Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/IR62xMFiyoq3T26S7rC2t-vsg1Q.roa
File:                     IR62xMFiyoq3T26S7rC2t-vsg1Q.roa (raw, json)
Hash identifier:          4JHweAbKcSwcD4ukqyEXy7b32Dk2067OV6viHWo+wV4=
Subject key identifier:   21:1E:B6:C4:C1:62:CA:8A:B7:4F:6E:92:EE:B0:B6:B7:EB:EC:83:54
Certificate issuer:       /CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
Certificate serial:       019A54798BADC29CD006DC450FDD8C3F80CB
Authority key identifier: 12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/IR62xMFiyoq3T26S7rC2t-vsg1Q.roa
Signing time:             Wed 05 Nov 2025 14:44:03 +0000
ROA not before:           Wed 05 Nov 2025 14:44:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207695
IP address blocks:        2a14:6781:1800::/38 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 10 Nov 2025 05:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:54:79:8b:ad:c2:9c:d0:06:dc:45:0f:dd:8c:3f:80:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12be29c956894c49c6d4be0ed98882b90d1bc77f
        Validity
            Not Before: Nov  5 14:44:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=211eb6c4c162ca8ab74f6e92eeb0b6b7ebec8354
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:3e:f8:01:0a:0a:94:3d:bf:1d:c2:15:ac:3c:
                    ce:1b:be:2e:5e:29:d7:14:86:28:38:17:ca:38:8a:
                    e8:bd:29:c0:21:00:07:19:a4:ed:61:9c:4a:2a:2f:
                    bd:51:85:2f:ac:07:9b:64:6f:16:26:06:6e:17:e8:
                    88:4c:b8:34:77:c8:3b:8a:3b:58:92:05:92:09:3b:
                    b2:f4:b7:21:3f:8e:fb:70:32:8a:d0:b2:67:6e:2a:
                    85:ac:d0:7b:f1:6e:f7:46:ee:47:79:a4:08:3d:67:
                    9e:69:b7:54:fe:68:9d:f2:82:06:6a:6d:4b:a6:ec:
                    d4:27:a6:97:33:f4:3c:6d:98:57:90:05:7a:02:7a:
                    11:a4:fb:e1:f8:a3:85:b5:33:76:e7:63:1e:5f:68:
                    08:f5:f3:7e:3d:ff:ce:35:73:09:32:ae:df:f0:b2:
                    17:39:09:b9:4e:af:33:9e:92:15:fd:a9:37:0a:ca:
                    7e:95:c7:35:f9:e7:be:a3:40:bb:cb:0e:8b:13:fe:
                    60:48:14:86:55:df:24:34:33:bd:a2:b3:d3:77:46:
                    96:fd:08:01:a2:b3:c4:eb:36:19:af:8c:b8:35:b4:
                    0f:5c:d1:c8:a7:15:10:f1:6c:ea:f5:48:21:95:ee:
                    87:76:c4:34:f7:ae:33:b7:35:d2:2e:4d:b2:04:05:
                    e5:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:1E:B6:C4:C1:62:CA:8A:B7:4F:6E:92:EE:B0:B6:B7:EB:EC:83:54
            X509v3 Authority Key Identifier:
