Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/kFZ56ZsF2Br-F4_BOqSTO2KxSHA.roa
File:                     kFZ56ZsF2Br-F4_BOqSTO2KxSHA.roa (raw, json)
Hash identifier:          S6v3r4laXjhVYZ3ga0DT/nLxzqhZMNCLJUlCOrTApDQ=
Subject key identifier:   90:56:79:E9:9B:05:D8:1A:FE:17:8F:C1:3A:A4:93:3B:62:B1:48:70
Certificate issuer:       /CN=32388fcf74d2e59524f4eb4d96e44c5222db63e1
Certificate serial:       01995CCDEE0039F632350E47577EC0D18459
Authority key identifier: 32:38:8F:CF:74:D2:E5:95:24:F4:EB:4D:96:E4:4C:52:22:DB:63:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MjiPz3TS5ZUk9OtNluRMUiLbY-E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/kFZ56ZsF2Br-F4_BOqSTO2KxSHA.roa
Signing time:             Thu 18 Sep 2025 12:30:23 +0000
ROA not before:           Thu 18 Sep 2025 12:30:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208995
IP address blocks:        2a14:5680:a001::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/MjiPz3TS5ZUk9OtNluRMUiLbY-E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/MjiPz3TS5ZUk9OtNluRMUiLbY-E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MjiPz3TS5ZUk9OtNluRMUiLbY-E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5c:cd:ee:00:39:f6:32:35:0e:47:57:7e:c0:d1:84:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32388fcf74d2e59524f4eb4d96e44c5222db63e1
        Validity
            Not Before: Sep 18 12:30:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=905679e99b05d81afe178fc13aa4933b62b14870
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:28:63:0d:df:70:1c:67:54:4b:31:6d:6d:1b:
                    28:a8:d2:c6:b1:19:df:bc:74:c7:72:4e:2e:d8:32:
                    e9:0a:ed:fe:f5:e6:ad:2e:19:f0:e2:df:fb:bf:9e:
                    09:ff:f6:c7:5e:4b:bf:9e:ae:87:52:87:96:02:7a:
                    f6:80:ce:6a:cc:1d:92:59:d8:bd:73:c8:30:3c:27:
                    d8:2e:f4:4c:39:d0:23:94:1d:b8:16:a0:95:58:98:
                    5f:ba:6a:e8:db:b0:c6:9a:52:c7:a5:69:1b:7e:0d:
                    96:42:62:fe:07:ee:4b:d6:5e:da:9e:22:ad:d4:7a:
                    b0:af:ed:07:73:38:40:53:dc:e6:8c:84:d1:10:13:
                    73:a4:93:97:2e:ed:34:06:ec:e5:c6:94:fa:33:9d:
                    b5:ba:b2:27:96:27:06:01:49:1d:ef:7a:aa:e3:75:
                    e3:ad:69:25:fb:1a:c6:eb:68:aa:75:6e:6e:0f:78:
                    4c:1a:5f:72:27:d4:62:13:96:74:82:29:f6:eb:cb:
                    ca:61:a6:2f:5b:f4:fe:fb:c6:44:24:1f:68:7c:1d:
                    91:4e:68:da:e5:17:e4:b0:bf:f9:25:4e:33:2b:52:
                    f8:5c:36:e3:ee:ab:f5:50:d5:ab:89:57:9b:47:20:
                    7d:b7:57:0b:16:23:fc:ba:94:cb:93:88:74:04:ab:
                    9a:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:56:79:E9:9B:05:D8:1A:FE:17:8F:C1:3A:A4:93:3B:62:B1:48:70
            X509v3 Authority Key Identifier:
