Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/KC1VRLfkRjJaTRJkoqJn0hRlI84.roa
File:                     KC1VRLfkRjJaTRJkoqJn0hRlI84.roa (raw, json)
Hash identifier:          tQWG0ggjDXD3kpeWao/i+euRv960YKPeRVxpWQ6SB8g=
Subject key identifier:   28:2D:55:44:B7:E4:46:32:5A:4D:12:64:A2:A2:67:D2:14:65:23:CE
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01968B2835F5EA67DE8AF814DEF396B992F6
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/KC1VRLfkRjJaTRJkoqJn0hRlI84.roa
Signing time:             Thu 01 May 2025 09:23:10 +0000
ROA not before:           Thu 01 May 2025 09:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211729
IP address blocks:        2a14:67c1:b400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 03:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8b:28:35:f5:ea:67:de:8a:f8:14:de:f3:96:b9:92:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: May  1 09:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=282d5544b7e446325a4d1264a2a267d2146523ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:f9:36:e2:2d:f6:44:fa:43:87:9b:c9:da:fc:
                    f6:8a:a2:a4:14:e6:03:ef:ca:b0:e0:50:d1:01:4e:
                    0b:f4:02:1c:37:b4:74:96:8e:6d:ea:83:cd:46:4d:
                    3e:90:e2:3c:79:c0:e8:32:0d:a1:71:78:69:dd:db:
                    a7:40:09:87:f8:f4:44:9b:c3:e0:bf:a2:48:3c:1b:
                    4b:49:71:20:bd:fa:a0:e9:04:f0:b4:4b:1c:26:38:
                    21:75:19:c6:a2:f9:da:ec:27:b6:99:4a:f6:04:12:
                    4a:69:1c:90:ad:50:b2:3b:2d:c7:41:31:1c:ae:2b:
                    f1:8d:80:a5:c3:3a:e9:e4:62:75:9f:13:2d:cc:f4:
                    94:2e:67:2f:10:74:97:e5:8d:1a:7e:1c:dc:62:6d:
                    42:19:2a:eb:46:10:fe:99:05:4a:f9:b5:c0:9b:38:
                    3b:14:41:f5:ef:e3:82:87:41:93:5f:90:d8:68:2b:
                    18:21:36:c9:4c:49:4a:5b:2b:14:06:8f:91:d8:43:
                    25:05:f4:15:af:f7:96:63:64:24:d0:8e:41:83:9e:
                    cb:9b:7a:8e:d8:3a:6c:d6:a4:79:ce:54:ff:07:99:
                    af:44:bb:4b:c4:6a:ea:d7:3d:aa:72:7f:eb:01:4d:
                    b1:39:06:7c:e7:71:60:2d:a1:d5:f5:14:fc:d2:15:
                    ef:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:2D:55:44:B7:E4:46:32:5A:4D:12:64:A2:A2:67:D2:14:65:23:CE
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/KC1VRLfkRjJaTRJkoqJn0hRlI84.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b400::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:94:9f:58:45:8e:f6:5d:08:2a:88:6b:e1:ee:22:c3:de:89:
         c2:88:23:69:2b:7a:c8:87:66:3b:ab:72:c2:c5:70:ae:69:72:
         53:4c:cf:f3:4e:ea:47:10:d9:40:5d:ed:d1:d6:ec:8c:b5:1e:
         30:45:05:18:90:e3:90:ed:c4:7c:10:93:2e:a8:3a:9c:7b:b3:
         48:e0:95:61:47:ad:ae:99:a8:5f:7d:88:c4:7c:d2:bf:84:18:
         37:d1:a9:47:e9:49:b0:0f:b1:06:96:4b:02:25:4c:b4:72:3c:
         5f:c6:65:93:26:d5:3e:70:6c:3c:a3:5c:b1:20:4a:ea:fd:1d:
         a4:cb:ed:6d:63:69:06:6f:3e:1a:c4:d4:79:a9:56:dc:29:1f:
         5e:ba:e6:e0:7a:e2:06:5a:6b:f7:c8:ab:a4:df:34:b6:7a:28:
         8b:f1:43:70:49:51:5d:e6:02:9f:18:7e:b0:17:ec:e3:54:21:
         e6:a9:bb:b5:0e:0b:82:e3:cd:1c:43:e2:97:f9:ff:58:3c:9a:
         e2:4c:a8:5c:29:48:ab:70:33:00:e4:2e:48:8f:8b:26:d2:69:
         0b:03:72:01:bb:f9:64:b7:a1:6e:fd:94:99:f8:83:0c:4a:65:
         1f:d5:a5:2f:01:e4:9a:86:8f:09:6a:51:b3:ba:57:71:26:2e:
         ad:21:f4:5d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZaLKDX16mfeivgU3vOWuZL2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNTAxMDkyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyODJkNTU0NGI3ZTQ0NjMyNWE0ZDEyNjRhMmEyNjdkMjE0NjUyM2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsPk24i32RPpDh5vJ2vz2iqKkFOYD
78qw4FDRAU4L9AIcN7R0lo5t6oPNRk0+kOI8ecDoMg2hcXhp3dunQAmH+PREm8Pg
v6JIPBtLSXEgvfqg6QTwtEscJjghdRnGovna7Ce2mUr2BBJKaRyQrVCyOy3HQTEc
rivxjYClwzrp5GJ1nxMtzPSULmcvEHSX5Y0afhzcYm1CGSrrRhD+mQVK+bXAmzg7
FEH17+OCh0GTX5DYaCsYITbJTElKWysUBo+R2EMlBfQVr/eWY2Qk0I5Bg57Lm3qO
2Dps1qR5zlT/B5mvRLtLxGrq1z2qcn/rAU2xOQZ853FgLaHV9RT80hXv6wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCgtVUS35EYyWk0SZKKiZ9IUZSPOMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvS0MxVlJMZmtSakphVFJKa29xSm4waFJsSTg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwbQw
DQYJKoZIhvcNAQELBQADggEBACqUn1hFjvZdCCqIa+HuIsPeicKII2kresiHZjur
csLFcK5pclNMz/NO6kcQ2UBd7dHW7Iy1HjBFBRiQ45DtxHwQky6oOpx7s0jglWFH
ra6ZqF99iMR80r+EGDfRqUfpSbAPsQaWSwIlTLRyPF/GZZMm1T5wbDyjXLEgSur9
HaTL7W1jaQZvPhrE1HmpVtwpH1665uB64gZaa/fIq6TfNLZ6KIvxQ3BJUV3mAp8Y
frAX7ONUIeapu7UOC4LjzRxD4pf5/1g8muJMqFwpSKtwMwDkLkiPiybSaQsDcgG7
+WS3oW79lJn4gwxKZR/VpS8B5JqGjwlqUbO6V3EmLq0h9F0=
-----END CERTIFICATE-----