Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/nQ2QOCXNiBhA_oIbltotIC2riD4.roa
File:                     nQ2QOCXNiBhA_oIbltotIC2riD4.roa (raw, json)
Hash identifier:          1MmZzBOdKL/dvmTjwcqKsATX+RAPJW/TTlWipI0mLW4=
Subject key identifier:   9D:0D:90:38:25:CD:88:18:40:FE:82:1B:96:DA:2D:20:2D:AB:88:3E
Certificate issuer:       /CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
Certificate serial:       019A2A35D7C642F3A6F5F891BA8BB8320992
Authority key identifier: 3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/nQ2QOCXNiBhA_oIbltotIC2riD4.roa
Signing time:             Tue 28 Oct 2025 09:46:02 +0000
ROA not before:           Tue 28 Oct 2025 09:46:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a14:4b41:1300::/48 maxlen: 48
                          2a14:4b41:1301::/48 maxlen: 48
                          2a14:4b41:1302::/48 maxlen: 48
                          2a14:4b41:1303::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:2a:35:d7:c6:42:f3:a6:f5:f8:91:ba:8b:b8:32:09:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3a3ea33aea8b38427f2bcef5ed4c21423a2a9d64
        Validity
            Not Before: Oct 28 09:46:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d0d903825cd881840fe821b96da2d202dab883e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a5:71:d6:f9:40:71:cf:cc:db:18:81:a0:31:
                    66:8a:fc:e5:20:5e:39:56:7f:65:11:a1:d8:39:c6:
                    de:47:96:3e:80:4c:f2:b3:7e:1f:7a:62:a0:46:19:
                    d8:c9:75:ad:f8:65:47:be:cc:d8:65:88:96:61:b6:
                    0e:26:98:04:78:a4:8b:64:0d:a1:b9:27:34:cc:a3:
                    34:64:2c:38:98:c8:93:f7:ef:b5:4e:5e:32:85:64:
                    4a:c8:1d:f3:dc:ee:0b:4c:8c:b5:eb:50:d5:d2:09:
                    c5:35:18:26:12:e8:22:b8:03:e3:2d:9d:10:86:6f:
                    bb:a0:15:70:0e:ea:93:ae:9d:05:8a:19:bf:74:3d:
                    cb:80:8e:6f:e4:7f:fb:9f:12:b5:4c:55:c0:04:1c:
                    9a:85:23:71:de:23:61:02:21:3a:70:85:ab:e6:d8:
                    39:e0:59:14:ec:f1:7e:d8:ad:27:74:2d:ca:85:bf:
                    90:3d:a4:3c:47:ed:fd:be:bb:36:de:ec:0c:38:7c:
                    a4:09:31:46:51:74:a1:44:2a:76:d0:02:be:c3:32:
                    c7:1c:79:86:8a:00:20:05:d0:5f:e8:a8:17:04:79:
                    1b:ae:c5:7a:66:26:2c:42:4d:a3:4c:ff:00:68:56:
                    be:ea:26:80:15:48:84:7b:8b:6d:2e:ca:59:03:7c:
                    eb:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:0D:90:38:25:CD:88:18:40:FE:82:1B:96:DA:2D:20:2D:AB:88:3E
            X509v3 Authority Key Identifier:
                keyid:3A:3E:A3:3A:EA:8B:38:42:7F:2B:CE:F5:ED:4C:21:42:3A:2A:9D:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/nQ2QOCXNiBhA_oIbltotIC2riD4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/067b07-5eb6-43f1-86ff-1d67c324501f/1/Oj6jOuqLOEJ_K8717UwhQjoqnWQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4b41:1300::/46

    Signature Algorithm: sha256WithRSAEncryption
         09:c6:87:90:48:78:9a:2c:34:2b:a8:64:16:f6:07:81:d5:56:
         3e:c0:52:29:3a:83:2f:e6:bc:13:ac:e5:43:0e:55:ab:5e:32:
         f0:fd:0b:99:8d:ac:7e:f8:c3:a5:10:60:f8:b9:b3:5b:e2:f6:
         ea:8a:e7:95:f7:9f:53:10:fa:a3:64:dd:a9:ec:04:b3:14:1a:
         d6:e4:cb:aa:74:26:6b:c1:b7:d7:97:3d:a2:93:cd:c0:db:34:
         0d:48:82:0b:23:c3:a2:0e:8b:ac:66:0b:7f:c1:c6:03:dd:0b:
         33:16:33:dd:1c:23:73:df:f6:46:27:26:2d:66:04:3a:7e:f6:
         ae:4e:9b:13:b8:b9:01:73:d3:84:f9:13:0c:63:2d:15:84:70:
         42:e7:57:1b:73:6a:e2:ce:cc:b7:66:44:a0:95:bb:81:d5:d4:
         1c:29:d7:a0:64:58:d9:4b:08:58:1a:a1:d8:2e:6e:e0:d4:15:
         66:6e:5d:4d:d7:72:75:c6:3f:ff:17:7e:c7:6d:a0:82:c0:81:
         36:c1:e0:5b:6c:1a:77:0a:ea:01:70:f7:f1:8f:29:f6:54:87:
         9d:e6:b4:65:9a:61:7c:12:6c:83:b6:43:8f:44:9c:db:7f:10:
         b5:86:2a:14:07:42:53:1d:72:91:6b:04:1c:a3:98:db:f7:73:
         66:c7:5a:e8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZoqNdfGQvOm9fiRuou4MgmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhM2VhMzNhZWE4YjM4NDI3ZjJiY2VmNWVkNGMyMTQyM2Ey
YTlkNjQwHhcNMjUxMDI4MDk0NjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDBkOTAzODI1Y2Q4ODE4NDBmZTgyMWI5NmRhMmQyMDJkYWI4ODNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaVx1vlAcc/M2xiBoDFmivzlIF45
Vn9lEaHYOcbeR5Y+gEzys34femKgRhnYyXWt+GVHvszYZYiWYbYOJpgEeKSLZA2h
uSc0zKM0ZCw4mMiT9++1Tl4yhWRKyB3z3O4LTIy161DV0gnFNRgmEugiuAPjLZ0Q
hm+7oBVwDuqTrp0Fihm/dD3LgI5v5H/7nxK1TFXABByahSNx3iNhAiE6cIWr5tg5
4FkU7PF+2K0ndC3Khb+QPaQ8R+39vrs23uwMOHykCTFGUXShRCp20AK+wzLHHHmG
igAgBdBf6KgXBHkbrsV6ZiYsQk2jTP8AaFa+6iaAFUiEe4ttLspZA3zrNQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ0NkDglzYgYQP6CG5baLSAtq4g+MB8GA1UdIwQY
MBaAFDo+ozrqizhCfyvO9e1MIUI6Kp1kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYt
MWQ2N2MzMjQ1MDFmLzEvblEyUU9DWE5pQmhBX29JYmx0b3RJQzJyaUQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wNjdiMDctNWViNi00M2YxLTg2ZmYtMWQ2N2MzMjQ1MDFm
LzEvT2o2ak91cUxPRUpfSzg3MTdVd2hRam9xbldRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhRLQRMA
MA0GCSqGSIb3DQEBCwUAA4IBAQAJxoeQSHiaLDQrqGQW9geB1VY+wFIpOoMv5rwT
rOVDDlWrXjLw/QuZjax++MOlEGD4ubNb4vbqiueV959TEPqjZN2p7ASzFBrW5Muq
dCZrwbfXlz2ik83A2zQNSIILI8OiDousZgt/wcYD3QszFjPdHCNz3/ZGJyYtZgQ6
fvauTpsTuLkBc9OE+RMMYy0VhHBC51cbc2rizsy3ZkSglbuB1dQcKdegZFjZSwhY
GqHYLm7g1BVmbl1N13J1xj//F37HbaCCwIE2weBbbBp3CuoBcPfxjyn2VIed5rRl
mmF8EmyDtkOPRJzbfxC1hioUB0JTHXKRawQco5jb93Nmx1ro
-----END CERTIFICATE-----