                keyid:32:38:8F:CF:74:D2:E5:95:24:F4:EB:4D:96:E4:4C:52:22:DB:63:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MjiPz3TS5ZUk9OtNluRMUiLbY-E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/kFZ56ZsF2Br-F4_BOqSTO2KxSHA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/73/a9a1c9-3444-4e5b-a720-18040c8e22ed/1/MjiPz3TS5ZUk9OtNluRMUiLbY-E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:5680:a001::/48

    Signature Algorithm: sha256WithRSAEncryption
         30:6f:ef:55:0a:f5:f5:62:bb:67:a2:ef:4e:f2:99:3d:48:30:
         ab:08:c7:34:b4:3b:fd:2a:fd:40:53:84:e2:3d:8a:e2:7b:ad:
         1b:1c:b6:00:fa:b9:83:23:64:0a:e2:a9:b5:6b:f1:38:26:ab:
         cd:1c:9d:d2:cc:f6:2f:f2:da:31:5a:bb:29:36:ce:61:fa:ca:
         cd:fe:23:7f:b3:98:b5:9c:80:d4:d5:4d:7d:0a:74:fd:4b:59:
         66:cb:73:0a:0b:89:19:17:53:fe:c8:63:3f:a1:9b:73:4e:1d:
         16:ef:3a:cb:89:4b:57:40:33:4a:4a:83:2b:52:13:68:25:38:
         58:52:13:96:ed:e2:64:4a:68:d0:94:dc:9e:29:26:db:ab:42:
         3e:e8:38:87:b5:50:71:89:d3:61:7c:b7:97:c1:bf:3a:bf:71:
         d8:8d:0e:78:ea:06:49:c1:fb:88:b7:c2:5e:05:07:77:e2:0f:
         c9:d1:1a:d0:10:47:2e:28:3f:88:ab:d6:56:a5:df:44:99:fc:
         c5:9a:3a:da:3f:7e:8a:e3:c6:12:4b:9b:92:a8:e8:91:f4:49:
         0d:5a:52:20:9e:79:4a:70:5e:11:9c:52:0b:dd:e9:80:b9:91:
         88:69:fe:8a:cf:86:10:62:b3:4a:6f:16:ae:a3:93:c2:53:b6:
         77:73:6b:ab
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlcze4AOfYyNQ5HV37A0YRZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyMzg4ZmNmNzRkMmU1OTUyNGY0ZWI0ZDk2ZTQ0YzUyMjJk
YjYzZTEwHhcNMjUwOTE4MTIzMDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDU2NzllOTliMDVkODFhZmUxNzhmYzEzYWE0OTMzYjYyYjE0ODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyShjDd9wHGdUSzFtbRsoqNLGsRnf
vHTHck4u2DLpCu3+9eatLhnw4t/7v54J//bHXku/nq6HUoeWAnr2gM5qzB2SWdi9
c8gwPCfYLvRMOdAjlB24FqCVWJhfumro27DGmlLHpWkbfg2WQmL+B+5L1l7aniKt
1Hqwr+0HczhAU9zmjITREBNzpJOXLu00BuzlxpT6M521urInlicGAUkd73qq43Xj
rWkl+xrG62iqdW5uD3hMGl9yJ9RiE5Z0gin268vKYaYvW/T++8ZEJB9ofB2RTmja
5RfksL/5JU4zK1L4XDbj7qv1UNWriVebRyB9t1cLFiP8upTLk4h0BKuatQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJBWeembBdga/hePwTqkkztisUhwMB8GA1UdIwQY
MBaAFDI4j8900uWVJPTrTZbkTFIi22PhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWppUHozVFM1WlVrOU90Tmx1Uk1VaUxiWS1FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83My9hOWExYzktMzQ0NC00ZTViLWE3MjAt
MTgwNDBjOGUyMmVkLzEva0ZaNTZac0YyQnItRjRfQk9xU1RPMkt4U0hBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83My9hOWExYzktMzQ0NC00ZTViLWE3MjAtMTgwNDBjOGUyMmVk
LzEvTWppUHozVFM1WlVrOU90Tmx1Uk1VaUxiWS1FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRWgKAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAwb+9VCvX1Yrtnou9O8pk9SDCrCMc0tDv9Kv1A
U4TiPYrie60bHLYA+rmDI2QK4qm1a/E4JqvNHJ3SzPYv8toxWrspNs5h+srN/iN/
s5i1nIDU1U19CnT9S1lmy3MKC4kZF1P+yGM/oZtzTh0W7zrLiUtXQDNKSoMrUhNo
JThYUhOW7eJkSmjQlNyeKSbbq0I+6DiHtVBxidNhfLeXwb86v3HYjQ546gZJwfuI
t8JeBQd34g/J0RrQEEcuKD+Iq9ZWpd9EmfzFmjraP36K48YSS5uSqOiR9EkNWlIg
nnlKcF4RnFIL3emAuZGIaf6Kz4YQYrNKbxauo5PCU7Z3c2ur
-----END CERTIFICATE-----