Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/UPqBOeYmhujfo2CY7qUhMtsEoyE.roa
File:                     UPqBOeYmhujfo2CY7qUhMtsEoyE.roa (raw, json)
Hash identifier:          T+TRzn+JO19WIMfdxOaxgv7wRr3VTOebZWicUCEgKtg=
Subject key identifier:   50:FA:81:39:E6:26:86:E8:DF:A3:60:98:EE:A5:21:32:DB:04:A3:21
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0199AF69592FBF17792E90265B344FC92EB2
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/UPqBOeYmhujfo2CY7qUhMtsEoyE.roa
Signing time:             Sat 04 Oct 2025 13:29:00 +0000
ROA not before:           Sat 04 Oct 2025 13:29:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205548
IP address blocks:        2a14:67c1:c800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:af:69:59:2f:bf:17:79:2e:90:26:5b:34:4f:c9:2e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Oct  4 13:29:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50fa8139e62686e8dfa36098eea52132db04a321
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:e0:ff:08:31:df:b5:12:63:88:9a:8e:80:f1:
                    6e:81:58:25:58:c6:50:68:a5:b3:78:28:17:a9:e0:
                    63:e8:f0:72:59:8d:49:cb:9e:2d:65:7d:bc:a3:db:
                    be:32:9a:c0:2f:2e:ea:ce:39:03:2e:d3:70:21:6b:
                    f2:ed:a6:20:ac:80:b2:71:06:b6:f8:38:f0:cb:08:
                    59:00:f5:e5:6a:5f:3d:22:ac:0a:be:06:3c:dd:7a:
                    f3:da:87:c8:cf:c4:eb:06:09:28:7a:a2:0d:26:c5:
                    79:4d:86:39:fc:4d:62:c3:f5:36:76:40:35:72:53:
                    84:5c:4c:33:b4:ff:4f:a9:5f:2c:12:30:b1:c2:21:
                    ad:20:fb:85:fd:5d:d3:0f:57:13:7d:0d:a2:11:10:
                    42:d3:32:53:ad:a5:ef:60:23:ba:69:33:62:f2:92:
                    83:9d:1d:6a:f3:02:39:5f:b0:5b:c8:a9:56:f0:b8:
                    a7:00:81:2b:7d:6a:d3:bb:01:54:bc:4e:4e:35:eb:
                    83:ef:ce:3b:3d:99:45:0b:b2:4d:4a:8b:9a:05:63:
                    5a:4b:c3:43:9a:a3:c4:ab:82:c3:c6:7d:4a:c2:aa:
                    0b:96:6b:bb:0f:3e:42:5b:75:1f:4e:17:62:fc:d2:
                    26:48:b9:2b:65:bd:c4:ae:ea:16:16:e3:39:fb:29:
                    86:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:FA:81:39:E6:26:86:E8:DF:A3:60:98:EE:A5:21:32:DB:04:A3:21
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/UPqBOeYmhujfo2CY7qUhMtsEoyE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:c800::/40

    Signature Algorithm: sha256WithRSAEncryption
         46:e5:09:10:5c:4b:79:75:1d:83:16:c2:98:3c:65:46:29:bd:
         98:3a:3c:7e:76:1a:7e:9c:b0:ad:56:0b:08:55:7f:62:91:81:
         9b:8b:73:26:59:d7:e7:cf:94:4d:9a:2f:e4:8f:d2:31:03:37:
         86:64:7e:bb:c4:6b:8c:4b:26:0d:f4:c3:86:b2:46:ac:17:33:
         95:fc:b3:ae:32:00:50:df:80:e9:d8:77:9d:df:bc:fa:9f:95:
         76:1b:8b:4d:f9:1c:27:e3:42:9b:5e:06:ca:7c:ac:24:e0:39:
         4c:a0:c5:e7:e5:b8:7d:c1:bd:64:e2:9f:97:19:7b:5e:60:6d:
         a9:5c:aa:29:7d:8c:d1:1e:3e:b6:6e:62:a0:d3:10:30:90:7d:
         cc:f6:51:2d:cf:f9:46:07:f4:c7:19:7f:0d:4c:cf:e1:21:ca:
         27:01:b6:59:a6:7f:9d:b6:12:00:c4:df:d7:ea:3b:21:01:f6:
         c4:2f:1b:5b:ef:d2:f0:19:d2:a5:8c:29:89:a9:bb:75:0c:3f:
         5f:ba:3f:bf:0d:60:7a:d7:05:93:60:c1:55:5f:08:5e:1e:b7:
         43:0a:d1:25:02:8f:dd:e0:56:18:29:93:32:f9:8a:ad:39:ff:
         a5:d2:c0:75:3e:69:89:c6:53:04:56:c0:7a:c7:cc:61:0b:cf:
         fc:ed:ed:f9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmvaVkvvxd5LpAmWzRPyS6yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMDA0MTMyOTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGZhODEzOWU2MjY4NmU4ZGZhMzYwOThlZWE1MjEzMmRiMDRhMzIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouD/CDHftRJjiJqOgPFugVglWMZQ
aKWzeCgXqeBj6PByWY1Jy54tZX28o9u+MprALy7qzjkDLtNwIWvy7aYgrICycQa2
+DjwywhZAPXlal89IqwKvgY83Xrz2ofIz8TrBgkoeqINJsV5TYY5/E1iw/U2dkA1
clOEXEwztP9PqV8sEjCxwiGtIPuF/V3TD1cTfQ2iERBC0zJTraXvYCO6aTNi8pKD
nR1q8wI5X7BbyKlW8LinAIErfWrTuwFUvE5ONeuD7847PZlFC7JNSouaBWNaS8ND
mqPEq4LDxn1KwqoLlmu7Dz5CW3UfThdi/NImSLkrZb3EruoWFuM5+ymGJwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFD6gTnmJobo36NgmO6lITLbBKMhMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvVVBxQk9lWW1odWpmbzJDWTdxVWhNdHNFb3lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwcgw
DQYJKoZIhvcNAQELBQADggEBAEblCRBcS3l1HYMWwpg8ZUYpvZg6PH52Gn6csK1W
CwhVf2KRgZuLcyZZ1+fPlE2aL+SP0jEDN4ZkfrvEa4xLJg30w4ayRqwXM5X8s64y
AFDfgOnYd53fvPqflXYbi035HCfjQpteBsp8rCTgOUygxefluH3BvWTin5cZe15g
balcqil9jNEePrZuYqDTEDCQfcz2US3P+UYH9McZfw1Mz+EhyicBtlmmf522EgDE
39fqOyEB9sQvG1vv0vAZ0qWMKYmpu3UMP1+6P78NYHrXBZNgwVVfCF4et0MK0SUC
j93gVhgpkzL5iq05/6XSwHU+aYnGUwRWwHrHzGELz/zt7fk=
-----END CERTIFICATE-----