Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ZFOXIg0OEPtnBjfbywrEG5iZOIo.roa
File:                     ZFOXIg0OEPtnBjfbywrEG5iZOIo.roa (raw, json)
Hash identifier:          Ryy+wPPRhz6QBXpj3jwSi5cqGdl/f+SrE3JOHaH2kp0=
Subject key identifier:   64:53:97:22:0D:0E:10:FB:67:06:37:DB:CB:0A:C4:1B:98:99:38:8A
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       01968B2AF51D7DD41AD266405329534D84BD
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ZFOXIg0OEPtnBjfbywrEG5iZOIo.roa
Signing time:             Thu 01 May 2025 09:26:10 +0000
ROA not before:           Thu 01 May 2025 09:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210352
IP address blocks:        2a14:67c1:a068::/48 maxlen: 48
                          2a14:67c1:a090::/44 maxlen: 48
                          2a14:67c1:b000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 06 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8b:2a:f5:1d:7d:d4:1a:d2:66:40:53:29:53:4d:84:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: May  1 09:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=645397220d0e10fb670637dbcb0ac41b9899388a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:7f:1c:62:9b:02:87:c7:51:bb:ae:4f:33:db:
                    25:18:83:a7:2b:11:0c:a7:63:51:3e:fa:10:ea:5d:
                    cb:21:96:0d:bc:6e:e9:ea:f4:02:79:34:65:e2:d5:
                    a5:18:55:d5:db:e5:50:94:99:6f:a7:5c:98:94:cf:
                    5e:ba:4c:24:70:da:e1:49:07:49:e6:05:54:b7:43:
                    c9:59:eb:0e:f0:3e:90:5b:2c:b4:5d:ff:99:2e:3f:
                    d4:a2:0e:cc:f2:e3:cf:e2:76:41:6c:cf:33:78:b2:
                    60:43:4f:4a:d1:f6:d5:5a:58:68:79:02:89:68:a9:
                    1d:a2:49:8d:53:58:b4:67:a9:ea:52:fd:b9:8c:ab:
                    bd:99:d2:ce:9f:89:f3:b4:f0:93:94:09:d6:d0:e3:
                    9b:74:c0:7a:00:44:4f:83:e4:a4:93:8a:c5:74:4d:
                    b5:25:65:66:a7:06:8c:4b:f3:fe:72:cf:9c:8b:1d:
                    03:20:16:c3:28:00:aa:12:07:eb:0f:90:f5:59:ad:
                    94:48:3e:6c:0a:be:c9:67:a3:13:d0:d1:f7:12:90:
                    11:85:6b:d2:68:42:80:29:2a:39:d3:4b:d1:de:e9:
                    16:fb:0d:bc:2a:13:63:61:bd:14:94:72:20:fa:a2:
                    ce:06:74:73:7c:ec:b8:ca:2b:18:50:1c:8f:5e:44:
                    f0:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:53:97:22:0D:0E:10:FB:67:06:37:DB:CB:0A:C4:1B:98:99:38:8A
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/ZFOXIg0OEPtnBjfbywrEG5iZOIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a068::/48
                  2a14:67c1:a090::/44
                  2a14:67c1:b000::/48

    Signature Algorithm: sha256WithRSAEncryption
         56:0d:9c:88:46:84:69:34:9b:01:00:1c:c5:df:07:3a:9f:a7:
         2c:f6:1f:c4:69:e4:d0:cc:21:e5:d4:e6:16:13:f1:f6:5a:f5:
         48:dd:24:96:20:a0:e3:98:bc:8f:e0:1a:5f:cf:44:c9:4c:b5:
         53:1c:1f:92:d8:ff:60:ab:30:9d:79:10:97:59:f3:b1:a6:a2:
         a5:49:37:f8:85:6a:a9:3d:73:eb:eb:71:54:7e:bd:13:24:0e:
         e5:50:43:f2:b4:45:44:ba:f2:42:9b:a3:a1:20:e1:08:08:14:
         79:3e:09:ca:ae:de:8d:55:34:da:8a:a0:2b:f7:2e:d6:8b:9d:
         cc:ab:af:d3:66:2e:4e:29:99:e8:3f:3b:5d:50:a2:b8:27:98:
         b3:af:fa:84:be:9f:1e:12:7c:3b:e4:45:f4:5c:a9:2e:e1:4d:
         f4:95:6b:aa:e4:a2:fb:f2:ac:50:46:95:ea:30:34:6d:fa:72:
         3a:a4:8f:66:eb:79:e5:e8:95:47:1a:f7:8f:d4:52:55:c7:21:
         d8:2a:f8:bf:8a:fd:08:b2:83:5d:1a:2c:76:c2:7c:5d:3f:74:
         17:84:b9:76:18:87:70:f3:c0:81:41:be:fa:fe:c9:1f:48:f1:
         39:9b:ae:85:ba:bf:76:12:0f:a3:76:80:2c:6e:67:d9:a2:28:
         78:c2:5d:9d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZaLKvUdfdQa0mZAUylTTYS9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNTAxMDkyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDUzOTcyMjBkMGUxMGZiNjcwNjM3ZGJjYjBhYzQxYjk4OTkzODhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4H8cYpsCh8dRu65PM9slGIOnKxEM
p2NRPvoQ6l3LIZYNvG7p6vQCeTRl4tWlGFXV2+VQlJlvp1yYlM9eukwkcNrhSQdJ
5gVUt0PJWesO8D6QWyy0Xf+ZLj/Uog7M8uPP4nZBbM8zeLJgQ09K0fbVWlhoeQKJ
aKkdokmNU1i0Z6nqUv25jKu9mdLOn4nztPCTlAnW0OObdMB6AERPg+Skk4rFdE21
JWVmpwaMS/P+cs+cix0DIBbDKACqEgfrD5D1Wa2USD5sCr7JZ6MT0NH3EpARhWvS
aEKAKSo500vR3ukW+w28KhNjYb0UlHIg+qLOBnRzfOy4yisYUByPXkTweQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGRTlyINDhD7ZwY328sKxBuYmTiKMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvWkZPWElnME9FUHRuQmpmYnl3ckVHNWlaT0lvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcAKhRnwaBo
AwcEKhRnwaCQAwcAKhRnwbAAMA0GCSqGSIb3DQEBCwUAA4IBAQBWDZyIRoRpNJsB
ABzF3wc6n6cs9h/EaeTQzCHl1OYWE/H2WvVI3SSWIKDjmLyP4Bpfz0TJTLVTHB+S
2P9gqzCdeRCXWfOxpqKlSTf4hWqpPXPr63FUfr0TJA7lUEPytEVEuvJCm6OhIOEI
CBR5PgnKrt6NVTTaiqAr9y7Wi53Mq6/TZi5OKZnoPztdUKK4J5izr/qEvp8eEnw7
5EX0XKku4U30lWuq5KL78qxQRpXqMDRt+nI6pI9m63nl6JVHGveP1FJVxyHYKvi/
iv0IsoNdGix2wnxdP3QXhLl2GIdw88CBQb76/skfSPE5m66Fur92Eg+jdoAsbmfZ
oih4wl2d
-----END CERTIFICATE-----