Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/OdQoZmUeQxbjQw9Xd3JcS6O4ZB0.roa
File:                     OdQoZmUeQxbjQw9Xd3JcS6O4ZB0.roa (raw, json)
Hash identifier:          h6gBIhto95GvAYtKF7Qysg2Pvm4JnUu8RgX7IrQ7D+s=
Subject key identifier:   39:D4:28:66:65:1E:43:16:E3:43:0F:57:77:72:5C:4B:A3:B8:64:1D
Certificate issuer:       /CN=72aa537574350f26a6f36b43dc303b9e339e7eec
Certificate serial:       019958AB749A705D8EAB9E16E2C3A201195F
Authority key identifier: 72:AA:53:75:74:35:0F:26:A6:F3:6B:43:DC:30:3B:9E:33:9E:7E:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cqpTdXQ1Dyam82tD3DA7njOefuw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/OdQoZmUeQxbjQw9Xd3JcS6O4ZB0.roa
Signing time:             Wed 17 Sep 2025 17:14:15 +0000
ROA not before:           Wed 17 Sep 2025 17:14:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214550
IP address blocks:        2a14:73c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/cqpTdXQ1Dyam82tD3DA7njOefuw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/cqpTdXQ1Dyam82tD3DA7njOefuw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cqpTdXQ1Dyam82tD3DA7njOefuw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 05:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:58:ab:74:9a:70:5d:8e:ab:9e:16:e2:c3:a2:01:19:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72aa537574350f26a6f36b43dc303b9e339e7eec
        Validity
            Not Before: Sep 17 17:14:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39d42866651e4316e3430f5777725c4ba3b8641d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:2f:d8:9b:37:0b:15:9c:4d:49:de:3c:24:c0:
                    60:81:f8:b3:ad:dc:d7:76:7c:7e:51:e2:37:e0:a2:
                    4b:46:8a:94:4f:ff:d4:05:95:18:6d:5b:52:d3:5e:
                    4a:4c:f7:43:06:b7:8c:df:61:d5:15:94:b8:dc:f7:
                    a8:8f:06:65:d4:cd:26:6a:1f:8c:f4:fe:6e:ca:e5:
                    2f:af:6b:45:ae:d7:63:53:87:bc:1b:ab:42:5f:37:
                    f1:71:96:d8:50:eb:b7:c6:f6:09:0a:88:51:4b:bb:
                    ba:d8:c4:67:76:c3:e3:24:90:c0:5a:13:59:42:d9:
                    d0:f4:fc:4e:54:7a:f1:73:f4:02:ef:cc:b8:c5:ae:
                    aa:a0:ce:7c:cc:3d:ee:f1:d9:95:00:3e:97:c2:a6:
                    98:1e:57:fd:40:0d:d4:fa:cd:3e:9b:27:a2:84:64:
                    dc:38:97:57:e5:1f:73:c8:e7:d7:21:6e:51:32:e4:
                    f9:d4:0c:7a:f8:1f:26:0f:29:83:8c:15:85:e8:44:
                    23:72:58:62:a7:a2:9a:ab:fe:bb:61:6e:2f:fd:85:
                    84:fa:7f:68:36:f6:d0:00:cc:54:91:5c:35:bd:eb:
                    b8:4d:a6:d1:79:37:42:69:31:7e:d9:b0:7b:e3:a6:
                    d5:89:7a:ae:76:5c:d8:4b:00:ea:be:31:9b:31:ce:
                    a2:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D4:28:66:65:1E:43:16:E3:43:0F:57:77:72:5C:4B:A3:B8:64:1D
            X509v3 Authority Key Identifier:
