Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/apiYt9ohXJuOfEyGrXHa7HB76MM.roa
File:                     apiYt9ohXJuOfEyGrXHa7HB76MM.roa (raw, json)
Hash identifier:          AEcAgCyBbIryV+blkcPYvEvGtcs/WXK2xP1cYHmzk9M=
Subject key identifier:   6A:98:98:B7:DA:21:5C:9B:8E:7C:4C:86:AD:71:DA:EC:70:7B:E8:C3
Certificate issuer:       /CN=4367547d851e3cd776cd33290b2454acc0e851bb
Certificate serial:       019A0B2B11359631883AE4425E3AD8E18335
Authority key identifier: 43:67:54:7D:85:1E:3C:D7:76:CD:33:29:0B:24:54:AC:C0:E8:51:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/apiYt9ohXJuOfEyGrXHa7HB76MM.roa
Signing time:             Wed 22 Oct 2025 09:06:03 +0000
ROA not before:           Wed 22 Oct 2025 09:06:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214844
IP address blocks:        2a14:56c0::/32 maxlen: 48
                          2a14:56c0:ffff::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0b:2b:11:35:96:31:88:3a:e4:42:5e:3a:d8:e1:83:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4367547d851e3cd776cd33290b2454acc0e851bb
        Validity
            Not Before: Oct 22 09:06:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a9898b7da215c9b8e7c4c86ad71daec707be8c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:fe:66:74:9e:c8:8c:55:53:ed:c2:a8:5d:25:
                    c5:41:9f:fd:53:bc:bd:42:87:f7:54:4f:3f:67:85:
                    29:c7:77:d2:5b:75:22:44:b2:97:08:4b:20:d6:73:
                    a2:43:5c:ac:55:39:2b:d3:bb:e5:3a:21:a2:dc:e8:
                    f7:ed:3a:ba:15:ed:2c:bf:88:dd:7e:1c:16:0a:77:
                    11:5e:7a:dc:89:3a:95:0a:1f:3b:fa:f1:52:3e:95:
                    e5:dc:90:4b:ae:54:75:cc:cb:d0:16:8c:aa:da:41:
                    eb:01:b5:a8:68:b8:0d:72:12:58:58:41:77:d5:c7:
                    21:b7:2c:e0:83:43:dd:3e:98:f9:c0:e5:e5:50:b1:
                    d6:35:a8:5e:60:50:c0:91:94:bc:0e:9c:d2:63:cc:
                    56:a0:04:40:d0:98:38:f2:c2:9d:c5:5d:4c:63:6a:
                    0c:ac:c1:32:fa:68:ab:41:bc:a0:e7:43:ea:92:02:
                    2b:4c:d6:d9:01:27:e5:fd:a2:83:e1:c7:1d:b8:51:
                    91:8c:7c:c4:36:e9:5a:2c:48:c1:32:88:ad:ae:5d:
                    b0:30:92:d7:f2:c3:4c:44:a3:11:c4:9f:a4:f9:a7:
                    3b:2b:e5:c0:e4:64:31:5e:86:8b:d6:c9:5e:e0:9f:
                    ea:7c:58:8c:6b:26:22:ce:62:b5:cd:07:ee:af:9b:
                    5c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:98:98:B7:DA:21:5C:9B:8E:7C:4C:86:AD:71:DA:EC:70:7B:E8:C3
            X509v3 Authority Key Identifier:
