Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/pqo0TVIkWRzSNUY9ZM-DKBIuqHI.roa
File:                     pqo0TVIkWRzSNUY9ZM-DKBIuqHI.roa (raw, json)
Hash identifier:          LE3ROsTHxCh32pw3rOkJiWiuchaEH2tULrKqdyCWHwI=
Subject key identifier:   A6:AA:34:4D:52:24:59:1C:D2:35:46:3D:64:CF:83:28:12:2E:A8:72
Certificate issuer:       /CN=ea1ecfadfafd4fe14cbdc221b9159ee9618efe89
Certificate serial:       019933B41520BA66289D4CBAE7003E3D8AD5
Authority key identifier: EA:1E:CF:AD:FA:FD:4F:E1:4C:BD:C2:21:B9:15:9E:E9:61:8E:FE:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6h7Prfr9T-FMvcIhuRWe6WGO_ok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/pqo0TVIkWRzSNUY9ZM-DKBIuqHI.roa
Signing time:             Wed 10 Sep 2025 12:57:43 +0000
ROA not before:           Wed 10 Sep 2025 12:57:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214667
IP address blocks:        2a14:6840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/6h7Prfr9T-FMvcIhuRWe6WGO_ok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/6h7Prfr9T-FMvcIhuRWe6WGO_ok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6h7Prfr9T-FMvcIhuRWe6WGO_ok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:33:b4:15:20:ba:66:28:9d:4c:ba:e7:00:3e:3d:8a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea1ecfadfafd4fe14cbdc221b9159ee9618efe89
        Validity
            Not Before: Sep 10 12:57:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6aa344d5224591cd235463d64cf8328122ea872
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:35:f9:98:76:6e:0d:35:9f:23:15:79:8c:c2:
                    f0:7f:8d:50:f1:3c:59:d4:cc:3a:96:fe:94:b4:d2:
                    1f:ab:26:00:ce:4d:0a:99:71:38:65:0b:dd:61:ab:
                    14:f5:32:99:fd:9a:70:b3:fc:7b:f9:70:5f:42:b1:
                    d4:16:f3:a0:47:3c:cb:fa:a6:b7:30:35:82:a1:60:
                    bb:10:e9:df:f7:30:43:d0:de:02:84:df:58:82:a7:
                    39:7c:a9:61:12:e9:6b:5e:be:eb:d4:03:f7:6b:55:
                    dd:ec:d5:5d:0c:3d:67:27:60:4d:bd:58:5f:4a:8e:
                    cd:ea:fd:c8:6a:dc:0b:f0:91:d8:21:de:16:ee:b5:
                    fc:75:7b:24:db:0a:ec:45:5e:d4:08:ff:c8:4f:af:
                    5a:c8:88:87:56:f3:6d:8f:58:eb:6f:fb:f7:46:c7:
                    60:fe:9a:0e:eb:65:f5:d4:8d:a4:57:a5:55:86:d9:
                    06:db:ee:34:f7:77:ee:40:ce:08:2c:fc:63:e0:fc:
                    10:a1:22:b7:a9:02:50:fb:c3:42:df:29:e3:78:cf:
                    2b:2b:91:1c:65:89:04:40:e0:ea:ac:78:d0:25:74:
                    cf:2b:d4:ce:48:5c:62:98:14:11:51:97:09:d7:07:
                    b7:04:16:45:3d:c9:09:53:53:59:71:a1:b8:a3:f9:
                    7a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:AA:34:4D:52:24:59:1C:D2:35:46:3D:64:CF:83:28:12:2E:A8:72
            X509v3 Authority Key Identifier:
