Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/OssV7x9D975GtTJ9Zxk9k-IBuBo.roa
File:                     OssV7x9D975GtTJ9Zxk9k-IBuBo.roa (raw, json)
Hash identifier:          HUBvx/9/k5ebmWEXtREoZEFoPPX5mJnk5D0pyuECT50=
Subject key identifier:   3A:CB:15:EF:1F:43:F7:BE:46:B5:32:7D:67:19:3D:93:E2:01:B8:1A
Certificate issuer:       /CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
Certificate serial:       0199A3FB59DD7D799211A4D8B24ECF5E64ED
Authority key identifier: 3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/OssV7x9D975GtTJ9Zxk9k-IBuBo.roa
Signing time:             Thu 02 Oct 2025 08:13:02 +0000
ROA not before:           Thu 02 Oct 2025 08:13:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a14:4b41:1300::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a3:fb:59:dd:7d:79:92:11:a4:d8:b2:4e:cf:5e:64:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
        Validity
            Not Before: Oct  2 08:13:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3acb15ef1f43f7be46b5327d67193d93e201b81a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:7f:f0:bb:71:85:aa:36:9b:09:02:d9:3a:ab:
                    94:2e:b5:5e:b5:42:3c:8e:35:e8:1e:9a:2b:3f:46:
                    ed:43:69:e6:17:af:d4:47:68:ca:1c:d8:2a:f1:5b:
                    f2:fb:d6:88:5a:41:d7:f6:15:d7:70:7d:3c:a4:5a:
                    4e:ff:8d:7f:93:64:0e:6b:8e:b1:a6:6d:ab:13:1d:
                    ef:1b:7e:55:4c:35:44:d6:a4:65:d0:a7:5e:4b:be:
                    c7:d1:26:7e:f2:f9:9e:d6:ea:94:bb:35:71:1e:ab:
                    9d:4f:d9:63:ae:0b:05:53:05:38:c4:09:db:81:cf:
                    e7:38:83:7c:f4:7e:70:db:4e:04:4d:8f:c9:30:26:
                    89:b4:62:71:ac:4a:f8:be:c2:bf:f5:31:eb:41:3d:
                    d6:4d:06:5d:35:59:0b:4a:d0:ee:2e:d5:d2:56:a6:
                    b8:4b:6e:7c:f0:36:da:6d:3b:23:0b:25:d8:04:c6:
                    ca:be:10:74:ad:00:07:f3:30:a1:08:81:c3:2f:b5:
                    cc:f2:39:70:71:3e:b6:2a:7e:87:ad:b7:0f:35:d5:
                    52:79:91:37:36:a2:64:01:7d:70:fa:45:b8:74:44:
                    d8:91:d6:20:1e:8b:87:f0:a2:2c:1e:0d:ef:13:af:
                    d4:c8:40:87:97:d6:fa:c3:d6:09:af:ef:18:d9:7f:
                    2f:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:CB:15:EF:1F:43:F7:BE:46:B5:32:7D:67:19:3D:93:E2:01:B8:1A
            X509v3 Authority Key Identifier:
                keyid:3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/OssV7x9D975GtTJ9Zxk9k-IBuBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b41:1300::/48

    Signature Algorithm: sha256WithRSAEncryption
         ae:0c:d5:a2:48:12:81:52:c7:07:bd:48:9f:95:e7:da:64:9d:
         02:35:ee:4a:14:89:c6:76:bd:c6:6c:03:2a:ce:56:60:29:b4:
         67:5d:3b:48:52:1a:6c:0c:f1:79:a7:d4:57:51:27:cd:06:48:
         cf:9b:08:28:14:8f:e8:8b:1c:7d:b6:50:35:2c:16:01:e9:62:
         07:9b:7f:88:0d:bf:5a:7a:d6:15:24:5d:8f:16:32:08:0f:cb:
         8e:75:76:91:94:0f:5d:72:d1:e8:27:ae:f7:83:4a:26:ac:ef:
         a4:19:e4:81:4c:7e:17:56:05:1e:8e:a5:e3:b1:06:ec:b2:85:
         c0:ee:67:90:10:0c:44:15:b5:be:96:0a:d7:03:a1:43:32:09:
         75:cc:46:8a:f7:29:22:62:b6:0f:2c:af:e3:a2:ba:bd:0c:96:
         29:ed:c0:b8:b3:d5:47:5c:0f:16:93:86:85:7f:e1:a5:0c:66:
         26:4d:55:f4:af:6e:11:5c:1f:8c:c7:93:5e:ae:60:69:5b:d2:
         61:6c:80:74:9e:c7:c5:e6:eb:07:3e:ce:1a:d7:b4:ed:ae:b3:
         3a:7f:af:9b:66:47:d6:cf:1c:7f:4b:52:04:45:6e:53:13:9f:
         11:b3:c9:d0:6c:57:88:5e:bf:93:64:64:45:bc:da:aa:8a:f6:
         92:b2:94:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmj+1ndfXmSEaTYsk7PXmTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2VhMzNhZWE4YjM4NDI3ZjJiY2VmNWVkNGMyMTQyM2Ey
YTlkNjQwHhcNMjUxMDAyMDgxMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWNiMTVlZjFmNDNmN2JlNDZiNTMyN2Q2NzE5M2Q5M2UyMDFiODFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqX/wu3GFqjabCQLZOquULrVetUI8
jjXoHporP0btQ2nmF6/UR2jKHNgq8Vvy+9aIWkHX9hXXcH08pFpO/41/k2QOa46x
pm2rEx3vG35VTDVE1qRl0KdeS77H0SZ+8vme1uqUuzVxHqudT9ljrgsFUwU4xAnb
gc/nOIN89H5w204ETY/JMCaJtGJxrEr4vsK/9THrQT3WTQZdNVkLStDuLtXSVqa4
S2588DbabTsjCyXYBMbKvhB0rQAH8zChCIHDL7XM8jlwcT62Kn6HrbcPNdVSeZE3
NqJkAX1w+kW4dETYkdYgHouH8KIsHg3vE6/UyECHl9b6w9YJr+8Y2X8vvQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDrLFe8fQ/e+RrUyfWcZPZPiAbgaMB8GA1UdIwQY
MBaAFDo+ozrqizhCfyvO9e1MIUI6Kp1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYt
MWQ2N2MzMjQ1MDFmLzEvT3NzVjd4OUQ5NzVHdFRKOVp4azlrLUlCdUJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYtMWQ2N2MzMjQ1MDFm
LzEvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRLQRMA
MA0GCSqGSIb3DQEBCwUAA4IBAQCuDNWiSBKBUscHvUiflefaZJ0CNe5KFInGdr3G
bAMqzlZgKbRnXTtIUhpsDPF5p9RXUSfNBkjPmwgoFI/oixx9tlA1LBYB6WIHm3+I
Db9aetYVJF2PFjIID8uOdXaRlA9dctHoJ673g0omrO+kGeSBTH4XVgUejqXjsQbs
soXA7meQEAxEFbW+lgrXA6FDMgl1zEaK9ykiYrYPLK/jorq9DJYp7cC4s9VHXA8W
k4aFf+GlDGYmTVX0r24RXB+Mx5NermBpW9JhbIB0nsfF5usHPs4a17TtrrM6f6+b
ZkfWzxx/S1IERW5TE58Rs8nQbFeIXr+TZGRFvNqqivaSspQ8
-----END CERTIFICATE-----