Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/2tQqGK4g82dy1c5SML4akqkLzQs.roa
File:                     2tQqGK4g82dy1c5SML4akqkLzQs.roa (raw, json)
Hash identifier:          0ihiDi+ydh24SGVwQxglY4r4t8f0Ij3xsuV5NeDNJgU=
Subject key identifier:   DA:D4:2A:18:AE:20:F3:67:72:D5:CE:52:30:BE:1A:92:A9:0B:CD:0B
Certificate issuer:       /CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
Certificate serial:       01999A76377C61A3A6FEA6C4665930932B0D
Authority key identifier: 6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/2tQqGK4g82dy1c5SML4akqkLzQs.roa
Signing time:             Tue 30 Sep 2025 11:51:02 +0000
ROA not before:           Tue 30 Sep 2025 11:51:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210387
IP address blocks:        2a14:9401:4000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Oct 2025 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:76:37:7c:61:a3:a6:fe:a6:c4:66:59:30:93:2b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fa64a647bd2a5557f70f676adcc76904fb872ab
        Validity
            Not Before: Sep 30 11:51:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dad42a18ae20f36772d5ce5230be1a92a90bcd0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:6c:c2:bd:68:b5:10:b0:98:03:95:95:57:5c:
                    9d:7f:26:08:9f:2f:33:87:72:16:7d:26:17:ca:cc:
                    ed:ca:6b:ec:ed:d0:3f:07:c1:00:02:41:7e:4f:09:
                    56:f1:8c:2d:cf:d9:8a:b9:fa:56:f5:45:c6:fb:dd:
                    d8:37:8d:bc:0d:52:62:91:f7:3d:07:d7:e8:92:62:
                    a7:a0:b4:ae:86:a9:6d:65:b3:a0:20:2d:2e:fc:44:
                    d1:a8:68:85:16:23:23:d7:06:9f:93:0a:ba:49:e2:
                    4a:46:96:99:dc:85:10:32:0a:41:8a:db:c4:24:16:
                    1d:81:0f:20:13:9e:a1:13:1a:85:80:4b:b8:af:a7:
                    a6:9a:8d:e0:3a:92:0b:0b:72:a3:60:73:3b:42:df:
                    7f:01:05:b5:6d:82:9d:eb:1f:42:7a:58:04:3c:1b:
                    03:1a:b9:ec:7f:e3:9e:7b:ba:87:15:f1:c4:ad:94:
                    49:6a:31:ed:0b:e4:eb:5a:41:7b:7e:b8:be:fb:f1:
                    bd:ff:f8:0c:03:d3:4a:ca:cb:78:6e:90:db:2f:d2:
                    ea:ab:c5:0a:fd:2c:03:10:fa:41:06:8b:6e:04:e6:
                    2c:85:6b:6b:8c:24:42:50:00:00:45:aa:89:cc:1e:
                    32:0b:4e:11:66:52:2f:86:55:56:1f:b9:fe:ef:51:
                    9b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:D4:2A:18:AE:20:F3:67:72:D5:CE:52:30:BE:1A:92:A9:0B:CD:0B
            X509v3 Authority Key Identifier:
