Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/iZ5NdmCFL2KJkofQQF0JS-Yd9_o.roa
File:                     iZ5NdmCFL2KJkofQQF0JS-Yd9_o.roa (raw, json)
Hash identifier:          B8ZarSuY+q0UuVgF85bF6OWHBT26B3wpaZ1iEoRwKdI=
Subject key identifier:   89:9E:4D:76:60:85:2F:62:89:92:87:D0:40:5D:09:4B:E6:1D:F7:FA
Certificate issuer:       /CN=a3ab670e8146ef5274ae45eb30d29e970065ba2c
Certificate serial:       01986FF3B540C89188FADDF7A5700E68C76D
Authority key identifier: A3:AB:67:0E:81:46:EF:52:74:AE:45:EB:30:D2:9E:97:00:65:BA:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/iZ5NdmCFL2KJkofQQF0JS-Yd9_o.roa
Signing time:             Sun 03 Aug 2025 12:41:39 +0000
ROA not before:           Sun 03 Aug 2025 12:41:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210064
IP address blocks:        2a14:f680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:6f:f3:b5:40:c8:91:88:fa:dd:f7:a5:70:0e:68:c7:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3ab670e8146ef5274ae45eb30d29e970065ba2c
        Validity
            Not Before: Aug  3 12:41:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=899e4d7660852f62899287d0405d094be61df7fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:13:48:2a:67:cf:97:eb:dc:b2:13:62:22:7d:
                    93:c9:94:b8:b8:de:8c:fa:06:e6:82:cb:4b:6d:b1:
                    f7:4c:8e:6c:a9:04:42:4d:2d:27:c6:f2:dc:f8:e0:
                    18:b9:d0:f5:c2:23:d6:76:02:7b:86:9f:f4:e0:41:
                    c7:02:3f:0e:9e:9b:3c:bf:c5:ba:12:60:0d:a2:0b:
                    ed:d6:dd:95:e9:9d:52:f8:84:63:5c:42:52:99:40:
                    68:b0:68:7f:c6:31:f0:d8:4e:dc:c9:19:e2:23:6a:
                    fe:8b:f8:ca:2d:d7:a7:40:8c:97:a0:38:97:65:3f:
                    a7:fd:b3:b5:4d:92:0e:48:02:ef:cf:d3:a1:4c:84:
                    e5:fa:e5:38:c0:01:60:b2:f0:27:d9:db:2a:f0:3a:
                    48:25:34:53:20:3e:0a:3f:15:dc:4d:3a:a8:c8:de:
                    02:91:46:0d:89:9c:23:92:b4:09:51:67:ad:37:ce:
                    c5:2a:50:8a:26:e3:e9:9b:57:9b:f8:13:cb:74:d1:
                    e2:c9:aa:37:3d:c3:64:6d:ad:da:1a:4a:7a:57:55:
                    6a:f0:9d:b3:e5:f7:8b:f4:98:8e:51:39:ab:6a:ad:
                    f0:97:96:93:9f:2b:8b:6b:f7:13:8a:73:95:ca:f2:
                    4a:e0:b3:c7:84:be:87:20:1c:42:cf:51:68:ef:02:
                    91:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:9E:4D:76:60:85:2F:62:89:92:87:D0:40:5D:09:4B:E6:1D:F7:FA
            X509v3 Authority Key Identifier:
                keyid:A3:AB:67:0E:81:46:EF:52:74:AE:45:EB:30:D2:9E:97:00:65:BA:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o6tnDoFG71J0rkXrMNKelwBluiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/iZ5NdmCFL2KJkofQQF0JS-Yd9_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/c01576-a413-4712-9f32-60d5be1b7da9/1/o6tnDoFG71J0rkXrMNKelwBluiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:f680::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:3a:36:9e:d6:f1:c2:ed:c0:8c:ac:ec:07:f6:75:e7:1a:22:
