Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Rdr5aKcjB1UsXwfZL2GIWBY2JpY.roa
File:                     Rdr5aKcjB1UsXwfZL2GIWBY2JpY.roa (raw, json)
Hash identifier:          GHwAcaihwsUan+4O/ROylzlGD4JVt8wd7/y5GXWheM0=
Subject key identifier:   45:DA:F9:68:A7:23:07:55:2C:5F:07:D9:2F:61:88:58:16:36:26:96
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019DDA5D6E9B92B528464C659B1A8E057BC8
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Rdr5aKcjB1UsXwfZL2GIWBY2JpY.roa
Signing time:             Wed 29 Apr 2026 17:50:49 +0000
ROA not before:           Wed 29 Apr 2026 17:50:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214704
IP address blocks:        2a14:67c3:4000::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 19:51:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:5d:6e:9b:92:b5:28:46:4c:65:9b:1a:8e:05:7b:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 29 17:50:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=45daf968a72307552c5f07d92f61885816362696
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ba:98:3d:df:c7:1a:fb:28:ce:3e:bd:29:91:
                    f6:9e:9a:df:4a:1a:ae:ac:89:10:80:59:a4:fe:c4:
                    24:29:a9:13:78:1a:73:bc:68:07:4c:ed:96:1c:56:
                    56:1a:40:b0:89:ab:07:13:48:fc:03:0e:ed:05:92:
                    fd:93:87:48:ed:8f:2b:05:7c:6f:8a:11:7d:72:8c:
                    ca:ac:65:cb:e8:65:8d:e9:97:d2:bb:9c:33:18:da:
                    5f:68:c2:d2:6c:07:0a:7c:f6:00:6b:74:13:4e:c7:
                    e5:83:fc:4d:b3:6d:da:ac:7b:00:16:48:0a:62:e3:
                    30:a7:65:62:42:12:4e:05:2f:c3:41:8f:36:9e:fd:
                    26:f9:30:d9:11:f8:ba:98:17:5f:ed:f2:63:07:38:
                    b5:bf:c1:56:6c:04:72:08:d4:2f:c1:c2:c9:5d:1c:
                    76:d5:cc:71:b7:05:29:38:d3:32:b3:cb:48:ab:30:
                    48:18:d8:c1:30:1d:08:fa:dc:6f:c7:c6:6d:38:3c:
                    45:7e:87:d2:dd:84:e2:79:b8:67:15:55:17:32:d3:
                    e8:68:47:e1:8a:ef:a0:ac:a4:f4:29:6c:59:e4:e8:
                    66:1c:a4:f1:ef:55:e2:ec:3e:df:c3:2d:96:f4:38:
                    ea:f0:c9:ea:97:ab:84:31:19:bb:2b:0d:20:2f:28:
                    c6:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:DA:F9:68:A7:23:07:55:2C:5F:07:D9:2F:61:88:58:16:36:26:96
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Rdr5aKcjB1UsXwfZL2GIWBY2JpY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c3:4000::/44

    Signature Algorithm: sha256WithRSAEncryption
         23:52:fd:00:f3:7b:6f:91:8a:38:81:bc:6b:e4:ec:b6:d2:31:
         d2:9e:90:c5:64:71:ca:7a:ee:13:ab:cd:d2:88:05:d7:2f:6e:
         96:63:43:1b:c8:e2:ef:89:bc:7b:d6:e9:84:6f:73:af:b9:62:
         46:ce:ce:f5:63:85:c5:f2:6a:03:d0:ce:2c:0a:9e:74:30:b8:
         ee:78:fd:51:c4:17:57:8f:fd:c5:45:75:6c:cb:a5:43:1a:66:
         8a:35:ea:74:90:ed:87:17:10:b6:0f:0b:1e:a0:bf:66:4c:9e:
         f8:63:2b:d1:9a:f3:e3:64:63:61:5e:b9:8e:d8:b2:87:43:e2:
         17:36:e1:1e:2d:81:1b:9e:3a:5f:9c:15:3b:48:d0:74:45:3a:
         d5:53:23:4b:d2:dc:d5:d1:cd:18:6f:15:80:35:3c:77:b5:a6:
         58:ec:6a:4d:91:70:b7:eb:5c:2b:e6:ee:8e:3c:6e:7d:88:67:
         4f:b2:3e:94:c4:50:76:e3:a2:8f:e3:7f:e0:52:18:f1:f2:f0:
         b7:f2:87:f8:26:f3:32:3f:2f:71:9d:69:f0:16:12:6e:3c:d2:
         e5:b6:0e:89:e7:d0:97:b3:e7:ae:56:fd:13:f7:9d:14:17:fa:
         b3:a3:6a:77:1c:4a:a5:e6:6f:71:54:1a:7a:49:c4:9e:74:a3:
         1d:8c:1d:f4
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3aXW6bkrUoRkxlmxqOBXvIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjYwNDI5MTc1MDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWRhZjk2OGE3MjMwNzU1MmM1ZjA3ZDkyZjYxODg1ODE2MzYyNjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLqYPd/HGvsozj69KZH2nprfShqu
rIkQgFmk/sQkKakTeBpzvGgHTO2WHFZWGkCwiasHE0j8Aw7tBZL9k4dI7Y8rBXxv
ihF9cozKrGXL6GWN6ZfSu5wzGNpfaMLSbAcKfPYAa3QTTsflg/xNs23arHsAFkgK
YuMwp2ViQhJOBS/DQY82nv0m+TDZEfi6mBdf7fJjBzi1v8FWbARyCNQvwcLJXRx2
1cxxtwUpONMys8tIqzBIGNjBMB0I+txvx8ZtODxFfofS3YTiebhnFVUXMtPoaEfh
iu+grKT0KWxZ5OhmHKTx71Xi7D7fwy2W9Djq8Mnql6uEMRm7Kw0gLyjGIwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEXa+WinIwdVLF8H2S9hiFgWNiaWMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvUmRyNWFLY2pCMVVzWHdmWkwyR0lXQlkySnBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhRnw0AA
MA0GCSqGSIb3DQEBCwUAA4IBAQAjUv0A83tvkYo4gbxr5Oy20jHSnpDFZHHKeu4T
q83SiAXXL26WY0MbyOLvibx71umEb3OvuWJGzs71Y4XF8moD0M4sCp50MLjueP1R
xBdXj/3FRXVsy6VDGmaKNep0kO2HFxC2DwseoL9mTJ74YyvRmvPjZGNhXrmO2LKH
Q+IXNuEeLYEbnjpfnBU7SNB0RTrVUyNL0tzV0c0YbxWANTx3taZY7GpNkXC361wr
5u6OPG59iGdPsj6UxFB246KP43/gUhjx8vC38of4JvMyPy9xnWnwFhJuPNLltg6J
59CXs+euVv0T950UF/qzo2p3HEql5m9xVBp6ScSedKMdjB30
-----END CERTIFICATE-----