                keyid:43:67:54:7D:85:1E:3C:D7:76:CD:33:29:0B:24:54:AC:C0:E8:51:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q2dUfYUePNd2zTMpCyRUrMDoUbs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/apiYt9ohXJuOfEyGrXHa7HB76MM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/874c85-9e7d-4ace-958f-dab7f0c8d240/1/Q2dUfYUePNd2zTMpCyRUrMDoUbs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:56c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         9b:e3:d0:a2:f5:aa:c0:ff:ba:24:38:c9:24:1a:ab:94:53:3c:
         81:f5:f5:5f:5c:37:a9:06:42:aa:7c:fc:16:7f:68:06:75:1e:
         f7:f5:fa:0c:1e:e5:3b:c7:af:4e:10:71:29:de:3d:49:80:38:
         f0:5f:c9:f2:92:cc:fc:9f:a0:28:44:cb:97:99:bc:ca:6d:32:
         73:a3:70:6d:36:0c:3f:0a:96:7f:e6:bb:31:84:b1:b8:c5:88:
         75:d7:14:f2:cd:c3:92:92:30:dc:1b:2b:42:3a:ad:46:d7:d1:
         d6:6b:f5:8b:27:fb:c1:9e:b5:80:06:da:24:90:58:94:6d:fe:
         72:d1:a3:c6:26:e0:12:5a:7a:d1:39:71:25:56:0e:f6:32:55:
         af:58:0b:1d:61:e7:10:09:56:9d:0b:5b:f8:98:e1:58:fb:fc:
         0c:0a:65:74:43:69:88:3b:3d:89:70:1b:fb:23:08:18:78:65:
         6a:d2:e4:61:a8:70:44:29:84:a3:bb:b5:8d:64:8d:8d:3e:e3:
         e2:a1:a7:4b:77:f4:ae:4b:5d:95:83:1d:cc:99:aa:5b:52:d0:
         5c:85:f0:af:c5:7f:ff:cd:9b:b2:ce:c8:8e:33:ad:2a:9b:18:
         e9:dc:de:c7:80:2b:71:45:9c:47:6c:67:e9:79:0f:95:7e:8d:
         d1:8d:87:f1
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoLKxE1ljGIOuRCXjrY4YM1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzNjc1NDdkODUxZTNjZDc3NmNkMzMyOTBiMjQ1NGFjYzBl
ODUxYmIwHhcNMjUxMDIyMDkwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk4OThiN2RhMjE1YzliOGU3YzRjODZhZDcxZGFlYzcwN2JlOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArP5mdJ7IjFVT7cKoXSXFQZ/9U7y9
Qof3VE8/Z4Upx3fSW3UiRLKXCEsg1nOiQ1ysVTkr07vlOiGi3Oj37Tq6Fe0sv4jd
fhwWCncRXnrciTqVCh87+vFSPpXl3JBLrlR1zMvQFoyq2kHrAbWoaLgNchJYWEF3
1cchtyzgg0PdPpj5wOXlULHWNaheYFDAkZS8DpzSY8xWoARA0Jg48sKdxV1MY2oM
rMEy+mirQbyg50PqkgIrTNbZASfl/aKD4ccduFGRjHzENulaLEjBMoitrl2wMJLX
8sNMRKMRxJ+k+ac7K+XA5GQxXoaL1sle4J/qfFiMayYizmK1zQfur5tceQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGqYmLfaIVybjnxMhq1x2uxwe+jDMB8GA1UdIwQY
MBaAFENnVH2FHjzXds0zKQskVKzA6FG7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTJkVWZZVWVQTmQyelRNcEN5UlVyTURvVWJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84NzRjODUtOWU3ZC00YWNlLTk1OGYt
ZGFiN2YwYzhkMjQwLzEvYXBpWXQ5b2hYSnVPZkV5R3JYSGE3SEI3Nk1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84NzRjODUtOWU3ZC00YWNlLTk1OGYtZGFiN2YwYzhkMjQw
LzEvUTJkVWZZVWVQTmQyelRNcEN5UlVyTURvVWJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRWwDAN
BgkqhkiG9w0BAQsFAAOCAQEAm+PQovWqwP+6JDjJJBqrlFM8gfX1X1w3qQZCqnz8
Fn9oBnUe9/X6DB7lO8evThBxKd49SYA48F/J8pLM/J+gKETLl5m8ym0yc6NwbTYM
PwqWf+a7MYSxuMWIddcU8s3DkpIw3BsrQjqtRtfR1mv1iyf7wZ61gAbaJJBYlG3+
ctGjxibgElp60TlxJVYO9jJVr1gLHWHnEAlWnQtb+JjhWPv8DApldENpiDs9iXAb
+yMIGHhlatLkYahwRCmEo7u1jWSNjT7j4qGnS3f0rktdlYMdzJmqW1LQXIXwr8V/
/82bss7IjjOtKpsY6dzex4ArcUWcR2xn6XkPlX6N0Y2H8Q==
-----END CERTIFICATE-----