                keyid:EA:1E:CF:AD:FA:FD:4F:E1:4C:BD:C2:21:B9:15:9E:E9:61:8E:FE:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6h7Prfr9T-FMvcIhuRWe6WGO_ok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/pqo0TVIkWRzSNUY9ZM-DKBIuqHI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/6h7Prfr9T-FMvcIhuRWe6WGO_ok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6840::/29

    Signature Algorithm: sha256WithRSAEncryption
         89:40:f7:6a:70:14:6f:8d:ac:03:6c:61:f6:41:7d:80:ea:1a:
         fe:98:9d:25:3a:84:38:2e:3a:f3:50:56:e0:70:e1:75:56:2a:
         55:b6:19:19:a0:fa:5d:2e:1b:ee:16:09:a5:78:65:0f:1e:71:
         6e:6b:e9:66:4c:6f:90:d5:f4:18:c3:2e:93:68:e8:8f:53:8c:
         7b:87:77:aa:25:19:f4:b8:2e:a3:74:41:c0:45:69:10:85:20:
         25:2c:64:b8:7f:23:c5:d3:9d:7a:5c:fd:6f:5b:51:b4:ef:f2:
         e6:48:95:c1:f1:73:4e:1b:00:0d:bf:5f:ea:cb:75:7d:b5:48:
         d5:e5:69:ed:7f:45:5a:94:32:ce:f4:4b:94:28:5f:e7:cc:14:
         aa:0e:f0:32:f5:43:1a:55:67:10:bc:dc:c9:a8:f2:7e:07:bb:
         e3:eb:d1:86:62:60:13:4c:5d:ea:3f:b5:a7:59:1a:9f:1a:78:
         7b:a5:3a:18:d7:92:23:58:e6:04:b5:6f:ef:00:ac:2a:6b:f3:
         7b:80:14:be:22:a2:bc:9e:d1:35:67:84:95:dc:35:16:82:83:
         9f:78:71:13:22:ad:f5:12:b3:41:51:ef:95:a9:ad:62:23:22:
         ec:d3:74:e3:6a:c1:c3:93:8d:de:37:66:1a:78:4a:a2:f0:16:
         03:31:04:b3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkztBUgumYonUy65wA+PYrVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMWVjZmFkZmFmZDRmZTE0Y2JkYzIyMWI5MTU5ZWU5NjE4
ZWZlODkwHhcNMjUwOTEwMTI1NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmFhMzQ0ZDUyMjQ1OTFjZDIzNTQ2M2Q2NGNmODMyODEyMmVhODcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyjX5mHZuDTWfIxV5jMLwf41Q8TxZ
1Mw6lv6UtNIfqyYAzk0KmXE4ZQvdYasU9TKZ/Zpws/x7+XBfQrHUFvOgRzzL+qa3
MDWCoWC7EOnf9zBD0N4ChN9Ygqc5fKlhEulrXr7r1AP3a1Xd7NVdDD1nJ2BNvVhf
So7N6v3IatwL8JHYId4W7rX8dXsk2wrsRV7UCP/IT69ayIiHVvNtj1jrb/v3Rsdg
/poO62X11I2kV6VVhtkG2+4093fuQM4ILPxj4PwQoSK3qQJQ+8NC3ynjeM8rK5Ec
ZYkEQODqrHjQJXTPK9TOSFximBQRUZcJ1we3BBZFPckJU1NZcaG4o/l6GQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKaqNE1SJFkc0jVGPWTPgygSLqhyMB8GA1UdIwQY
MBaAFOoez636/U/hTL3CIbkVnulhjv6JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmg3UHJmcjlULUZNdmNJaHVSV2U2V0dPX29rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wMjFlYWEtMWNmMC00MWNiLWI5NWIt
MTYyYTgyNzI5ZjczLzEvcHFvMFRWSWtXUnpTTlVZOVpNLURLQkl1cUhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wMjFlYWEtMWNmMC00MWNiLWI5NWItMTYyYTgyNzI5Zjcz
LzEvNmg3UHJmcjlULUZNdmNJaHVSV2U2V0dPX29rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRoQDAN
BgkqhkiG9w0BAQsFAAOCAQEAiUD3anAUb42sA2xh9kF9gOoa/pidJTqEOC4681BW
4HDhdVYqVbYZGaD6XS4b7hYJpXhlDx5xbmvpZkxvkNX0GMMuk2joj1OMe4d3qiUZ
9Lguo3RBwEVpEIUgJSxkuH8jxdOdelz9b1tRtO/y5kiVwfFzThsADb9f6st1fbVI
1eVp7X9FWpQyzvRLlChf58wUqg7wMvVDGlVnELzcyajyfge74+vRhmJgE0xd6j+1
p1kanxp4e6U6GNeSI1jmBLVv7wCsKmvze4AUviKivJ7RNWeEldw1FoKDn3hxEyKt
9RKzQVHvlamtYiMi7NN042rBw5ON3jdmGnhKovAWAzEEsw==
-----END CERTIFICATE-----