7kCrXEDt1C9dNSA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a3:cd:0e:93:52:7d:79:d8:e1:f2:81:cb:ed:62:7c:de:03:c4:
         f1:90:b2:f6:43:94:c7:f7:fc:4b:7d:1a:71:18:fa:7b:3c:7b:
         1a:c8:8c:f6:da:a4:66:2e:fe:24:73:b8:57:1b:64:3f:70:6d:
         d0:a4:87:53:74:3d:4d:4e:a1:80:8a:fa:be:65:d4:a1:e8:05:
         4c:94:7d:30:72:65:93:a1:6b:a2:f4:3e:05:ea:30:b9:02:95:
         1e:10:1c:3f:c1:b2:8a:ef:ab:6e:04:d9:ab:f1:bc:16:9d:80:
         27:3c:33:b4:3f:31:37:ab:46:48:4c:0f:a7:78:7f:1b:07:a5:
         cf:c6:a9:0d:38:4b:b8:46:ff:4c:58:c4:85:e0:f0:3a:dc:14:
         df:45:f7:20:f7:a8:b0:48:40:63:bf:84:08:35:cd:26:4d:04:
         92:a0:71:71:a9:4d:44:de:25:28:2f:8c:e7:5e:c6:36:71:8a:
         90:05:a2:ee:8e:3e:4f:c5:a9:fc:f7:3a:7d:fe:73:71:1c:de:
         83:74:4c:77:39:b5:14:09:eb:34:82:f4:14:b3:7c:36:33:03:
         51:b1:d0:0d:98:50:c2:29:15:f9:87:21:37:8c:a3:16:63:96:
         97:dc:5d:23:fb:52:89:5a:aa:fb:ff:20:33:8d:45:a5:3d:32:
         e1:f0:4c:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZmgeK3tr/Ej3iDgexN2bA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNDI0MDYzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjQ3MjJmNDE4M2I4ZjgwNjdlZTQwYWI1YzQwZWRkNDJmNWQzNTIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAldIMrU5Hd0J2VsEPwPlOulbslZFO
CTLfmsTJnmnwytko9CIC8rQtRZl/q4HEW+yvcZPDtD+On+dbxa+fsgLQA3/kDafM
rIHa6WvX9jfMYqCd0UA6vcLHzNXtwLEL0ryETbu//ABzCCWdlcdiJ3GyvbGzgksx
h9CIujLdOj6DhbbpBHSY3MjNAvdXIO4IfRxfD+zLPCllysb4pZpoOIFEnkUoZkiB
uTcZzxOo7oVRFmCIkSe5vv6PeKUkQubyzwqul1H/nuDlFdznNKoiN7fMNsxVMaW7
nBWANCXi+LrQLwzQgL7fMgLK5OTDv4cotDeMXLW80qFXPKd0ZzdMxJZroQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFJHIvQYO4+AZ+5Aq1xA7dQvXTUgMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvVWtjaTlCZzdqNEJuN2tDclhFRHQxQzlkTlNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwbAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCjzQ6TUn152OHygcvtYnzeA8TxkLL2Q5TH9/xL
fRpxGPp7PHsayIz22qRmLv4kc7hXG2Q/cG3QpIdTdD1NTqGAivq+ZdSh6AVMlH0w
cmWToWui9D4F6jC5ApUeEBw/wbKK76tuBNmr8bwWnYAnPDO0PzE3q0ZITA+neH8b
B6XPxqkNOEu4Rv9MWMSF4PA63BTfRfcg96iwSEBjv4QINc0mTQSSoHFxqU1E3iUo
L4znXsY2cYqQBaLujj5Pxan89zp9/nNxHN6DdEx3ObUUCes0gvQUs3w2MwNRsdAN
mFDCKRX5hyE3jKMWY5aX3F0j+1KJWqr7/yAzjUWlPTLh8Ew+
-----END CERTIFICATE-----