Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/LbhaPY2Afqw48Suww6Do1_qK6BQ.roa
File:                     LbhaPY2Afqw48Suww6Do1_qK6BQ.roa (raw, json)
Hash identifier:          aN/6OL93wo5nDHUw1S3zZgF/S3MBI/o5tdPWwLCnoos=
Subject key identifier:   2D:B8:5A:3D:8D:80:7E:AC:38:F1:2B:B0:C3:A0:E8:D7:FA:8A:E8:14
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01966681E44287E32B6A306B20F7D8961ADB
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/LbhaPY2Afqw48Suww6Do1_qK6BQ.roa
Signing time:             Thu 24 Apr 2025 06:35:10 +0000
ROA not before:           Thu 24 Apr 2025 06:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210440
IP address blocks:        2a14:67c1:b000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 18:19:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:81:e4:42:87:e3:2b:6a:30:6b:20:f7:d8:96:1a:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 24 06:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2db85a3d8d807eac38f12bb0c3a0e8d7fa8ae814
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:4b:33:b4:fc:62:7d:9f:cb:ec:45:01:e9:b7:
                    dd:98:0d:63:0b:e6:76:6b:01:81:08:c1:ad:27:be:
                    d4:0a:b0:77:c9:c4:ff:2f:63:eb:56:14:f4:79:97:
                    bc:53:23:e8:2f:bc:20:74:ca:a8:27:b5:a9:97:5e:
                    e0:90:2f:63:f5:83:e2:35:56:69:c7:c5:0c:4f:9e:
                    0a:ee:ae:0e:25:f8:90:31:c5:59:c0:ef:5b:7a:13:
                    d5:6e:5f:d0:5f:a6:10:1a:2b:4e:bd:66:71:f7:37:
                    b7:32:98:46:e9:04:8a:2d:00:ba:dd:60:41:8b:5f:
                    a2:ad:b7:af:b9:29:78:03:eb:ae:0a:1c:6d:8b:d6:
                    b1:77:d0:04:85:c0:d7:79:56:0f:f2:3e:e5:58:e4:
                    71:3a:99:84:43:1e:fe:9b:36:66:64:98:6a:7f:b6:
                    e6:05:2d:3d:c0:38:f1:ca:72:fa:b2:23:4e:f3:5c:
                    49:75:93:be:e5:4a:df:cb:53:a8:4c:d2:5d:53:63:
                    3e:c7:4f:5c:47:e2:ae:29:95:91:b8:7f:44:43:50:
                    ea:ee:58:31:d7:7c:a9:db:e8:e5:78:ea:eb:97:1b:
                    0e:98:8a:f1:85:30:15:5b:cf:5b:6f:6f:36:e3:b7:
                    d6:2c:60:83:68:02:f5:76:e9:b8:0f:74:0d:c8:38:
                    95:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B8:5A:3D:8D:80:7E:AC:38:F1:2B:B0:C3:A0:E8:D7:FA:8A:E8:14
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/LbhaPY2Afqw48Suww6Do1_qK6BQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b000::/48

    Signature Algorithm: sha256WithRSAEncryption
         a0:f0:f6:d2:9e:ae:46:41:97:ed:f4:a0:5b:02:f0:06:04:3a:
         f8:bc:e3:a3:ef:7b:5c:59:01:67:8d:26:24:50:ba:6c:79:f6:
         bf:da:2d:fe:2a:53:c2:40:c8:64:05:4d:de:a6:5c:35:c5:31:
         c4:6f:9b:a4:b0:0d:85:4d:09:d0:df:69:8b:df:ca:e3:85:00:
         aa:b5:67:03:a2:54:5f:93:ce:0b:d8:59:8b:4d:50:76:9f:1e:
         02:48:64:9f:2e:4a:e5:76:75:8c:fe:bb:84:1c:be:63:7a:b4:
         8a:aa:04:1a:8b:ae:d8:b8:12:8a:03:f9:b1:4a:30:57:e5:c1:
         0a:e3:5d:9c:63:f7:00:52:d5:3f:af:8f:b8:a2:90:ab:4f:af:
         3a:d5:ff:dc:e6:23:78:5a:b2:97:df:e5:f4:3b:5f:58:03:ea:
         e2:1c:22:64:8d:b1:99:8a:49:87:18:1b:4c:2e:08:f3:06:0e:
         29:c4:06:a1:cb:bc:8d:41:7c:98:e6:bc:a5:85:01:32:27:f2:
         02:2c:28:98:05:00:3e:a1:7b:c8:b9:a0:7c:12:8a:f0:b2:66:
         54:98:00:df:be:42:5a:0d:60:87:f0:96:2d:1b:b4:be:df:aa:
         89:1d:a9:dc:4c:56:4a:60:30:8a:40:b1:2d:11:3b:dd:8a:09:
         fb:b2:2e:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZmgeRCh+MrajBrIPfYlhrbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNDI0MDYzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGI4NWEzZDhkODA3ZWFjMzhmMTJiYjBjM2EwZThkN2ZhOGFlODE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEsztPxifZ/L7EUB6bfdmA1jC+Z2
awGBCMGtJ77UCrB3ycT/L2PrVhT0eZe8UyPoL7wgdMqoJ7Wpl17gkC9j9YPiNVZp
x8UMT54K7q4OJfiQMcVZwO9behPVbl/QX6YQGitOvWZx9ze3MphG6QSKLQC63WBB
i1+irbevuSl4A+uuChxti9axd9AEhcDXeVYP8j7lWORxOpmEQx7+mzZmZJhqf7bm
BS09wDjxynL6siNO81xJdZO+5Urfy1OoTNJdU2M+x09cR+KuKZWRuH9EQ1Dq7lgx
13yp2+jleOrrlxsOmIrxhTAVW89bb28247fWLGCDaAL1dum4D3QNyDiV+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC24Wj2NgH6sOPErsMOg6Nf6iugUMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvTGJoYVBZMkFmcXc0OFN1d3c2RG8xX3FLNkJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwbAA
MA0GCSqGSIb3DQEBCwUAA4IBAQCg8PbSnq5GQZft9KBbAvAGBDr4vOOj73tcWQFn
jSYkULpsefa/2i3+KlPCQMhkBU3eplw1xTHEb5uksA2FTQnQ32mL38rjhQCqtWcD
olRfk84L2FmLTVB2nx4CSGSfLkrldnWM/ruEHL5jerSKqgQai67YuBKKA/mxSjBX
5cEK412cY/cAUtU/r4+4opCrT6861f/c5iN4WrKX3+X0O19YA+riHCJkjbGZikmH
GBtMLgjzBg4pxAahy7yNQXyY5rylhQEyJ/ICLCiYBQA+oXvIuaB8EorwsmZUmADf
vkJaDWCH8JYtG7S+36qJHancTFZKYDCKQLEtETvdign7si5I
-----END CERTIFICATE-----