Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/u5CKPHkWX09_HJvCrbkgWyGc9Hs.roa
File:                     u5CKPHkWX09_HJvCrbkgWyGc9Hs.roa (raw, json)
Hash identifier:          KjDCDDh6BPv4cF4aaCMCS+b+Pk8W3eG4DUvyiBxjKSo=
Subject key identifier:   BB:90:8A:3C:79:16:5F:4F:7F:1C:9B:C2:AD:B9:20:5B:21:9C:F4:7B
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019D6F36DF8C7FC8CCAA815A3ECF0D5FB491
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/u5CKPHkWX09_HJvCrbkgWyGc9Hs.roa
Signing time:             Wed 08 Apr 2026 22:29:20 +0000
ROA not before:           Wed 08 Apr 2026 22:29:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210554
IP address blocks:        2a14:67c1:b300::/40 maxlen: 40
                          2a14:67c1:b300::/48 maxlen: 48
                          2a14:67c1:b301::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 08:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:6f:36:df:8c:7f:c8:cc:aa:81:5a:3e:cf:0d:5f:b4:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr  8 22:29:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bb908a3c79165f4f7f1c9bc2adb9205b219cf47b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:71:07:bf:ee:a1:c3:16:a3:5d:05:b8:0e:53:
                    a5:09:00:28:6c:7e:b4:a4:e4:2f:dc:55:b5:98:f4:
                    99:fd:4d:0b:73:59:50:22:dd:79:ef:9e:af:17:8e:
                    45:71:9c:ef:de:b2:40:29:53:94:f2:eb:4c:61:2d:
                    0c:2e:31:7a:5b:9d:fe:b0:8f:0a:1a:ff:96:e6:53:
                    9b:bc:6e:6a:2e:96:3d:6e:38:b2:2f:9f:f9:38:5f:
                    91:b0:3d:6d:38:a4:59:1a:bf:14:4b:0b:68:8d:dc:
                    c3:b0:31:2f:1f:ae:47:75:e7:8b:e2:24:aa:4d:07:
                    77:6b:a9:44:7d:97:29:48:ec:c1:ef:4f:10:60:d2:
                    00:3b:43:e3:bc:f8:30:08:02:dd:e3:3e:a2:01:63:
                    a1:29:39:50:ef:19:07:70:a0:ca:91:25:74:cb:a6:
                    68:25:7d:b6:79:55:76:d1:e6:74:f8:5c:b1:34:ed:
                    c5:a2:5e:68:34:92:d7:c2:02:b6:bc:58:87:a3:6e:
                    72:54:c0:57:e1:a5:f8:4c:90:32:07:ea:75:11:45:
                    7d:31:35:28:8e:61:bc:54:3c:9f:0c:76:fd:6b:00:
                    3b:30:90:e1:ee:2f:b2:5d:06:e9:a9:4d:d6:a5:42:
                    f0:ac:40:0d:5e:88:25:9b:f3:d1:b3:b6:0b:e6:09:
                    2f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:90:8A:3C:79:16:5F:4F:7F:1C:9B:C2:AD:B9:20:5B:21:9C:F4:7B
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/u5CKPHkWX09_HJvCrbkgWyGc9Hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b300::/40

    Signature Algorithm: sha256WithRSAEncryption
         b1:c8:2f:4f:a5:dc:97:7a:2c:bb:1a:91:e9:75:39:de:15:ce:
         e4:29:86:c8:03:da:ee:b7:49:d2:9e:c2:9c:88:c4:15:6f:de:
         c2:67:e2:e7:3f:e1:7a:99:3e:35:32:81:53:eb:6b:a2:6f:64:
         a7:23:de:a8:75:0a:35:26:25:e4:be:46:4e:0d:0a:30:36:31:
         dc:af:f0:21:6d:56:8d:c9:fc:c1:32:a9:cf:b9:a8:99:65:a8:
         13:57:64:21:ff:c2:95:d7:4a:c2:53:0a:e3:9e:b0:c7:64:0b:
         6d:7f:68:a8:fc:47:b0:b8:8c:a4:91:8e:ab:bb:bc:fc:bb:59:
         b7:87:dd:54:8a:ed:e1:aa:38:61:3d:42:95:80:a2:3b:56:43:
         75:e3:e7:db:07:d8:c1:d2:8b:51:a7:0f:82:09:63:82:62:1c:
         75:91:0b:4c:5d:cb:46:da:2c:5d:40:95:16:b9:bc:8a:b5:63:
         e6:e1:2b:55:e2:43:87:57:a1:93:46:a0:eb:40:44:50:05:d7:
         14:0c:e7:f2:1f:61:f9:59:46:fc:4a:04:7a:9d:7d:c3:20:b1:
         50:c7:16:5b:58:19:5b:70:4f:97:be:5b:91:98:67:82:e3:d4:
         23:bf:9a:0e:d3:3b:bc:11:eb:61:ed:49:2b:6a:d5:59:af:75:
         7b:8f:65:a7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ1vNt+Mf8jMqoFaPs8NX7SRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNDA4MjIyOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjkwOGEzYzc5MTY1ZjRmN2YxYzliYzJhZGI5MjA1YjIxOWNmNDdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjnEHv+6hwxajXQW4DlOlCQAobH60
pOQv3FW1mPSZ/U0Lc1lQIt15756vF45FcZzv3rJAKVOU8utMYS0MLjF6W53+sI8K
Gv+W5lObvG5qLpY9bjiyL5/5OF+RsD1tOKRZGr8USwtojdzDsDEvH65HdeeL4iSq
TQd3a6lEfZcpSOzB708QYNIAO0PjvPgwCALd4z6iAWOhKTlQ7xkHcKDKkSV0y6Zo
JX22eVV20eZ0+FyxNO3Fol5oNJLXwgK2vFiHo25yVMBX4aX4TJAyB+p1EUV9MTUo
jmG8VDyfDHb9awA7MJDh7i+yXQbpqU3WpULwrEANXoglm/PRs7YL5gkvLQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLuQijx5Fl9Pfxybwq25IFshnPR7MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvdTVDS1BIa1dYMDlfSEp2Q3Jia2dXeUdjOUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwbMw
DQYJKoZIhvcNAQELBQADggEBALHIL0+l3Jd6LLsakel1Od4VzuQphsgD2u63SdKe
wpyIxBVv3sJn4uc/4XqZPjUygVPra6JvZKcj3qh1CjUmJeS+Rk4NCjA2Mdyv8CFt
Vo3J/MEyqc+5qJllqBNXZCH/wpXXSsJTCuOesMdkC21/aKj8R7C4jKSRjqu7vPy7
WbeH3VSK7eGqOGE9QpWAojtWQ3Xj59sH2MHSi1GnD4IJY4JiHHWRC0xdy0baLF1A
lRa5vIq1Y+bhK1XiQ4dXoZNGoOtARFAF1xQM5/IfYflZRvxKBHqdfcMgsVDHFltY
GVtwT5e+W5GYZ4Lj1CO/mg7TO7wR62HtSStq1VmvdXuPZac=
-----END CERTIFICATE-----