Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/6JjcOlF8DdU3QX07enfBVMIO0O0.roa
File:                     6JjcOlF8DdU3QX07enfBVMIO0O0.roa (raw, json)
Hash identifier:          bhuGN65cpRG1XGiqxjwA42eizUIrwOxtQf9kuyW+gC8=
Subject key identifier:   E8:98:DC:3A:51:7C:0D:D5:37:41:7D:3B:7A:77:C1:54:C2:0E:D0:ED
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0199D00C1A23787C4BE4374292242E263EBF
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/6JjcOlF8DdU3QX07enfBVMIO0O0.roa
Signing time:             Fri 10 Oct 2025 21:34:38 +0000
ROA not before:           Fri 10 Oct 2025 21:34:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207299
IP address blocks:        2a14:67c1:a120::/44 maxlen: 48
                          2a14:67c1:c300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d0:0c:1a:23:78:7c:4b:e4:37:42:92:24:2e:26:3e:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Oct 10 21:34:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e898dc3a517c0dd537417d3b7a77c154c20ed0ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2b:32:e9:52:ba:f7:3b:af:a6:46:87:1c:64:
                    de:64:8f:88:78:5f:1e:b6:0d:79:ba:ca:bc:79:6e:
                    31:a3:7e:e2:ba:83:83:a7:bf:e8:31:6a:35:24:74:
                    1d:b9:47:5c:7b:2b:35:a3:6d:c9:ba:7a:c6:47:1a:
                    d5:3d:75:22:a4:43:81:95:dd:16:70:b8:0f:ca:10:
                    21:27:1e:af:0a:f9:8b:fa:a1:8c:92:36:3e:8b:d0:
                    55:a0:21:7c:25:61:08:3c:2e:6e:d4:5a:43:2f:e9:
                    09:05:ec:da:68:84:5f:ab:96:43:60:5c:4b:f1:54:
                    a5:92:98:ec:a8:0b:2b:38:b8:00:56:53:70:27:f6:
                    08:00:64:fc:3b:64:99:c4:3a:8c:0c:c7:f3:6c:e5:
                    6c:99:17:43:f8:51:4c:55:01:c8:e8:8c:e5:1d:43:
                    1f:a4:e2:47:f6:34:85:86:c6:9d:fc:bd:7c:1c:2f:
                    d9:22:31:df:17:53:63:79:cf:c9:30:bc:cf:7d:06:
                    53:d7:8e:a9:a1:60:d1:92:70:b9:15:69:ca:ad:a5:
                    a9:d9:8a:d3:59:ad:45:6f:45:0b:56:5e:1d:f0:30:
                    f3:9d:c7:94:19:67:51:0d:b3:0d:ee:de:f7:0d:2d:
                    83:34:db:18:63:e7:ae:83:18:9f:28:2e:02:f6:f4:
                    e1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:98:DC:3A:51:7C:0D:D5:37:41:7D:3B:7A:77:C1:54:C2:0E:D0:ED
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/6JjcOlF8DdU3QX07enfBVMIO0O0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:a120::/44
                  2a14:67c1:c300::/40

    Signature Algorithm: sha256WithRSAEncryption
         99:f6:f6:17:7d:01:88:76:2b:0f:53:ae:cb:7c:fe:d5:4d:da:
         b6:1e:df:79:24:50:7b:6b:d9:0e:d8:ad:df:1b:85:68:de:aa:
         8e:91:4a:75:43:b6:f8:63:68:01:ab:07:34:c1:f1:2f:3d:8f:
         31:c3:b1:c3:3b:64:8e:1a:d0:f9:22:40:00:16:53:ba:2c:e7:
         12:c1:2a:01:00:e1:5e:1c:e6:cb:be:d3:6c:d1:4e:7e:10:21:
         81:ee:80:87:99:ff:63:c8:63:80:9d:65:15:4d:3e:d6:f7:14:
         c2:e7:e0:b3:47:02:54:17:d7:7c:b7:fc:33:1c:9f:df:ec:6b:
         5e:f1:74:49:d5:8f:9f:2b:09:9c:34:d3:b5:95:92:fd:62:0a:
         a1:3a:34:95:ae:f8:cb:a7:cd:42:0b:f1:79:58:a9:6b:9b:83:
         74:4f:6e:02:53:2f:c8:36:fa:38:51:52:4e:f7:6d:00:6c:83:
         47:e8:d8:0f:56:f3:46:d0:99:a4:66:67:a7:73:dc:6b:7d:d8:
         f5:dc:de:ee:04:c1:0a:55:60:7d:c7:4e:5b:eb:06:1f:35:4b:
         b1:35:76:33:8c:0f:b4:a0:20:28:88:63:78:1a:5f:b3:ad:3e:
         d6:a9:57:32:f5:27:16:14:6e:ee:65:02:8e:72:65:d9:07:69:
         76:cd:33:cb
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZnQDBojeHxL5DdCkiQuJj6/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMDEwMjEzNDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODk4ZGMzYTUxN2MwZGQ1Mzc0MTdkM2I3YTc3YzE1NGMyMGVkMGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCsy6VK69zuvpkaHHGTeZI+IeF8e
tg15usq8eW4xo37iuoODp7/oMWo1JHQduUdceys1o23JunrGRxrVPXUipEOBld0W
cLgPyhAhJx6vCvmL+qGMkjY+i9BVoCF8JWEIPC5u1FpDL+kJBezaaIRfq5ZDYFxL
8VSlkpjsqAsrOLgAVlNwJ/YIAGT8O2SZxDqMDMfzbOVsmRdD+FFMVQHI6IzlHUMf
pOJH9jSFhsad/L18HC/ZIjHfF1Njec/JMLzPfQZT146poWDRknC5FWnKraWp2YrT
Wa1Fb0ULVl4d8DDznceUGWdRDbMN7t73DS2DNNsYY+eugxifKC4C9vTh4QIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFOiY3DpRfA3VN0F9O3p3wVTCDtDtMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvNkpqY09sRjhEZFUzUVgwN2VuZkJWTUlPME8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKhRnwaEg
AwYAKhRnwcMwDQYJKoZIhvcNAQELBQADggEBAJn29hd9AYh2Kw9Trst8/tVN2rYe
33kkUHtr2Q7Yrd8bhWjeqo6RSnVDtvhjaAGrBzTB8S89jzHDscM7ZI4a0PkiQAAW
U7os5xLBKgEA4V4c5su+02zRTn4QIYHugIeZ/2PIY4CdZRVNPtb3FMLn4LNHAlQX
13y3/DMcn9/sa17xdEnVj58rCZw007WVkv1iCqE6NJWu+MunzUIL8XlYqWubg3RP
bgJTL8g2+jhRUk73bQBsg0fo2A9W80bQmaRmZ6dz3Gt92PXc3u4EwQpVYH3HTlvr
Bh81S7E1djOMD7SgICiIY3gaX7OtPtapVzL1JxYUbu5lAo5yZdkHaXbNM8s=
-----END CERTIFICATE-----