Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/bYyuonwLeyCMUDJvyUW2Im_zH1U.roa
File:                     bYyuonwLeyCMUDJvyUW2Im_zH1U.roa (raw, json)
Hash identifier:          E0ts0YjgTWbaJgjEWCXRlDdSsHws/3bB/GHQ2RoRspw=
Subject key identifier:   6D:8C:AE:A2:7C:0B:7B:20:8C:50:32:6F:C9:45:B6:22:6F:F3:1F:55
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019C8933EBC6E48DE8F9E3D8A4ADE0BD8E11
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/bYyuonwLeyCMUDJvyUW2Im_zH1U.roa
Signing time:             Mon 23 Feb 2026 06:33:27 +0000
ROA not before:           Mon 23 Feb 2026 06:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214848
IP address blocks:        2a14:67c2:800::/40 maxlen: 48
                          2a14:67c3:d0::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:89:33:eb:c6:e4:8d:e8:f9:e3:d8:a4:ad:e0:bd:8e:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Feb 23 06:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6d8caea27c0b7b208c50326fc945b6226ff31f55
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:af:c0:f1:5c:8f:51:b4:0a:87:d8:3e:c2:a0:
                    c0:3b:2e:e7:31:23:8c:c7:93:38:c6:5e:76:ab:11:
                    43:6a:c1:a3:17:3f:68:a5:3d:73:6f:c9:0e:5a:67:
                    c8:1b:63:d9:be:b8:db:26:57:9b:a3:e4:b5:fb:1b:
                    52:fc:d4:72:42:44:c9:4c:24:d1:28:3e:7d:f3:0a:
                    61:dd:aa:58:26:da:85:6a:23:73:b3:65:a5:34:b4:
                    27:1d:f4:19:bb:04:77:18:18:cb:a5:ab:ef:43:4c:
                    0d:53:fc:30:f3:fb:51:2d:3d:15:92:81:11:5a:75:
                    fb:6f:f8:00:c8:30:dc:a5:b3:78:34:6a:e1:57:9c:
                    aa:91:2e:83:9a:60:aa:be:bf:b3:a9:7f:71:c4:a3:
                    b2:cb:97:97:61:92:27:ac:58:2b:2e:7f:18:6f:4c:
                    eb:5d:09:91:f6:58:e1:db:b6:75:96:8c:eb:9a:ca:
                    9e:65:af:94:f7:4f:b5:97:13:77:ab:fa:41:92:7d:
                    46:a7:2c:0f:3d:4c:18:0f:96:89:74:59:5a:d5:34:
                    e1:bc:2f:3d:01:ac:c9:1b:96:a9:da:8c:cd:00:f5:
                    80:e9:0a:17:c8:9a:25:f0:6a:26:67:3c:e1:33:a5:
                    5c:93:9d:79:9c:54:cb:09:8b:c6:36:7a:bf:1a:7a:
                    7a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:8C:AE:A2:7C:0B:7B:20:8C:50:32:6F:C9:45:B6:22:6F:F3:1F:55
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/bYyuonwLeyCMUDJvyUW2Im_zH1U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c2:800::/40
                  2a14:67c3:d0::/44

    Signature Algorithm: sha256WithRSAEncryption
         8e:d4:ba:b4:9b:4d:f6:a5:ff:64:40:75:fc:ff:e1:6a:5e:28:
         01:c9:86:31:78:28:de:33:9e:38:da:9f:46:07:28:a7:a4:ad:
         d9:7b:15:57:24:db:73:dc:53:83:11:7a:99:57:da:d2:7e:ba:
         ea:69:24:5e:57:14:70:c8:f0:f2:14:a6:39:f5:11:5c:38:ef:
         f9:9c:49:b3:8e:fb:ef:54:13:f9:7e:e0:a3:82:41:42:18:db:
         b7:1d:6f:34:45:bf:12:56:2c:84:1d:f0:34:09:e2:4b:75:5f:
         70:03:a1:1e:bc:01:b0:ae:d1:f0:d7:b0:20:1a:4e:62:4f:94:
         10:03:a9:b9:fe:ee:c3:b4:9d:f5:fd:08:17:27:3c:a5:bf:90:
         3b:bb:52:8d:1a:c5:bd:8e:51:8c:40:3e:a2:d6:a8:c7:99:17:
         fa:8c:d6:04:ff:c9:ab:a1:0c:4d:72:4a:8c:e2:7e:d1:98:6a:
         54:16:fb:09:46:52:e4:3b:50:31:08:c6:0f:a1:53:f4:bd:37:
         28:15:8d:fb:ba:a4:4e:bc:7b:3b:78:2f:f4:2f:80:c8:89:86:
         13:93:ea:dd:02:92:80:41:ef:b4:56:86:4b:b2:2c:a3:59:33:
         fa:6f:d9:2f:15:33:2b:4f:ef:e9:1a:35:e7:2b:fc:0c:5a:96:
         a5:cb:a7:e8
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZyJM+vG5I3o+ePYpK3gvY4RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMjIzMDYzMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDhjYWVhMjdjMGI3YjIwOGM1MDMyNmZjOTQ1YjYyMjZmZjMxZjU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK/A8VyPUbQKh9g+wqDAOy7nMSOM
x5M4xl52qxFDasGjFz9opT1zb8kOWmfIG2PZvrjbJlebo+S1+xtS/NRyQkTJTCTR
KD598wph3apYJtqFaiNzs2WlNLQnHfQZuwR3GBjLpavvQ0wNU/ww8/tRLT0VkoER
WnX7b/gAyDDcpbN4NGrhV5yqkS6DmmCqvr+zqX9xxKOyy5eXYZInrFgrLn8Yb0zr
XQmR9ljh27Z1lozrmsqeZa+U90+1lxN3q/pBkn1GpywPPUwYD5aJdFla1TThvC89
AazJG5ap2ozNAPWA6QoXyJol8GomZzzhM6Vck515nFTLCYvGNnq/Gnp6/wIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFG2MrqJ8C3sgjFAyb8lFtiJv8x9VMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvYll5dW9ud0xleUNNVURKdnlVVzJJbV96SDFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKhRnwggD
BwQqFGfDANAwDQYJKoZIhvcNAQELBQADggEBAI7UurSbTfal/2RAdfz/4WpeKAHJ
hjF4KN4znjjan0YHKKekrdl7FVck23PcU4MReplX2tJ+uuppJF5XFHDI8PIUpjn1
EVw47/mcSbOO++9UE/l+4KOCQUIY27cdbzRFvxJWLIQd8DQJ4kt1X3ADoR68AbCu
0fDXsCAaTmJPlBADqbn+7sO0nfX9CBcnPKW/kDu7Uo0axb2OUYxAPqLWqMeZF/qM
1gT/yauhDE1ySoziftGYalQW+wlGUuQ7UDEIxg+hU/S9NygVjfu6pE68ezt4L/Qv
gMiJhhOT6t0CkoBB77RWhkuyLKNZM/pv2S8VMytP7+kaNecr/AxalqXLp+g=
-----END CERTIFICATE-----