Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f3f2d9-2a8f-4ae6-ba55-f4affc8028f3/1/qZAKutQPBhqbC3w0uTfHNEl4Oes.roa
File:                     qZAKutQPBhqbC3w0uTfHNEl4Oes.roa (raw, json)
Hash identifier:          WSklXQH6CKCwMHKCLxLhSKAUiLi3+4CRfzgpAwPPYgM=
Subject key identifier:   A9:90:0A:BA:D4:0F:06:1A:9B:0B:7C:34:B9:37:C7:34:49:78:39:EB
Certificate issuer:       /CN=2e73cb3875d91219261b3ae901081311a5a071ab
Certificate serial:       01994CA2DDF0E51B1B6DCCC54A23AF358733
Authority key identifier: 2E:73:CB:38:75:D9:12:19:26:1B:3A:E9:01:08:13:11:A5:A0:71:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LnPLOHXZEhkmGzrpAQgTEaWgcas.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/f3f2d9-2a8f-4ae6-ba55-f4affc8028f3/1/qZAKutQPBhqbC3w0uTfHNEl4Oes.roa
Signing time:             Mon 15 Sep 2025 09:09:26 +0000
ROA not before:           Mon 15 Sep 2025 09:09:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51395
IP address blocks:        2a14:6640::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/f3f2d9-2a8f-4ae6-ba55-f4affc8028f3/1/LnPLOHXZEhkmGzrpAQgTEaWgcas.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/f3f2d9-2a8f-4ae6-ba55-f4affc8028f3/1/LnPLOHXZEhkmGzrpAQgTEaWgcas.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LnPLOHXZEhkmGzrpAQgTEaWgcas.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 12:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:4c:a2:dd:f0:e5:1b:1b:6d:cc:c5:4a:23:af:35:87:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e73cb3875d91219261b3ae901081311a5a071ab
        Validity
            Not Before: Sep 15 09:09:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a9900abad40f061a9b0b7c34b937c734497839eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:09:a1:c0:e8:44:bd:02:3f:31:66:d5:f8:46:
                    7c:9f:46:d9:09:70:f5:39:6e:b3:94:7a:f1:2b:3a:
                    29:b6:00:25:0c:5b:f4:91:0b:3e:fa:78:67:4d:f6:
                    57:af:69:c6:c9:1b:51:4e:4f:56:0a:14:da:33:e3:
                    65:ca:7b:e0:d8:60:77:f0:f4:69:1c:6d:d2:8b:b4:
                    05:36:92:3d:90:c1:13:31:7a:5b:51:0a:2f:3a:ad:
                    f1:b1:f2:ae:ac:9c:bf:f0:16:f2:67:5f:5a:17:d2:
                    9f:e0:d2:98:8b:0d:7f:81:d6:8b:00:00:78:31:31:
                    b0:38:33:57:38:ea:f7:a5:28:da:f2:35:dd:a4:73:
                    df:95:04:47:4b:ed:1e:af:30:ec:a8:e9:e9:fb:78:
                    a6:3b:d1:46:17:12:39:6d:a2:4b:b1:6a:f0:d8:0c:
                    9e:e8:d4:9b:2b:87:5a:de:6e:6c:18:11:7f:fe:c5:
                    72:7b:96:5b:a3:6b:39:6a:22:24:9e:f9:76:7c:60:
                    ea:3a:c9:9d:c6:ee:b4:4c:4c:28:96:74:07:8e:73:
                    d2:6e:74:8e:d2:2d:4d:a4:35:57:5c:a5:22:b3:09:
                    09:e2:3d:8c:9a:6b:20:64:74:50:ee:22:0c:f6:c7:
                    ca:a7:c9:4c:d3:f6:2b:cb:e0:28:28:58:27:af:7e:
                    02:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:90:0A:BA:D4:0F:06:1A:9B:0B:7C:34:B9:37:C7:34:49:78:39:EB
            X509v3 Authority Key Identifier:
                keyid:2E:73:CB:38:75:D9:12:19:26:1B:3A:E9:01:08:13:11:A5:A0:71:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LnPLOHXZEhkmGzrpAQgTEaWgcas.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f3f2d9-2a8f-4ae6-ba55-f4affc8028f3/1/qZAKutQPBhqbC3w0uTfHNEl4Oes.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f3f2d9-2a8f-4ae6-ba55-f4affc8028f3/1/LnPLOHXZEhkmGzrpAQgTEaWgcas.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6640::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:2f:c4:f9:30:16:c0:c1:3e:86:d3:e0:e0:59:0c:64:94:24:
         34:89:a0:86:39:bf:df:ee:f0:29:95:5b:cf:99:85:a2:99:a1:
         e7:12:db:9d:d3:18:44:13:a2:c9:e4:69:06:cd:2e:1b:2e:d7:
         7c:d4:6e:02:b5:aa:a0:2e:8d:45:e5:31:3c:bf:ed:ff:cc:1e:
         22:08:2a:d2:92:51:25:cb:0c:c4:f2:1f:51:d7:e6:67:ee:e1:
         7f:41:de:83:11:3c:9b:99:81:76:86:e3:25:fc:5d:b1:5a:84:
         3b:0c:f3:c5:dd:37:54:79:27:3a:36:5e:d6:1e:18:8b:cc:78:
         08:9c:bb:99:fb:5e:85:fe:89:8c:67:ac:88:07:e1:1e:f2:e7:
         be:85:d9:48:e8:56:0b:1d:8f:fe:51:57:af:2c:ef:88:52:9a:
         52:82:bd:f6:c6:90:54:f0:11:22:53:91:be:70:bd:e1:69:d2:
         c5:46:26:b6:15:fb:57:3d:94:e0:db:44:fb:2d:61:23:b1:7e:
         52:50:a4:fd:0e:6b:55:3e:85:6d:f5:21:9c:7f:7f:2f:e5:f3:
         92:0d:27:5d:f3:a9:c9:14:28:8c:38:ae:25:5a:3d:d3:eb:65:
         4a:21:cd:7a:fa:bb:74:91:37:8e:25:c1:42:b7:44:89:aa:1a:
         9e:60:bb:15
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlMot3w5RsbbczFSiOvNYczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNzNjYjM4NzVkOTEyMTkyNjFiM2FlOTAxMDgxMzExYTVh
MDcxYWIwHhcNMjUwOTE1MDkwOTI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTkwMGFiYWQ0MGYwNjFhOWIwYjdjMzRiOTM3YzczNDQ5NzgzOWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArwmhwOhEvQI/MWbV+EZ8n0bZCXD1
OW6zlHrxKzoptgAlDFv0kQs++nhnTfZXr2nGyRtRTk9WChTaM+Nlynvg2GB38PRp
HG3Si7QFNpI9kMETMXpbUQovOq3xsfKurJy/8BbyZ19aF9Kf4NKYiw1/gdaLAAB4
MTGwODNXOOr3pSja8jXdpHPflQRHS+0erzDsqOnp+3imO9FGFxI5baJLsWrw2Aye
6NSbK4da3m5sGBF//sVye5Zbo2s5aiIknvl2fGDqOsmdxu60TEwolnQHjnPSbnSO
0i1NpDVXXKUiswkJ4j2MmmsgZHRQ7iIM9sfKp8lM0/Yry+AoKFgnr34CswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKmQCrrUDwYamwt8NLk3xzRJeDnrMB8GA1UdIwQY
MBaAFC5zyzh12RIZJhs66QEIExGloHGrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG5QTE9IWFpFaGttR3pycEFRZ1RFYVdnY2FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mM2YyZDktMmE4Zi00YWU2LWJhNTUt
ZjRhZmZjODAyOGYzLzEvcVpBS3V0UVBCaHFiQzN3MHVUZkhORWw0T2VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mM2YyZDktMmE4Zi00YWU2LWJhNTUtZjRhZmZjODAyOGYz
LzEvTG5QTE9IWFpFaGttR3pycEFRZ1RFYVdnY2FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRmQDAN
BgkqhkiG9w0BAQsFAAOCAQEAny/E+TAWwME+htPg4FkMZJQkNImghjm/3+7wKZVb
z5mFopmh5xLbndMYRBOiyeRpBs0uGy7XfNRuArWqoC6NReUxPL/t/8weIggq0pJR
JcsMxPIfUdfmZ+7hf0HegxE8m5mBdobjJfxdsVqEOwzzxd03VHknOjZe1h4Yi8x4
CJy7mftehf6JjGesiAfhHvLnvoXZSOhWCx2P/lFXryzviFKaUoK99saQVPARIlOR
vnC94WnSxUYmthX7Vz2U4NtE+y1hI7F+UlCk/Q5rVT6FbfUhnH9/L+Xzkg0nXfOp
yRQojDiuJVo90+tlSiHNevq7dJE3jiXBQrdEiaoanmC7FQ==
-----END CERTIFICATE-----