Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/GXU9CZoWeYqYaMLcXtU452RLGzE.roa
File:                     GXU9CZoWeYqYaMLcXtU452RLGzE.roa (raw, json)
Hash identifier:          Ug+ep/scaRMIVKYjt/kb3DXC95IqSzR3jdE/0W22yWQ=
Subject key identifier:   19:75:3D:09:9A:16:79:8A:98:68:C2:DC:5E:D5:38:E7:64:4B:1B:31
Certificate issuer:       /CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
Certificate serial:       019901C4751907691134D9B097187AFBCDCC
Authority key identifier: 67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/GXU9CZoWeYqYaMLcXtU452RLGzE.roa
Signing time:             Sun 31 Aug 2025 20:14:36 +0000
ROA not before:           Sun 31 Aug 2025 20:14:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     154185
IP address blocks:        2a14:67c1:b140::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 01:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:01:c4:75:19:07:69:11:34:d9:b0:97:18:7a:fb:cd:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67f31bde46516347f4edfcbe30edac9a09e4e0e0
        Validity
            Not Before: Aug 31 20:14:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19753d099a16798a9868c2dc5ed538e7644b1b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:2d:7a:70:e5:36:39:30:9f:f8:39:12:7e:93:
                    84:fd:d2:69:f8:59:00:7c:f9:cd:6b:b2:80:f6:0a:
                    62:f1:bf:7e:a4:f1:0b:fc:62:ed:6f:41:fa:33:d6:
                    29:24:4d:00:c2:b8:83:29:79:2b:3f:19:47:15:9b:
                    e7:0d:a2:06:f9:ec:1f:8f:3f:01:72:d8:63:45:34:
                    b5:df:c2:f9:03:29:f1:30:b8:6a:a1:bd:4c:3a:bc:
                    d9:9c:71:c4:85:17:58:ba:5d:81:bb:44:00:03:2d:
                    38:76:87:5a:36:b4:98:29:47:09:24:9d:69:91:a7:
                    1e:b1:ac:f7:6d:2e:db:9a:51:01:2a:95:58:29:d9:
                    b5:f3:37:dc:1c:02:1c:78:b7:f6:3c:59:12:99:bb:
                    10:65:90:4d:20:16:f1:bd:19:29:31:7d:2f:b1:c3:
                    a4:f2:59:27:d0:05:f2:bf:73:b3:78:4d:20:f6:fc:
                    b2:93:e4:35:38:70:35:92:53:fc:a5:82:06:34:2f:
                    a0:39:95:90:1b:e1:90:89:41:70:38:43:da:ce:9d:
                    dd:f6:18:23:dc:21:9c:90:1b:b4:86:28:16:4a:a4:
                    bc:c0:e1:1d:0f:d4:eb:3e:05:33:9f:01:36:f6:c8:
                    9d:33:08:80:3f:0d:dc:0f:3f:b0:51:0d:3a:44:78:
                    b7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:75:3D:09:9A:16:79:8A:98:68:C2:DC:5E:D5:38:E7:64:4B:1B:31
            X509v3 Authority Key Identifier:
                keyid:67:F3:1B:DE:46:51:63:47:F4:ED:FC:BE:30:ED:AC:9A:09:E4:E0:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z_Mb3kZRY0f07fy-MO2smgnk4OA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/GXU9CZoWeYqYaMLcXtU452RLGzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/732b6c-48e4-4350-8a56-f6cc4ef0f7df/1/Z_Mb3kZRY0f07fy-MO2smgnk4OA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:67c1:b140::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:07:51:cd:2e:19:0f:99:15:d1:cc:da:78:2a:f6:94:9a:ce:
         ae:60:b0:86:0f:3b:c6:fc:1d:27:7b:f4:b7:24:09:ef:8f:28:
         00:4d:8d:e6:5b:27:e8:4a:0e:10:21:fe:6c:6f:b8:f9:8c:ac:
         68:b2:ef:c9:4e:b6:3d:7a:06:87:e4:ca:73:f3:7f:18:e2:9c:
         19:cc:19:6e:5a:79:52:47:1e:61:6d:3c:cc:08:11:1e:9f:70:
         0c:b0:28:27:cd:e3:ec:c7:ca:db:e8:0e:ce:4d:45:4d:fa:6c:
         2e:0c:47:49:fd:28:99:af:c2:dc:65:b5:a0:31:1f:03:c1:33:
         32:66:b8:13:9e:35:27:85:fc:77:5b:2d:6f:15:a8:65:ca:51:
         70:32:b7:cd:90:14:e4:9d:9a:61:2f:23:d3:b8:0c:85:dd:8a:
         fd:f8:05:d1:cd:d8:0d:c7:fd:5f:f8:ed:0e:89:87:de:bb:aa:
         e0:d7:37:4e:29:cd:b7:c1:e1:0b:fb:e0:7b:91:30:12:c2:13:
         53:c9:45:f6:4b:54:30:ae:7a:79:28:91:c2:d0:01:c8:87:38:
         c3:4e:1a:a6:1d:c8:3f:44:11:9c:2e:f3:c6:ce:c5:aa:b8:ac:
         f6:37:10:b9:e3:34:cc:c0:5f:99:82:75:4b:e0:83:59:06:ff:
         2d:17:2c:08
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkBxHUZB2kRNNmwlxh6+83MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZjMxYmRlNDY1MTYzNDdmNGVkZmNiZTMwZWRhYzlhMDll
NGUwZTAwHhcNMjUwODMxMjAxNDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTc1M2QwOTlhMTY3OThhOTg2OGMyZGM1ZWQ1MzhlNzY0NGIxYjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuy16cOU2OTCf+DkSfpOE/dJp+FkA
fPnNa7KA9gpi8b9+pPEL/GLtb0H6M9YpJE0AwriDKXkrPxlHFZvnDaIG+ewfjz8B
cthjRTS138L5AynxMLhqob1MOrzZnHHEhRdYul2Bu0QAAy04dodaNrSYKUcJJJ1p
kacesaz3bS7bmlEBKpVYKdm18zfcHAIceLf2PFkSmbsQZZBNIBbxvRkpMX0vscOk
8lkn0AXyv3OzeE0g9vyyk+Q1OHA1klP8pYIGNC+gOZWQG+GQiUFwOEPazp3d9hgj
3CGckBu0higWSqS8wOEdD9TrPgUznwE29sidMwiAPw3cDz+wUQ06RHi3tQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBl1PQmaFnmKmGjC3F7VOOdkSxsxMB8GA1UdIwQY
MBaAFGfzG95GUWNH9O38vjDtrJoJ5ODgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYt
ZjZjYzRlZjBmN2RmLzEvR1hVOUNab1dlWXFZYU1MY1h0VTQ1MlJMR3pFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC83MzJiNmMtNDhlNC00MzUwLThhNTYtZjZjYzRlZjBmN2Rm
LzEvWl9NYjNrWlJZMGYwN2Z5LU1PMnNtZ25rNE9BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhRnwbFA
MA0GCSqGSIb3DQEBCwUAA4IBAQBHB1HNLhkPmRXRzNp4KvaUms6uYLCGDzvG/B0n
e/S3JAnvjygATY3mWyfoSg4QIf5sb7j5jKxosu/JTrY9egaH5Mpz838Y4pwZzBlu
WnlSRx5hbTzMCBEen3AMsCgnzePsx8rb6A7OTUVN+mwuDEdJ/SiZr8LcZbWgMR8D
wTMyZrgTnjUnhfx3Wy1vFahlylFwMrfNkBTknZphLyPTuAyF3Yr9+AXRzdgNx/1f
+O0OiYfeu6rg1zdOKc23weEL++B7kTASwhNTyUX2S1Qwrnp5KJHC0AHIhzjDThqm
Hcg/RBGcLvPGzsWquKz2NxC54zTMwF+ZgnVL4INZBv8tFywI
-----END CERTIFICATE-----