Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VN-x3if2JfSigyOSHLCs6UizS4M.roa
File:                     VN-x3if2JfSigyOSHLCs6UizS4M.roa (raw, json)
Hash identifier:          mr97YYgeFYA7EPEZZwoik/VjswtT3aAYQjI6+eLZYiU=
Subject key identifier:   54:DF:B1:DE:27:F6:25:F4:A2:83:23:92:1C:B0:AC:E9:48:B3:4B:83
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01966681E303D720F5D1AFA132DC79940322
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VN-x3if2JfSigyOSHLCs6UizS4M.roa
Signing time:             Thu 24 Apr 2025 06:35:10 +0000
ROA not before:           Thu 24 Apr 2025 06:35:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210176
IP address blocks:        2a14:67c1:a062::/48 maxlen: 48
                          2a14:67c1:a100::/44 maxlen: 48
                          2a14:67c1:b000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:66:81:e3:03:d7:20:f5:d1:af:a1:32:dc:79:94:03:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Apr 24 06:35:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54dfb1de27f625f4a28323921cb0ace948b34b83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:25:83:72:3b:fe:77:7c:26:20:91:2a:04:8c:
                    ca:e8:75:00:2e:89:9d:74:42:e6:20:13:62:1b:b4:
                    ad:2f:d1:a2:3a:12:20:0e:82:b8:63:c7:28:ae:6b:
                    62:5a:e3:4f:02:a4:e4:b2:39:ee:ad:f8:46:1f:6b:
                    b8:97:54:44:41:43:4c:d4:3c:69:b1:ab:a6:d7:45:
                    31:e1:d5:c0:ed:72:d8:af:ce:be:22:94:57:63:bd:
                    b7:39:72:8a:0d:cb:9f:41:dd:06:f8:99:67:75:16:
                    33:b0:18:d6:6b:6d:8d:d3:46:b2:08:4d:6c:5a:4f:
                    18:d0:f5:c8:51:d8:80:cc:81:11:73:70:98:bc:c1:
                    e4:5f:db:45:da:73:5c:c0:e2:47:cd:e2:0c:d0:b2:
                    30:33:2d:dc:4a:4f:cd:3c:19:4b:9c:65:11:da:5a:
                    a1:6b:e9:f0:d8:68:45:21:08:14:d5:42:e4:08:96:
                    e3:d3:16:53:75:e4:a7:3e:7d:09:c9:c2:8d:8c:a2:
                    10:7b:cb:c3:10:f0:72:ec:8f:8c:c0:44:5d:c6:dd:
                    39:8d:cb:cb:d0:ca:4f:33:ec:32:8f:37:9f:0f:90:
                    df:1d:a2:1a:d0:15:1f:c4:16:04:24:62:c7:2b:62:
                    11:b2:8b:3c:a1:e2:f1:54:47:31:4e:81:83:dc:45:
                    73:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:DF:B1:DE:27:F6:25:F4:A2:83:23:92:1C:B0:AC:E9:48:B3:4B:83
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/VN-x3if2JfSigyOSHLCs6UizS4M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a062::/48
                  2a14:67c1:a100::/44
                  2a14:67c1:b000::/48

    Signature Algorithm: sha256WithRSAEncryption
         24:e6:38:91:e1:ab:80:a3:4d:cf:6c:35:ef:11:a9:76:f5:e9:
         54:6c:81:ba:07:9b:05:19:c6:0c:c4:30:1d:c7:21:fe:4a:e8:
         d0:81:7f:a6:ff:f6:f0:07:33:0c:09:ce:78:0c:1c:6a:f2:81:
         e2:6d:2c:9a:4c:39:c4:a2:d0:99:cd:d8:37:19:6b:b8:bf:24:
         f1:28:8b:87:e6:65:6a:96:a0:dd:a9:59:88:a6:60:3d:c6:c1:
         e5:9b:6e:07:09:ae:58:84:a8:a6:68:69:88:9c:8b:b5:23:8d:
         ee:24:86:51:01:61:17:f5:d9:54:ef:f3:ce:58:c3:95:59:58:
         12:a1:f1:05:07:60:2d:58:26:76:5b:00:17:b3:2c:ce:19:ec:
         41:6f:ef:b1:23:46:de:f6:a5:8a:a2:2b:85:41:b0:55:3a:1b:
         a1:a2:c8:6e:2e:29:71:31:39:dd:21:ad:ca:61:1c:e8:89:a3:
         11:c3:a1:70:4e:fa:26:7d:0e:c3:c2:f8:c0:5c:87:3c:e1:19:
         aa:91:54:dc:03:d7:96:00:75:ee:13:c5:2d:b8:1e:ed:ac:28:
         02:e7:65:99:50:0c:99:2c:4f:40:7b:c5:23:c9:3d:5f:0f:30:
         9b:87:c2:93:fa:0b:ae:00:85:c6:22:36:62:13:3d:4c:2e:4d:
         86:ed:25:63
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZZmgeMD1yD10a+hMtx5lAMiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNDI0MDYzNTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGRmYjFkZTI3ZjYyNWY0YTI4MzIzOTIxY2IwYWNlOTQ4YjM0YjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyWDcjv+d3wmIJEqBIzK6HUALomd
dELmIBNiG7StL9GiOhIgDoK4Y8cormtiWuNPAqTksjnurfhGH2u4l1REQUNM1Dxp
saum10Ux4dXA7XLYr86+IpRXY723OXKKDcufQd0G+JlndRYzsBjWa22N00ayCE1s
Wk8Y0PXIUdiAzIERc3CYvMHkX9tF2nNcwOJHzeIM0LIwMy3cSk/NPBlLnGUR2lqh
a+nw2GhFIQgU1ULkCJbj0xZTdeSnPn0JycKNjKIQe8vDEPBy7I+MwERdxt05jcvL
0MpPM+wyjzefD5DfHaIa0BUfxBYEJGLHK2IRsos8oeLxVEcxToGD3EVz/QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFFTfsd4n9iX0ooMjkhywrOlIs0uDMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvVk4teDNpZjJKZlNpZ3lPU0hMQ3M2VWl6UzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKhRnwaBi
AwcEKhRnwaEAAwcAKhRnwbAAMA0GCSqGSIb3DQEBCwUAA4IBAQAk5jiR4auAo03P
bDXvEal29elUbIG6B5sFGcYMxDAdxyH+SujQgX+m//bwBzMMCc54DBxq8oHibSya
TDnEotCZzdg3GWu4vyTxKIuH5mVqlqDdqVmIpmA9xsHlm24HCa5YhKimaGmInIu1
I43uJIZRAWEX9dlU7/POWMOVWVgSofEFB2AtWCZ2WwAXsyzOGexBb++xI0be9qWK
oiuFQbBVOhuhoshuLilxMTndIa3KYRzoiaMRw6FwTvomfQ7DwvjAXIc84RmqkVTc
A9eWAHXuE8UtuB7trCgC52WZUAyZLE9Ae8UjyT1fDzCbh8KT+guuAIXGIjZiEz1M
Lk2G7SVj
-----END CERTIFICATE-----