Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/YqC2VTxiSf6N6CH_T6N3pCLJERQ.roa
File:                     YqC2VTxiSf6N6CH_T6N3pCLJERQ.roa (raw, json)
Hash identifier:          a8gYqeVoJseoS34lomrK7Ci6A3BwLLCYd0bHvL6Bj+I=
Subject key identifier:   62:A0:B6:55:3C:62:49:FE:8D:E8:21:FF:4F:A3:77:A4:22:C9:11:14
Certificate issuer:       /CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
Certificate serial:       01990EBE1E919A8E3AD109736D590DE8B377
Authority key identifier: 3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/YqC2VTxiSf6N6CH_T6N3pCLJERQ.roa
Signing time:             Wed 03 Sep 2025 08:42:44 +0000
ROA not before:           Wed 03 Sep 2025 08:42:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a14:4b41:1300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Sep 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0e:be:1e:91:9a:8e:3a:d1:09:73:6d:59:0d:e8:b3:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
        Validity
            Not Before: Sep  3 08:42:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62a0b6553c6249fe8de821ff4fa377a422c91114
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:7f:36:28:e9:e5:a6:38:3c:d6:a1:05:b7:92:
                    2c:7b:1f:de:5c:21:2a:82:3a:b3:ae:cf:8f:42:6a:
                    fe:13:3c:f5:d9:6e:4c:67:ab:fe:4a:ac:3a:9d:bd:
                    35:b9:3c:ce:82:af:59:a5:e7:19:dc:00:6f:96:1d:
                    2c:72:e2:15:55:5c:3f:df:b3:f5:ae:36:ff:1c:c4:
                    57:c0:ba:e0:0e:2a:e0:bc:d6:43:ef:f4:d9:77:57:
                    83:b9:bb:cd:a5:0a:b6:c3:58:65:f1:1a:be:ca:81:
                    b7:64:32:f6:f9:f4:a0:b9:06:4d:16:b5:08:f2:cf:
                    22:28:b9:e5:7e:26:df:ce:6f:07:7f:af:5f:23:81:
                    c6:ad:35:cc:5b:ab:8d:6b:a8:b0:7a:58:ae:25:0f:
                    2b:27:6c:8e:6b:d4:dd:09:19:55:bd:91:88:97:88:
                    95:bf:31:76:f6:6a:10:88:01:72:a4:80:d0:d3:4c:
                    56:29:84:16:a8:0d:21:7e:3b:ae:49:f3:82:04:bf:
                    13:9c:0a:37:74:a1:05:0f:5f:57:28:be:7e:47:30:
                    58:bc:64:d4:1a:90:c1:97:5c:6f:39:f3:d2:ae:3c:
                    c1:e3:c9:42:0b:13:24:4a:ed:fd:fa:3f:40:c5:f3:
                    43:b0:d7:7f:a7:97:3b:a7:9e:b3:dd:d7:e9:db:45:
                    cb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:A0:B6:55:3C:62:49:FE:8D:E8:21:FF:4F:A3:77:A4:22:C9:11:14
            X509v3 Authority Key Identifier:
                keyid:3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/YqC2VTxiSf6N6CH_T6N3pCLJERQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b41:1300::/40

    Signature Algorithm: sha256WithRSAEncryption
         27:db:2f:cd:06:5c:d1:ce:37:57:6e:53:3d:d6:b7:94:a1:91:
         23:ad:1b:1a:6c:87:79:d5:b5:06:32:c6:f2:6b:5f:48:a3:69:
         88:49:f8:7f:8c:76:f4:86:40:be:6b:6d:d6:1f:00:3f:29:6c:
         d3:d3:f4:f5:61:ee:53:6a:39:c9:c6:ca:88:2b:49:44:da:e8:
         c9:2c:d9:6d:5c:06:9d:af:c5:ca:bb:eb:61:18:06:59:df:2b:
         92:51:95:fc:3b:84:e9:0b:c2:a2:14:a0:78:9f:47:1f:13:f6:
         42:ae:35:9a:f1:e3:7d:e5:56:af:fe:85:ec:e0:83:87:06:a7:
         ff:e2:7d:82:80:d3:b9:f5:0a:4a:36:2d:02:96:6f:8c:e7:fb:
         72:a5:c4:56:57:dc:14:1d:ca:5a:aa:5a:da:d3:90:f0:8f:14:
         eb:e7:32:dc:ba:20:4a:c8:1b:25:5e:58:55:d0:8a:5a:5e:36:
         63:54:cc:fc:b5:6d:98:a1:2d:e2:ef:f9:78:c7:4d:d0:1b:cf:
         86:ff:98:03:4a:83:a4:82:a7:f3:be:bd:f1:a8:7d:1e:6d:ba:
         e9:ca:b3:19:67:fd:f0:9b:46:b6:0a:24:52:70:74:55:23:df:
         6c:16:da:93:fd:ab:90:ed:e6:f5:9f:2d:9c:d1:82:ed:80:61:
         dd:7f:30:e3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZkOvh6Rmo460QlzbVkN6LN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2VhMzNhZWE4YjM4NDI3ZjJiY2VmNWVkNGMyMTQyM2Ey
YTlkNjQwHhcNMjUwOTAzMDg0MjQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmEwYjY1NTNjNjI0OWZlOGRlODIxZmY0ZmEzNzdhNDIyYzkxMTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwX82KOnlpjg81qEFt5Isex/eXCEq
gjqzrs+PQmr+Ezz12W5MZ6v+Sqw6nb01uTzOgq9ZpecZ3ABvlh0scuIVVVw/37P1
rjb/HMRXwLrgDirgvNZD7/TZd1eDubvNpQq2w1hl8Rq+yoG3ZDL2+fSguQZNFrUI
8s8iKLnlfibfzm8Hf69fI4HGrTXMW6uNa6iweliuJQ8rJ2yOa9TdCRlVvZGIl4iV
vzF29moQiAFypIDQ00xWKYQWqA0hfjuuSfOCBL8TnAo3dKEFD19XKL5+RzBYvGTU
GpDBl1xvOfPSrjzB48lCCxMkSu39+j9AxfNDsNd/p5c7p56z3dfp20XLVwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGKgtlU8Ykn+jegh/0+jd6QiyREUMB8GA1UdIwQY
MBaAFDo+ozrqizhCfyvO9e1MIUI6Kp1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYt
MWQ2N2MzMjQ1MDFmLzEvWXFDMlZUeGlTZjZONkNIX1Q2TjNwQ0xKRVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYtMWQ2N2MzMjQ1MDFm
LzEvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhRLQRMw
DQYJKoZIhvcNAQELBQADggEBACfbL80GXNHON1duUz3Wt5ShkSOtGxpsh3nVtQYy
xvJrX0ijaYhJ+H+MdvSGQL5rbdYfAD8pbNPT9PVh7lNqOcnGyogrSUTa6Mks2W1c
Bp2vxcq762EYBlnfK5JRlfw7hOkLwqIUoHifRx8T9kKuNZrx433lVq/+hezgg4cG
p//ifYKA07n1Cko2LQKWb4zn+3KlxFZX3BQdylqqWtrTkPCPFOvnMty6IErIGyVe
WFXQilpeNmNUzPy1bZihLeLv+XjHTdAbz4b/mANKg6SCp/O+vfGofR5tuunKsxln
/fCbRrYKJFJwdFUj32wW2pP9q5Dt5vWfLZzRgu2AYd1/MOM=
-----END CERTIFICATE-----