                keyid:72:AA:53:75:74:35:0F:26:A6:F3:6B:43:DC:30:3B:9E:33:9E:7E:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cqpTdXQ1Dyam82tD3DA7njOefuw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/OdQoZmUeQxbjQw9Xd3JcS6O4ZB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/0f4383-726c-4ab8-9b25-96fd02bce764/1/cqpTdXQ1Dyam82tD3DA7njOefuw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:73c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         30:74:a6:89:e6:a0:2c:39:b0:5b:ab:00:a3:5e:e1:57:49:c7:
         53:6c:88:0e:8b:84:81:9f:42:d5:7f:8d:e0:25:11:67:02:16:
         9d:8e:74:60:fe:47:3a:9b:91:ef:75:a5:06:c0:7c:0a:fb:78:
         bf:5a:b5:36:94:1e:06:66:2b:71:b9:24:0f:73:db:54:e6:1a:
         bf:5e:73:1a:29:c2:76:70:5f:10:56:20:19:fb:0b:9e:b2:67:
         3d:04:36:78:af:7c:4c:ca:7c:29:44:bc:36:2f:0d:75:55:59:
         3b:38:5c:b3:0b:35:74:c1:fa:33:b8:6d:38:ce:d3:13:39:55:
         6a:b2:09:7e:42:f0:6c:ef:ae:d0:9f:2f:7a:a9:b8:f0:ae:15:
         b4:55:bc:c3:f5:c0:c0:a1:d1:5e:02:63:b7:4f:38:b1:db:d4:
         6f:3b:4b:03:31:48:bd:37:03:cc:dd:9c:36:0f:79:cb:7d:79:
         32:b5:f4:f0:ce:84:25:20:a5:2c:96:63:3a:fe:f3:24:ca:d5:
         e2:09:65:ae:d8:30:a0:3f:9e:2c:41:bc:1e:97:e3:20:b1:2f:
         6a:44:55:4f:7d:c5:67:2c:78:35:c7:29:91:b1:84:59:52:b0:
         c7:47:41:7f:06:0e:74:84:1f:a0:7c:ba:3c:7f:48:80:f7:41:
         e2:b3:1c:a9
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlYq3SacF2Oq54W4sOiARlfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYWE1Mzc1NzQzNTBmMjZhNmYzNmI0M2RjMzAzYjllMzM5
ZTdlZWMwHhcNMjUwOTE3MTcxNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ0Mjg2NjY1MWU0MzE2ZTM0MzBmNTc3NzcyNWM0YmEzYjg2NDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArS/YmzcLFZxNSd48JMBggfizrdzX
dnx+UeI34KJLRoqUT//UBZUYbVtS015KTPdDBreM32HVFZS43PeojwZl1M0mah+M
9P5uyuUvr2tFrtdjU4e8G6tCXzfxcZbYUOu3xvYJCohRS7u62MRndsPjJJDAWhNZ
QtnQ9PxOVHrxc/QC78y4xa6qoM58zD3u8dmVAD6XwqaYHlf9QA3U+s0+myeihGTc
OJdX5R9zyOfXIW5RMuT51Ax6+B8mDymDjBWF6EQjclhip6Kaq/67YW4v/YWE+n9o
NvbQAMxUkVw1veu4TabReTdCaTF+2bB746bViXqudlzYSwDqvjGbMc6iLQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDnUKGZlHkMW40MPV3dyXEujuGQdMB8GA1UdIwQY
MBaAFHKqU3V0NQ8mpvNrQ9wwO54znn7sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3FwVGRYUTFEeWFtODJ0RDNEQTduak9lZnV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS8wZjQzODMtNzI2Yy00YWI4LTliMjUt
OTZmZDAyYmNlNzY0LzEvT2RRb1ptVWVReGJqUXc5WGQzSmNTNk80WkIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS8wZjQzODMtNzI2Yy00YWI4LTliMjUtOTZmZDAyYmNlNzY0
LzEvY3FwVGRYUTFEeWFtODJ0RDNEQTduak9lZnV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRzwDAN
BgkqhkiG9w0BAQsFAAOCAQEAMHSmieagLDmwW6sAo17hV0nHU2yIDouEgZ9C1X+N
4CURZwIWnY50YP5HOpuR73WlBsB8Cvt4v1q1NpQeBmYrcbkkD3PbVOYav15zGinC
dnBfEFYgGfsLnrJnPQQ2eK98TMp8KUS8Ni8NdVVZOzhcsws1dMH6M7htOM7TEzlV
arIJfkLwbO+u0J8veqm48K4VtFW8w/XAwKHRXgJjt084sdvUbztLAzFIvTcDzN2c
Ng95y315MrX08M6EJSClLJZjOv7zJMrV4gllrtgwoD+eLEG8HpfjILEvakRVT33F
Zyx4NccpkbGEWVKwx0dBfwYOdIQfoHy6PH9IgPdB4rMcqQ==
-----END CERTIFICATE-----