Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/85XHTZF8_OOGgOk-mVWKWLc6lIY.roa
File:                     85XHTZF8_OOGgOk-mVWKWLc6lIY.roa (raw, json)
Hash identifier:          b0pu/O6201+Sp/Sf6rtT9fuAu2Go+sAcXF6QddYqSIs=
Subject key identifier:   F3:95:C7:4D:91:7C:FC:E3:86:80:E9:3E:99:55:8A:58:B7:3A:94:86
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019826F101E96414F207AB84119D9BC52AAD
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/85XHTZF8_OOGgOk-mVWKWLc6lIY.roa
Signing time:             Sun 20 Jul 2025 08:26:25 +0000
ROA not before:           Sun 20 Jul 2025 08:26:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215592
IP address blocks:        2a14:67c1:b600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Jul 2025 14:07:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:26:f1:01:e9:64:14:f2:07:ab:84:11:9d:9b:c5:2a:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Jul 20 08:26:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f395c74d917cfce38680e93e99558a58b73a9486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:68:2f:99:15:4a:9c:7c:38:4d:b3:40:80:03:
                    ca:35:3a:67:cf:ea:25:f2:32:c6:4f:0a:53:db:4f:
                    7c:7b:d2:85:78:2d:ff:ef:05:ce:68:66:34:b4:ff:
                    f5:72:57:3f:28:f7:82:50:00:10:37:63:c0:f1:c9:
                    e1:4f:78:78:77:ba:bd:2e:e8:a8:21:ab:8f:da:e5:
                    10:0d:12:a1:a9:17:4d:ff:c1:94:50:f7:07:e7:13:
                    38:b1:29:ab:76:e3:9e:bb:d7:97:64:04:1e:a1:2e:
                    75:d0:62:dc:a4:d1:24:c0:13:48:d2:e7:c6:a6:2c:
                    f8:00:fc:63:10:0c:0d:4d:0a:61:67:27:45:4c:61:
                    50:06:49:93:ca:c1:7e:22:be:e0:5e:58:f3:be:1a:
                    40:3a:3c:ad:82:62:eb:c7:1a:1e:2f:14:62:f8:b5:
                    40:6f:a7:f5:6b:3f:f2:d2:14:1a:32:f6:8c:9b:c1:
                    b3:8e:6b:f7:86:eb:cf:33:8f:96:26:9f:4f:0b:8b:
                    56:ee:98:04:89:42:e2:7e:f8:20:b2:90:00:b5:02:
                    f7:49:fd:73:df:a8:e6:50:3c:d9:cb:59:d1:c7:f3:
                    cf:e5:b4:33:45:fc:df:57:3d:01:92:9b:51:a1:57:
                    c7:fe:3d:4b:26:19:54:3c:b6:a9:a4:5c:94:14:1e:
                    f4:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:95:C7:4D:91:7C:FC:E3:86:80:E9:3E:99:55:8A:58:B7:3A:94:86
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/85XHTZF8_OOGgOk-mVWKWLc6lIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b600::/40

    Signature Algorithm: sha256WithRSAEncryption
         d7:42:05:ae:79:83:2f:61:b1:f6:90:9d:6b:39:1a:1b:fb:9a:
         4f:c7:70:0f:c2:7b:30:91:24:23:da:6c:7d:f1:63:a1:b6:ab:
         c5:96:7c:a0:6e:2b:d7:65:96:b0:a3:ee:18:c0:3d:f0:e5:98:
         14:d8:4b:64:90:b1:fa:a2:85:27:9c:dc:3f:26:4a:f4:df:67:
         c6:f8:ab:03:f9:d5:bd:12:b5:fa:d1:5e:d7:8e:3d:83:f1:5f:
         13:a9:d5:69:ba:23:9f:e2:64:3f:61:39:b8:34:65:4b:aa:f1:
         e7:ef:55:d8:aa:e3:0f:0b:ad:09:72:fc:b1:86:81:36:fd:86:
         59:89:a9:44:2b:5d:72:1a:b3:3a:6d:af:a5:00:ca:6e:00:c8:
         18:e3:c2:a8:47:f6:92:55:19:17:ee:b0:ec:f4:3a:28:18:37:
         b8:76:f2:49:c1:45:6a:1a:b8:67:9d:9d:69:80:10:93:45:19:
         b1:60:c7:e3:f7:22:3f:3a:92:7c:1c:c6:f4:b3:65:26:85:76:
         26:e5:04:d6:27:91:1a:f0:76:72:d0:4b:74:e3:c5:3d:95:ad:
         b9:da:cc:0b:1c:4d:b2:8c:0e:6f:7b:31:8b:02:e2:b6:d5:c7:
         63:70:a1:f0:1b:00:ca:5e:92:69:e9:97:66:4b:fd:6f:57:5b:
         c4:f3:0f:97
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZgm8QHpZBTyB6uEEZ2bxSqtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwNzIwMDgyNjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzk1Yzc0ZDkxN2NmY2UzODY4MGU5M2U5OTU1OGE1OGI3M2E5NDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGgvmRVKnHw4TbNAgAPKNTpnz+ol
8jLGTwpT2098e9KFeC3/7wXOaGY0tP/1clc/KPeCUAAQN2PA8cnhT3h4d7q9Luio
IauP2uUQDRKhqRdN/8GUUPcH5xM4sSmrduOeu9eXZAQeoS510GLcpNEkwBNI0ufG
piz4APxjEAwNTQphZydFTGFQBkmTysF+Ir7gXljzvhpAOjytgmLrxxoeLxRi+LVA
b6f1az/y0hQaMvaMm8Gzjmv3huvPM4+WJp9PC4tW7pgEiULifvggspAAtQL3Sf1z
36jmUDzZy1nRx/PP5bQzRfzfVz0BkptRoVfH/j1LJhlUPLappFyUFB70VwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPOVx02RfPzjhoDpPplVili3OpSGMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvODVYSFRaRjhfT09HZ09rLW1WV0tXTGM2bElZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRnwbYw
DQYJKoZIhvcNAQELBQADggEBANdCBa55gy9hsfaQnWs5Ghv7mk/HcA/CezCRJCPa
bH3xY6G2q8WWfKBuK9dllrCj7hjAPfDlmBTYS2SQsfqihSec3D8mSvTfZ8b4qwP5
1b0StfrRXteOPYPxXxOp1Wm6I5/iZD9hObg0ZUuq8efvVdiq4w8LrQly/LGGgTb9
hlmJqUQrXXIaszptr6UAym4AyBjjwqhH9pJVGRfusOz0OigYN7h28knBRWoauGed
nWmAEJNFGbFgx+P3Ij86knwcxvSzZSaFdiblBNYnkRrwdnLQS3TjxT2VrbnazAsc
TbKMDm97MYsC4rbVx2NwofAbAMpekmnpl2ZL/W9XW8TzD5c=
-----END CERTIFICATE-----