Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/0Atfg-dFG37hXeUcF8nx20baxnY.roa
File:                     0Atfg-dFG37hXeUcF8nx20baxnY.roa (raw, json)
Hash identifier:          bQXc7t4CMfmr1jRgE5XQy9asqqvXQrJ0R+2vxAyaCzw=
Subject key identifier:   D0:0B:5F:83:E7:45:1B:7E:E1:5D:E5:1C:17:C9:F1:DB:46:DA:C6:76
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019D249B6E95BB9960CA22DD2CC5493967E8
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/0Atfg-dFG37hXeUcF8nx20baxnY.roa
Signing time:             Wed 25 Mar 2026 10:47:39 +0000
ROA not before:           Wed 25 Mar 2026 10:47:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199688
IP address blocks:        2a14:67c3:180::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:24:9b:6e:95:bb:99:60:ca:22:dd:2c:c5:49:39:67:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Mar 25 10:47:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d00b5f83e7451b7ee15de51c17c9f1db46dac676
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:50:fa:35:57:9a:8a:d5:9c:ea:35:59:c2:9b:
                    84:73:cd:e2:eb:4a:0a:94:f5:e8:4a:a4:fc:df:1d:
                    f8:af:e1:96:f5:0f:59:e0:26:5d:7c:4a:88:0b:ba:
                    07:fd:09:ce:3b:2f:dc:d0:07:d1:2e:0f:53:17:c6:
                    14:dc:7f:c5:66:59:e1:19:5a:95:9a:e8:57:c9:f3:
                    38:b3:cc:a8:ce:a7:c3:be:e0:d6:bf:7e:26:a4:20:
                    91:8b:85:dc:4f:18:ef:61:89:47:22:3c:a9:c4:57:
                    1b:91:6a:a5:1f:93:76:c1:b2:c4:2b:b7:78:6a:6a:
                    e2:cb:93:df:8a:2e:1c:3f:39:76:5c:5c:bb:b4:6e:
                    ee:a8:dc:c3:33:ae:72:3a:c8:01:d3:bb:4a:87:a7:
                    18:0e:11:a7:e8:e5:29:6e:aa:71:bc:92:55:37:41:
                    33:95:48:3a:fd:ba:c8:1b:bd:0b:f9:cd:b7:22:a7:
                    ae:ff:28:19:9d:63:fe:8a:41:f1:fb:6e:f9:cc:21:
                    f1:c8:fd:13:c3:77:5e:13:ea:4d:94:cf:10:fe:49:
                    f9:01:0a:b6:ec:a8:88:15:83:a6:6b:69:e6:9b:06:
                    32:ae:2a:fe:33:43:0b:bb:36:25:1a:70:89:5d:10:
                    11:c3:e4:4d:24:2a:d7:0f:1a:2a:38:ab:64:98:55:
                    cd:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:0B:5F:83:E7:45:1B:7E:E1:5D:E5:1C:17:C9:F1:DB:46:DA:C6:76
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/0Atfg-dFG37hXeUcF8nx20baxnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:180::/44

    Signature Algorithm: sha256WithRSAEncryption
         b3:f6:90:4d:d5:3b:91:01:10:78:22:45:ed:85:0e:78:dc:28:
         8b:d0:56:a1:88:9a:56:7f:cc:d1:77:a3:b2:fc:1e:19:5a:fc:
         c2:20:3a:5d:3a:b9:c1:9a:f3:8b:be:49:8c:9b:93:6b:30:84:
         fd:10:7e:c1:be:31:93:53:d1:b7:c2:8f:4e:a2:14:ee:00:bf:
         80:f3:0c:cf:7a:11:e3:f1:a8:f9:56:3b:49:bb:0b:10:85:33:
         1c:73:79:f7:fa:e2:a1:64:82:52:8c:05:92:21:7f:88:30:e5:
         6a:3c:92:1b:72:58:51:e9:c4:b0:a3:9c:bd:1f:1d:3d:27:6f:
         bd:44:c3:65:70:b3:49:96:3c:0c:7d:ee:1b:e0:c1:6c:3d:b1:
         d9:34:79:f4:dc:b0:1e:37:df:c4:fe:24:a0:e0:d5:c6:62:bc:
         2b:f3:b4:42:6b:d5:d8:cd:1c:e8:38:82:e9:a7:22:dc:5d:a4:
         ba:77:30:37:0b:fb:ec:79:ac:8c:dc:68:a5:28:43:a9:08:f5:
         b2:7a:bb:b2:f6:80:57:5e:35:a9:81:dd:84:43:82:a1:55:c8:
         f1:fb:7d:a7:b0:27:e6:94:e7:2a:6b:ff:e4:61:8e:17:26:bc:
         7b:a9:9e:b3:b2:70:d7:e9:b7:7f:ed:f9:39:34:d3:a6:a8:07:
         2e:65:0e:2a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0km26Vu5lgyiLdLMVJOWfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwMzI1MTA0NzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDBiNWY4M2U3NDUxYjdlZTE1ZGU1MWMxN2M5ZjFkYjQ2ZGFjNjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvlD6NVeaitWc6jVZwpuEc83i60oK
lPXoSqT83x34r+GW9Q9Z4CZdfEqIC7oH/QnOOy/c0AfRLg9TF8YU3H/FZlnhGVqV
muhXyfM4s8yozqfDvuDWv34mpCCRi4XcTxjvYYlHIjypxFcbkWqlH5N2wbLEK7d4
amriy5Pfii4cPzl2XFy7tG7uqNzDM65yOsgB07tKh6cYDhGn6OUpbqpxvJJVN0Ez
lUg6/brIG70L+c23Iqeu/ygZnWP+ikHx+275zCHxyP0Tw3deE+pNlM8Q/kn5AQq2
7KiIFYOma2nmmwYyrir+M0MLuzYlGnCJXRARw+RNJCrXDxoqOKtkmFXNwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNALX4PnRRt+4V3lHBfJ8dtG2sZ2MB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvMEF0ZmctZEZHMzdoWGVVY0Y4bngyMGJheG5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnwwGA
MA0GCSqGSIb3DQEBCwUAA4IBAQCz9pBN1TuRARB4IkXthQ543CiL0FahiJpWf8zR
d6Oy/B4ZWvzCIDpdOrnBmvOLvkmMm5NrMIT9EH7BvjGTU9G3wo9OohTuAL+A8wzP
ehHj8aj5VjtJuwsQhTMcc3n3+uKhZIJSjAWSIX+IMOVqPJIbclhR6cSwo5y9Hx09
J2+9RMNlcLNJljwMfe4b4MFsPbHZNHn03LAeN9/E/iSg4NXGYrwr87RCa9XYzRzo
OILppyLcXaS6dzA3C/vseayM3GilKEOpCPWyeruy9oBXXjWpgd2EQ4KhVcjx+32n
sCfmlOcqa//kYY4XJrx7qZ6zsnDX6bd/7fk5NNOmqAcuZQ4q
-----END CERTIFICATE-----