Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/_Y6pXHXe2mBIlsIBI_Y9Ro_HsC8.roa
File:                     _Y6pXHXe2mBIlsIBI_Y9Ro_HsC8.roa (raw, json)
Hash identifier:          qOtTpTR/zqFbarpkC5ntwdGXF3sXgx9iaLwPu7BpM7Y=
Subject key identifier:   FD:8E:A9:5C:75:DE:DA:60:48:96:C2:01:23:F6:3D:46:8F:C7:B0:2F
Certificate issuer:       /CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
Certificate serial:       0199CE593A7372AF7C6DB8FDF18B3EE5336A
Authority key identifier: 66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/_Y6pXHXe2mBIlsIBI_Y9Ro_HsC8.roa
Signing time:             Fri 10 Oct 2025 13:39:38 +0000
ROA not before:           Fri 10 Oct 2025 13:39:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207754
IP address blocks:        2a14:a900::/29 maxlen: 32
                          2a14:a900::/32 maxlen: 32
                          2a14:a900::/48 maxlen: 48
                          2a14:a900:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ce:59:3a:73:72:af:7c:6d:b8:fd:f1:8b:3e:e5:33:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=663a24480f04d1318bf1a70dabffa4b27ef32da2
        Validity
            Not Before: Oct 10 13:39:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fd8ea95c75deda604896c20123f63d468fc7b02f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f2:fb:e5:d0:ec:c7:52:d9:a8:17:4a:f3:86:
                    74:bd:31:8a:c2:a5:3c:13:06:04:c8:aa:f8:16:b1:
                    4a:70:c0:61:11:5c:0e:61:96:f1:c2:8a:00:6a:53:
                    21:3c:dd:14:ad:78:37:49:dd:26:54:9e:2a:81:8a:
                    76:11:7b:a6:7f:b2:b3:3d:0e:e9:6c:d8:99:33:9f:
                    73:30:79:d3:fa:57:f7:a6:88:a9:44:ea:95:20:9e:
                    e0:90:f8:bb:ca:36:83:31:33:e5:2f:03:8c:36:85:
                    28:5b:fd:14:bd:1a:50:a6:0a:2f:0a:89:ee:8e:67:
                    33:d0:83:a8:15:5a:66:a2:d1:86:ef:74:5b:d6:91:
                    fa:f4:eb:3b:d3:b3:9e:28:07:c5:62:1e:85:b5:1b:
                    36:64:b0:10:50:4b:89:d0:ce:e1:47:4e:81:a9:48:
                    dd:12:62:89:37:9c:72:58:33:51:be:72:35:6e:9a:
                    d2:80:a3:26:e9:19:4d:58:96:55:01:73:56:5f:22:
                    b1:ba:09:31:af:1b:3e:0a:d9:42:2d:80:6c:de:6b:
                    95:af:94:e0:42:41:eb:0b:78:8b:66:58:b5:1e:3d:
                    01:91:aa:89:4c:e6:9e:53:e8:a4:4b:a4:c7:65:28:
                    54:88:f2:0b:2b:72:d1:aa:64:ac:8c:06:77:2f:ea:
                    6f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:8E:A9:5C:75:DE:DA:60:48:96:C2:01:23:F6:3D:46:8F:C7:B0:2F
            X509v3 Authority Key Identifier:
