Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-kr61b-3_aXUZGxRZ8mV21GduAM.roa
File:                     1-kr61b-3_aXUZGxRZ8mV21GduAM.roa (raw, json)
Hash identifier:          bZePdsV0VqjTYXEQCQFQ/dqlJA0q1rB9sV9slhxQu28=
Subject key identifier:   FA:4A:FA:D5:BF:B7:FD:A5:D4:64:6C:51:67:C9:95:DB:51:9D:B8:03
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0199B66BC6CB7DA28C5BC3C6F9D6DEEEE4B5
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-kr61b-3_aXUZGxRZ8mV21GduAM.roa
Signing time:             Sun 05 Oct 2025 22:09:00 +0000
ROA not before:           Sun 05 Oct 2025 22:09:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38047
IP address blocks:        2a14:67c1:d200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 06:01:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:b6:6b:c6:cb:7d:a2:8c:5b:c3:c6:f9:d6:de:ee:e4:b5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Oct  5 22:09:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa4afad5bfb7fda5d4646c5167c995db519db803
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fe:a5:f1:ef:f1:ab:6f:e3:9d:4a:69:39:17:
                    af:92:fa:77:cf:0b:95:76:b0:1e:d3:4c:ca:76:d0:
                    48:a1:c5:69:fd:6a:74:8f:42:90:33:eb:d7:7c:3d:
                    f1:01:9d:ac:78:e7:43:2a:86:e1:bc:aa:5c:b3:0e:
                    7d:88:95:e5:cd:a2:f2:0a:7c:19:b3:0e:6d:fb:3b:
                    27:1d:7a:64:46:ac:19:59:67:0c:e5:0e:67:16:5e:
                    72:71:ed:ba:0a:88:9a:c0:ae:93:23:85:8e:a5:83:
                    2b:f7:9a:41:5b:d3:a6:46:5d:26:69:ee:17:bd:a9:
                    83:ef:01:35:db:67:be:2f:2f:91:40:4d:49:17:68:
                    60:81:6a:2d:7b:1d:7d:65:a6:75:24:50:c3:2e:12:
                    9e:a3:1a:7c:6d:7e:82:76:45:eb:3f:60:b8:f0:d2:
                    de:df:d7:43:65:5b:50:15:3d:30:43:3e:59:ab:10:
                    df:43:20:b7:00:7f:13:be:a7:6e:9f:3b:cd:1f:84:
                    7f:ee:13:2c:55:3e:b8:ae:25:4c:42:0a:e1:da:bf:
                    9c:30:68:69:44:70:e6:68:1d:cf:0b:e0:f7:d5:9a:
                    8a:60:a5:b8:16:d9:77:9f:dd:95:f9:6d:5c:1f:e4:
                    b5:89:1d:d8:ac:62:9c:2a:89:cb:dc:76:93:e3:43:
                    4f:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:4A:FA:D5:BF:B7:FD:A5:D4:64:6C:51:67:C9:95:DB:51:9D:B8:03
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/1-kr61b-3_aXUZGxRZ8mV21GduAM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:d200::/40

    Signature Algorithm: sha256WithRSAEncryption
         a7:24:85:7c:a2:db:d7:65:e8:c9:48:9f:c7:67:48:a9:ff:45:
         65:8d:2c:b0:4e:37:36:8e:ca:82:01:fa:61:c7:c9:0a:94:d9:
         a4:6d:05:6d:bc:55:7c:a0:5d:a8:d2:81:ee:09:bf:90:a8:6d:
         4c:be:e5:06:1c:d9:2d:ee:1b:14:26:fb:12:19:76:9f:7d:3e:
         65:51:57:eb:50:47:ff:d6:84:5e:72:57:e7:23:3b:b8:f2:9c:
         01:7b:87:2b:98:1f:7a:78:a5:12:37:3b:8e:24:49:d7:bd:2c:
         f5:c9:60:de:18:cb:db:1a:cd:46:61:32:8c:9a:5d:f3:7f:c9:
         33:7e:55:b2:0a:20:1c:d9:b4:97:1c:6a:5b:99:72:cb:2a:81:
         ac:e0:bb:27:9c:56:b1:72:d6:34:67:a2:99:af:64:5f:52:c6:
         cf:2b:a7:d7:df:54:71:c1:f0:4a:2c:9e:de:e1:d5:da:38:e5:
         c2:ca:b9:e2:5a:7c:dc:fe:a9:a8:98:d1:de:5f:e4:54:34:a2:
         94:a6:62:eb:58:53:c8:ab:78:ed:39:9d:2e:23:78:67:dc:d0:
         94:ad:3a:c9:a7:bc:54:27:f9:28:a3:7d:89:44:ca:18:40:de:
         b5:81:2e:88:e1:ed:5a:a8:97:c6:38:eb:31:e0:60:ab:28:9c:
         ae:9e:cd:87
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZm2a8bLfaKMW8PG+dbe7uS1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMDA1MjIwOTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTRhZmFkNWJmYjdmZGE1ZDQ2NDZjNTE2N2M5OTVkYjUxOWRiODAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy/6l8e/xq2/jnUppORevkvp3zwuV
drAe00zKdtBIocVp/Wp0j0KQM+vXfD3xAZ2seOdDKobhvKpcsw59iJXlzaLyCnwZ
sw5t+zsnHXpkRqwZWWcM5Q5nFl5yce26CoiawK6TI4WOpYMr95pBW9OmRl0mae4X
vamD7wE122e+Ly+RQE1JF2hggWotex19ZaZ1JFDDLhKeoxp8bX6CdkXrP2C48NLe
39dDZVtQFT0wQz5ZqxDfQyC3AH8TvqdunzvNH4R/7hMsVT64riVMQgrh2r+cMGhp
RHDmaB3PC+D31ZqKYKW4Ftl3n92V+W1cH+S1iR3YrGKcKonL3HaT40NPtQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFPpK+tW/t/2l1GRsUWfJldtRnbgDMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvMS1rcjYxYi0zX2FYVVpHeFJaOG1WMjFHZHVBTS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDAvNzMyYjZjLTQ4ZTQtNDM1MC04YTU2LWY2Y2M0ZWYwZjdk
Zi8xL1pfTWIza1pSWTBmMDdmeS1NTzJzbWduazRPQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAhBggrBgEFBQcBBwEB/wQSMBAwDgQCAAIwCAMGACoUZ8HS
MA0GCSqGSIb3DQEBCwUAA4IBAQCnJIV8otvXZejJSJ/HZ0ip/0VljSywTjc2jsqC
Afphx8kKlNmkbQVtvFV8oF2o0oHuCb+QqG1MvuUGHNkt7hsUJvsSGXaffT5lUVfr
UEf/1oReclfnIzu48pwBe4crmB96eKUSNzuOJEnXvSz1yWDeGMvbGs1GYTKMml3z
f8kzflWyCiAc2bSXHGpbmXLLKoGs4LsnnFaxctY0Z6KZr2RfUsbPK6fX31RxwfBK
LJ7e4dXaOOXCyrniWnzc/qmomNHeX+RUNKKUpmLrWFPIq3jtOZ0uI3hn3NCUrTrJ
p7xUJ/koo32JRMoYQN61gS6I4e1aqJfGOOsx4GCrKJyuns2H
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:29:28 2025 by rpki-client