                keyid:12:BE:29:C9:56:89:4C:49:C6:D4:BE:0E:D9:88:82:B9:0D:1B:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Er4pyVaJTEnG1L4O2YiCuQ0bx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/IR62xMFiyoq3T26S7rC2t-vsg1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/c2788f-8c8c-47bb-b922-aa6ed4dafb3b/1/Er4pyVaJTEnG1L4O2YiCuQ0bx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6781:1800::/38

    Signature Algorithm: sha256WithRSAEncryption
         79:12:e2:21:68:b6:80:23:30:23:4b:51:cb:ee:5a:ae:dc:9a:
         98:60:ab:55:cb:6b:ac:21:37:5e:6a:f1:61:19:d2:8d:bd:0a:
         71:df:9f:f5:7a:7e:a1:6c:9d:54:f4:d0:1a:41:b6:13:6e:0a:
         4a:02:69:e2:12:9c:a5:b8:7f:43:16:91:0d:38:e6:3a:84:ea:
         90:bf:1d:e1:ca:13:71:0c:16:d2:c8:20:ef:fc:63:82:1d:38:
         7b:5c:67:28:9a:07:db:41:6f:d6:f7:4a:57:2a:04:4a:f8:34:
         b7:46:09:bd:02:65:60:94:78:e1:10:be:bf:76:0f:85:31:4c:
         ea:3e:b5:77:a8:e9:5a:9c:55:3d:65:2b:64:db:83:dd:45:39:
         e9:ab:d7:0c:66:71:ee:3b:6f:f1:99:64:40:f1:c1:ab:78:0e:
         dd:7b:47:ef:97:34:b1:51:4e:eb:60:c0:82:4d:b5:f1:8b:cc:
         e7:38:c9:e7:e9:20:c6:2b:8b:cd:d4:39:68:e5:38:28:a6:5e:
         de:1b:9f:5e:ec:f3:f5:21:60:05:64:f0:91:9a:44:51:12:32:
         35:49:a8:05:8c:e4:8a:d8:7c:5a:3d:0a:22:90:6f:d4:fa:78:
         0d:9a:d8:1e:94:e2:b6:ce:02:b2:45:e1:d4:59:66:e5:1f:dc:
         97:cf:6e:fb
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZpUeYutwpzQBtxFD92MP4DLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYmUyOWM5NTY4OTRjNDljNmQ0YmUwZWQ5ODg4MmI5MGQx
YmM3N2YwHhcNMjUxMTA1MTQ0NDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTFlYjZjNGMxNjJjYThhYjc0ZjZlOTJlZWIwYjZiN2ViZWM4MzU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnD74AQoKlD2/HcIVrDzOG74uXinX
FIYoOBfKOIrovSnAIQAHGaTtYZxKKi+9UYUvrAebZG8WJgZuF+iITLg0d8g7ijtY
kgWSCTuy9LchP477cDKK0LJnbiqFrNB78W73Ru5HeaQIPWeeabdU/mid8oIGam1L
puzUJ6aXM/Q8bZhXkAV6AnoRpPvh+KOFtTN252MeX2gI9fN+Pf/ONXMJMq7f8LIX
OQm5Tq8znpIV/ak3Csp+lcc1+ee+o0C7yw6LE/5gSBSGVd8kNDO9orPTd0aW/QgB
orPE6zYZr4y4NbQPXNHIpxUQ8Wzq9Ughle6HdsQ0964ztzXSLk2yBAXlCwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCEetsTBYsqKt09uku6wtrfr7INUMB8GA1UdIwQY
MBaAFBK+KclWiUxJxtS+DtmIgrkNG8d/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjIt
YWE2ZWQ0ZGFmYjNiLzEvSVI2MnhNRml5b3EzVDI2UzdyQzJ0LXZzZzFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9jMjc4OGYtOGM4Yy00N2JiLWI5MjItYWE2ZWQ0ZGFmYjNi
LzEvRXI0cHlWYUpURW5HMUw0TzJZaUN1UTBieDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYCKhRngRgw
DQYJKoZIhvcNAQELBQADggEBAHkS4iFotoAjMCNLUcvuWq7cmphgq1XLa6whN15q
8WEZ0o29CnHfn/V6fqFsnVT00BpBthNuCkoCaeISnKW4f0MWkQ045jqE6pC/HeHK
E3EMFtLIIO/8Y4IdOHtcZyiaB9tBb9b3SlcqBEr4NLdGCb0CZWCUeOEQvr92D4Ux
TOo+tXeo6VqcVT1lK2Tbg91FOemr1wxmce47b/GZZEDxwat4Dt17R++XNLFRTutg
wIJNtfGLzOc4yefpIMYri83UOWjlOCimXt4bn17s8/UhYAVk8JGaRFESMjVJqAWM
5IrYfFo9CiKQb9T6eA2a2B6U4rbOArJF4dRZZuUf3JfPbvs=
-----END CERTIFICATE-----