                keyid:6F:A6:4A:64:7B:D2:A5:55:7F:70:F6:76:AD:CC:76:90:4F:B8:72:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/2tQqGK4g82dy1c5SML4akqkLzQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/258dae-54fa-4a33-a19d-e91b3abd1fe8/1/b6ZKZHvSpVV_cPZ2rcx2kE-4cqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9401:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         48:b0:93:a2:00:90:43:52:b9:ed:a1:ff:cb:fe:09:cb:06:9f:
         7a:3a:2a:d6:15:db:6d:8b:76:a9:60:64:93:3e:de:c0:e0:c1:
         7b:38:9f:bd:c5:4a:d6:ea:4c:51:01:e2:a9:70:c4:28:a1:2b:
         65:b7:14:e9:14:9a:38:e0:3d:4f:55:69:a6:d0:00:0f:7c:c5:
         b8:2c:cb:6e:42:77:b3:dc:e0:ae:35:da:af:a9:97:d9:d5:76:
         46:05:66:91:5c:5e:64:8a:70:1c:17:a9:d7:d3:3d:c0:dc:6b:
         cc:91:07:c0:a1:f9:00:62:ce:ef:a6:3c:de:98:b0:f6:da:51:
         04:4f:ae:80:b5:b8:b4:40:c6:91:c4:64:09:a4:b5:90:14:be:
         e8:5e:e1:e9:34:b0:22:4a:e0:67:57:9c:b9:03:d8:ce:14:d4:
         a8:5c:56:77:0a:3b:1c:30:52:5d:5b:9a:0c:96:81:e4:96:31:
         3f:64:be:39:82:c3:42:9b:41:f8:90:b4:48:5c:f0:80:19:ba:
         1b:cf:59:55:7c:93:54:06:ee:d1:05:c8:1c:e4:94:69:0b:86:
         56:85:0b:4c:ca:79:3c:aa:16:e7:73:63:20:bc:e2:58:07:d1:
         60:c3:2c:a6:ef:66:55:e6:6e:a6:c4:b4:bd:17:42:34:17:10:
         e9:55:95:72
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmadjd8YaOm/qbEZlkwkysNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYTY0YTY0N2JkMmE1NTU3ZjcwZjY3NmFkY2M3NjkwNGZi
ODcyYWIwHhcNMjUwOTMwMTE1MTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWQ0MmExOGFlMjBmMzY3NzJkNWNlNTIzMGJlMWE5MmE5MGJjZDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGzCvWi1ELCYA5WVV1ydfyYIny8z
h3IWfSYXysztymvs7dA/B8EAAkF+TwlW8Ywtz9mKufpW9UXG+93YN428DVJikfc9
B9fokmKnoLSuhqltZbOgIC0u/ETRqGiFFiMj1wafkwq6SeJKRpaZ3IUQMgpBitvE
JBYdgQ8gE56hExqFgEu4r6emmo3gOpILC3KjYHM7Qt9/AQW1bYKd6x9CelgEPBsD
Grnsf+Oee7qHFfHErZRJajHtC+TrWkF7fri++/G9//gMA9NKyst4bpDbL9Lqq8UK
/SwDEPpBBotuBOYshWtrjCRCUAAARaqJzB4yC04RZlIvhlVWH7n+71GbNwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFNrUKhiuIPNnctXOUjC+GpKpC80LMB8GA1UdIwQY
MBaAFG+mSmR70qVVf3D2dq3MdpBPuHKrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQt
ZTkxYjNhYmQxZmU4LzEvMnRRcUdLNGc4MmR5MWM1U01MNGFrcWtMelFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yNThkYWUtNTRmYS00YTMzLWExOWQtZTkxYjNhYmQxZmU4
LzEvYjZaS1pIdlNwVlZfY1BaMnJjeDJrRS00Y3FzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKhSUAUAw
DQYJKoZIhvcNAQELBQADggEBAEiwk6IAkENSue2h/8v+CcsGn3o6KtYV222Ldqlg
ZJM+3sDgwXs4n73FStbqTFEB4qlwxCihK2W3FOkUmjjgPU9VaabQAA98xbgsy25C
d7Pc4K412q+pl9nVdkYFZpFcXmSKcBwXqdfTPcDca8yRB8Ch+QBizu+mPN6YsPba
UQRProC1uLRAxpHEZAmktZAUvuhe4ek0sCJK4GdXnLkD2M4U1KhcVncKOxwwUl1b
mgyWgeSWMT9kvjmCw0KbQfiQtEhc8IAZuhvPWVV8k1QG7tEFyBzklGkLhlaFC0zK
eTyqFudzYyC84lgH0WDDLKbvZlXmbqbEtL0XQjQXEOlVlXI=
-----END CERTIFICATE-----