                keyid:66:3A:24:48:0F:04:D1:31:8B:F1:A7:0D:AB:FF:A4:B2:7E:F3:2D:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZjokSA8E0TGL8acNq_-ksn7zLaI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/_Y6pXHXe2mBIlsIBI_Y9Ro_HsC8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/6f80a8-6b6a-4d96-bf49-775f5f74d581/1/ZjokSA8E0TGL8acNq_-ksn7zLaI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a900::/29

    Signature Algorithm: sha256WithRSAEncryption
         c8:0d:ea:b9:36:8f:e3:15:0a:ca:cc:81:0e:38:c6:3e:b0:31:
         9c:c7:5f:26:e4:86:3e:15:8c:22:7c:13:46:b7:eb:a7:75:07:
         66:75:9f:27:6e:4a:b7:3c:fa:a7:21:b2:a4:89:30:ef:17:16:
         59:57:dd:c0:e1:e6:37:84:db:c9:29:92:aa:74:cb:47:86:f1:
         c7:44:6d:f3:25:24:d9:75:b6:d1:20:1f:9f:36:b5:59:aa:bf:
         43:4b:1d:83:61:cd:eb:dd:3f:d3:69:7e:c2:1b:9f:69:0b:aa:
         af:15:75:f3:dd:72:43:54:8b:3f:18:83:44:33:bb:87:cd:87:
         ac:f6:9f:ba:5b:7d:6b:82:4d:eb:67:34:b0:34:ee:79:db:cf:
         5e:a4:e2:c1:75:04:77:f0:57:1b:3d:ea:14:38:c2:32:bb:86:
         b9:9e:94:79:64:c6:52:00:47:d8:9e:d2:2e:3c:03:18:b5:7f:
         d8:76:f0:92:59:42:d9:8d:5e:0b:b6:60:be:a5:57:4e:72:d3:
         91:8b:3e:52:76:c4:dc:b3:b9:d3:f2:17:e5:e9:a9:f7:88:8f:
         b8:47:28:33:58:73:c9:55:73:f8:48:88:21:34:4a:f5:eb:97:
         1f:d6:77:92:67:f6:7a:23:07:23:4f:0f:15:0a:40:c8:12:54:
         22:18:55:b5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnOWTpzcq98bbj98Ys+5TNqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2M2EyNDQ4MGYwNGQxMzE4YmYxYTcwZGFiZmZhNGIyN2Vm
MzJkYTIwHhcNMjUxMDEwMTMzOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDhlYTk1Yzc1ZGVkYTYwNDg5NmMyMDEyM2Y2M2Q0NjhmYzdiMDJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvL75dDsx1LZqBdK84Z0vTGKwqU8
EwYEyKr4FrFKcMBhEVwOYZbxwooAalMhPN0UrXg3Sd0mVJ4qgYp2EXumf7KzPQ7p
bNiZM59zMHnT+lf3poipROqVIJ7gkPi7yjaDMTPlLwOMNoUoW/0UvRpQpgovConu
jmcz0IOoFVpmotGG73Rb1pH69Os707OeKAfFYh6FtRs2ZLAQUEuJ0M7hR06BqUjd
EmKJN5xyWDNRvnI1bprSgKMm6RlNWJZVAXNWXyKxugkxrxs+CtlCLYBs3muVr5Tg
QkHrC3iLZli1Hj0BkaqJTOaeU+ikS6THZShUiPILK3LRqmSsjAZ3L+pv9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP2OqVx13tpgSJbCASP2PUaPx7AvMB8GA1UdIwQY
MBaAFGY6JEgPBNExi/GnDav/pLJ+8y2iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDkt
Nzc1ZjVmNzRkNTgxLzEvX1k2cFhIWGUybUJJbHNJQklfWTlSb19Ic0M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi82ZjgwYTgtNmI2YS00ZDk2LWJmNDktNzc1ZjVmNzRkNTgx
LzEvWmpva1NBOEUwVEdMOGFjTnFfLWtzbjd6TGFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhSpADAN
BgkqhkiG9w0BAQsFAAOCAQEAyA3quTaP4xUKysyBDjjGPrAxnMdfJuSGPhWMInwT
Rrfrp3UHZnWfJ25Ktzz6pyGypIkw7xcWWVfdwOHmN4TbySmSqnTLR4bxx0Rt8yUk
2XW20SAfnza1Waq/Q0sdg2HN690/02l+whufaQuqrxV1891yQ1SLPxiDRDO7h82H
rPafult9a4JN62c0sDTuedvPXqTiwXUEd/BXGz3qFDjCMruGuZ6UeWTGUgBH2J7S
LjwDGLV/2HbwkllC2Y1eC7ZgvqVXTnLTkYs+UnbE3LO50/IX5emp94iPuEcoM1hz
yVVz+EiIITRK9euXH9Z3kmf2eiMHI08PFQpAyBJUIhhVtQ==
-----END CERTIFICATE-----