Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/_KSBSbnssDLsI6gscQswNYm7HwA.roa
File:                     _KSBSbnssDLsI6gscQswNYm7HwA.roa (raw, json)
Hash identifier:          IOXPssHU+sl18ogUhcRLFZi9HTW+/9dW6K9g3N1Dhec=
Subject key identifier:   FC:A4:81:49:B9:EC:B0:32:EC:23:A8:2C:71:0B:30:35:89:BB:1F:00
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       0199AF603244C17CBA7ADD883CD7AC22C20D
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/_KSBSbnssDLsI6gscQswNYm7HwA.roa
Signing time:             Sat 04 Oct 2025 13:19:01 +0000
ROA not before:           Sat 04 Oct 2025 13:19:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207529
IP address blocks:        2a14:67c1:c200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:af:60:32:44:c1:7c:ba:7a:dd:88:3c:d7:ac:22:c2:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Oct  4 13:19:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fca48149b9ecb032ec23a82c710b303589bb1f00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:2e:9e:62:65:8c:05:e7:ab:43:d0:b7:81:26:
                    a8:ea:c7:76:f6:84:cc:cc:6f:24:3b:dc:c9:6e:95:
                    06:ca:01:41:98:6d:cd:4d:f3:79:ab:d2:24:f7:98:
                    21:45:1b:4b:d1:97:e5:73:54:11:b1:c3:eb:99:1d:
                    60:44:3f:a5:92:f9:bd:0c:9f:ae:52:ae:5f:35:4c:
                    63:78:e4:b8:01:52:46:e6:6c:9d:40:86:93:e3:fb:
                    59:55:4c:a7:b6:cd:ad:1f:08:44:00:81:38:a6:d4:
                    ff:5c:89:32:a9:1b:e2:ac:e1:be:f2:dd:59:cc:43:
                    6e:a2:57:bf:99:98:52:16:a5:5c:7e:98:5d:5b:b4:
                    b3:70:5d:de:ca:ec:90:4c:c0:bd:3e:69:55:99:45:
                    e8:93:c8:26:44:3f:72:f1:78:eb:dc:53:bb:3d:9a:
                    8f:dd:89:d8:33:35:d4:20:b0:e3:62:4f:80:6f:b0:
                    01:cd:8a:a5:11:99:94:a3:ae:b3:66:ca:76:a4:a1:
                    fa:72:f2:da:fe:ec:33:5f:7d:e6:af:1d:94:66:7d:
                    26:41:96:d6:e2:b9:c4:20:f7:6c:d3:63:79:61:09:
                    45:a2:6a:cc:fe:11:f7:b5:8c:33:f9:41:a5:27:73:
                    4c:49:80:ec:c7:13:2c:89:f4:89:30:67:a9:ff:46:
                    22:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:A4:81:49:B9:EC:B0:32:EC:23:A8:2C:71:0B:30:35:89:BB:1F:00
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/_KSBSbnssDLsI6gscQswNYm7HwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:c200::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:ca:40:6d:07:e6:d3:29:fa:42:8d:53:5c:80:63:42:bc:ad:
         aa:c9:20:80:5c:d7:34:22:66:42:d0:5a:49:a3:3d:70:28:8c:
         ff:2c:10:9d:83:46:38:82:7b:2f:08:18:93:54:ec:72:75:bd:
         57:3a:a8:93:0b:fd:a9:6f:c0:50:5a:5d:bd:c1:58:5e:14:2a:
         ae:18:3c:03:80:19:46:d8:ab:23:38:91:fd:bf:e6:75:5a:61:
         1c:cf:d3:d2:f3:b9:48:f8:ca:17:ad:88:27:ca:0e:46:b0:3e:
         c5:ff:d7:79:8e:a8:7a:ba:7a:7d:90:df:57:3c:f1:9c:7d:f2:
         68:2e:fa:9d:a1:20:7c:bb:b9:6f:0f:09:ce:b8:2f:30:a0:87:
         a2:db:85:9c:fb:3f:1d:2c:9d:aa:7a:3d:a7:62:37:81:52:da:
         a4:e8:be:18:85:24:df:2a:01:5a:f3:03:60:e0:f6:28:40:3d:
         f6:2f:94:2a:fe:43:f3:fc:e1:f8:f0:b7:77:5f:7b:5b:6f:eb:
         10:3f:51:78:21:39:af:22:82:5c:2c:d9:24:2b:a6:ff:6a:2c:
         8d:2c:a7:95:07:f8:71:2f:e9:9d:8f:e3:8e:36:20:6f:52:fc:
         43:56:3d:89:68:c0:66:10:4e:7b:a7:4c:0b:7b:a0:43:b1:ba:
         26:54:46:b6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmvYDJEwXy6et2IPNesIsINMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUxMDA0MTMxOTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2E0ODE0OWI5ZWNiMDMyZWMyM2E4MmM3MTBiMzAzNTg5YmIxZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+i6eYmWMBeerQ9C3gSao6sd29oTM
zG8kO9zJbpUGygFBmG3NTfN5q9Ik95ghRRtL0Zflc1QRscPrmR1gRD+lkvm9DJ+u
Uq5fNUxjeOS4AVJG5mydQIaT4/tZVUynts2tHwhEAIE4ptT/XIkyqRvirOG+8t1Z
zENuole/mZhSFqVcfphdW7SzcF3eyuyQTMC9PmlVmUXok8gmRD9y8Xjr3FO7PZqP
3YnYMzXUILDjYk+Ab7ABzYqlEZmUo66zZsp2pKH6cvLa/uwzX33mrx2UZn0mQZbW
4rnEIPds02N5YQlFomrM/hH3tYwz+UGlJ3NMSYDsxxMsifSJMGep/0YihQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPykgUm57LAy7COoLHELMDWJux8AMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvX0tTQlNibnNzRExzSTZnc2NRc3dOWW03SHdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwcIw
DQYJKoZIhvcNAQELBQADggEBABzKQG0H5tMp+kKNU1yAY0K8rarJIIBc1zQiZkLQ
WkmjPXAojP8sEJ2DRjiCey8IGJNU7HJ1vVc6qJML/alvwFBaXb3BWF4UKq4YPAOA
GUbYqyM4kf2/5nVaYRzP09LzuUj4yhetiCfKDkawPsX/13mOqHq6en2Q31c88Zx9
8mgu+p2hIHy7uW8PCc64LzCgh6LbhZz7Px0snap6PadiN4FS2qTovhiFJN8qAVrz
A2Dg9ihAPfYvlCr+Q/P84fjwt3dfe1tv6xA/UXghOa8iglws2SQrpv9qLI0sp5UH
+HEv6Z2P4442IG9S/ENWPYlowGYQTnunTAt7oEOxuiZURrY=
-----END CERTIFICATE-----