         1a:f1:d0:af:74:7a:e2:35:73:24:9e:4f:24:9b:98:dc:46:db:
         7f:60:9e:d7:ce:29:69:84:0d:46:13:eb:81:7f:99:8a:94:d7:
         89:d8:bd:fd:79:a7:b4:08:e4:fc:dd:e1:24:a3:9c:8c:8e:3a:
         f8:36:7d:34:89:e9:0c:d1:cf:de:28:89:8a:3d:92:dd:a6:93:
         d9:05:3d:a4:50:d4:03:07:a7:a1:7d:6a:0b:59:78:a1:30:a4:
         76:8d:e7:d7:80:85:b7:7e:25:4d:9a:cc:ed:01:82:91:68:5f:
         c3:94:f1:8c:25:fc:2e:7b:d5:c2:fc:fa:11:6e:4d:cc:a5:32:
         96:39:16:b8:e7:b4:7c:ca:8b:60:10:b3:a3:30:0c:16:22:5f:
         98:63:7a:ca:57:4c:24:22:7f:b1:d1:e8:b5:ed:4e:d8:62:f5:
         32:05:b3:7a:c7:37:82:32:c8:1c:29:ac:35:70:e7:f8:a8:b2:
         ad:ad:6b:e6:db:55:9d:e6:3a:46:12:84:23:56:fa:0c:64:5e:
         0e:3b:a7:fd:a2:96:88:f4:87:f6:9d:4a:5c:7d:82:28:f1:34:
         12:60:81:b7:2b:5c:f5:f0:5b:0a:b2:7a:b8:30:ab:2b:4e:c4:
         e8:f5:dc:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZhv87VAyJGI+t33pXAOaMdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzYWI2NzBlODE0NmVmNTI3NGFlNDVlYjMwZDI5ZTk3MDA2
NWJhMmMwHhcNMjUwODAzMTI0MTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTllNGQ3NjYwODUyZjYyODk5Mjg3ZDA0MDVkMDk0YmU2MWRmN2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyRNIKmfPl+vcshNiIn2TyZS4uN6M
+gbmgstLbbH3TI5sqQRCTS0nxvLc+OAYudD1wiPWdgJ7hp/04EHHAj8Onps8v8W6
EmANogvt1t2V6Z1S+IRjXEJSmUBosGh/xjHw2E7cyRniI2r+i/jKLdenQIyXoDiX
ZT+n/bO1TZIOSALvz9OhTITl+uU4wAFgsvAn2dsq8DpIJTRTID4KPxXcTTqoyN4C
kUYNiZwjkrQJUWetN87FKlCKJuPpm1eb+BPLdNHiyao3PcNkba3aGkp6V1Vq8J2z
5feL9JiOUTmraq3wl5aTnyuLa/cTinOVyvJK4LPHhL6HIBxCz1Fo7wKRxQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFImeTXZghS9iiZKH0EBdCUvmHff6MB8GA1UdIwQY
MBaAFKOrZw6BRu9SdK5F6zDSnpcAZbosMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzZ0bkRvRkc3MUowcmtYck1OS2Vsd0JsdWl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9jMDE1NzYtYTQxMy00NzEyLTlmMzIt
NjBkNWJlMWI3ZGE5LzEvaVo1TmRtQ0ZMMktKa29mUVFGMEpTLVlkOV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9jMDE1NzYtYTQxMy00NzEyLTlmMzItNjBkNWJlMWI3ZGE5
LzEvbzZ0bkRvRkc3MUowcmtYck1OS2Vsd0JsdWl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhT2gDAN
BgkqhkiG9w0BAQsFAAOCAQEARjo2ntbxwu3AjKzsB/Z15xoiGvHQr3R64jVzJJ5P
JJuY3Ebbf2Ce184paYQNRhPrgX+ZipTXidi9/XmntAjk/N3hJKOcjI46+DZ9NInp
DNHP3iiJij2S3aaT2QU9pFDUAwenoX1qC1l4oTCkdo3n14CFt34lTZrM7QGCkWhf
w5TxjCX8LnvVwvz6EW5NzKUyljkWuOe0fMqLYBCzozAMFiJfmGN6yldMJCJ/sdHo
te1O2GL1MgWzesc3gjLIHCmsNXDn+Kiyra1r5ttVneY6RhKEI1b6DGReDjun/aKW
iPSH9p1KXH2CKPE0EmCBtytc9fBbCrJ6uDCrK07E6PXckA==
-----END CERTIFICATE-----