Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/7Neyj-EgqtHn8yPIzyvgflhPyEk.roa
File:                     7Neyj-EgqtHn8yPIzyvgflhPyEk.roa (raw, json)
Hash identifier:          RiX60C1lYHQe9i54rwed/ld2R6Zxx+sj83TfysW1UZM=
Subject key identifier:   EC:D7:B2:8F:E1:20:AA:D1:E7:F3:23:C8:CF:2B:E0:7E:58:4F:C8:49
Certificate issuer:       /CN=256065b6166aef96fcff3a2ea56fdffd390f3166
Certificate serial:       01979D7A8B8B29F6F6B483567C9D8E499E50
Authority key identifier: 25:60:65:B6:16:6A:EF:96:FC:FF:3A:2E:A5:6F:DF:FD:39:0F:31:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/7Neyj-EgqtHn8yPIzyvgflhPyEk.roa
Signing time:             Mon 23 Jun 2025 15:49:03 +0000
ROA not before:           Mon 23 Jun 2025 15:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215638
IP address blocks:        2a14:f700::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 20:26:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:9d:7a:8b:8b:29:f6:f6:b4:83:56:7c:9d:8e:49:9e:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=256065b6166aef96fcff3a2ea56fdffd390f3166
        Validity
            Not Before: Jun 23 15:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecd7b28fe120aad1e7f323c8cf2be07e584fc849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6f:c0:44:2d:e9:e6:c5:1f:0d:43:63:5f:cf:
                    0e:aa:69:9f:46:19:38:f2:d8:ba:fe:a0:5e:21:11:
                    56:2c:af:f8:14:d4:28:9d:c4:32:aa:98:12:3d:1e:
                    e4:3f:8f:d7:c7:bc:ab:23:56:f0:63:ea:bc:48:d4:
                    dd:8c:f9:7f:d3:9b:b5:be:7f:ef:b8:bb:d1:40:7c:
                    bf:07:f2:01:fc:a6:ef:d4:25:bf:83:11:af:ff:1f:
                    a5:ba:fa:9e:b1:4f:f9:e7:bc:1a:f7:48:ba:92:42:
                    98:91:19:0e:ad:6f:c6:c0:66:81:a2:61:b8:3c:a9:
                    29:bc:82:c8:16:c3:4d:0e:0c:31:57:ec:50:54:62:
                    83:bb:89:b8:37:72:51:69:a5:4a:10:2d:f6:73:ff:
                    0a:c8:73:f1:b0:63:86:21:88:5e:9e:04:83:f0:d8:
                    8f:b7:77:3e:23:bd:1f:20:93:8c:9f:85:af:a0:09:
                    cf:48:62:76:f1:ad:83:5b:86:3d:84:45:43:30:d1:
                    29:08:5c:3c:eb:fc:7d:de:31:4b:5c:d4:9d:28:1b:
                    f0:4b:a6:b7:21:90:38:6f:40:70:c5:34:31:0d:74:
                    7e:e5:74:84:90:f4:99:70:c6:e1:5a:80:31:4a:15:
                    a5:b8:06:e7:99:44:3a:3d:eb:9b:28:4e:da:ef:b5:
                    f3:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D7:B2:8F:E1:20:AA:D1:E7:F3:23:C8:CF:2B:E0:7E:58:4F:C8:49
            X509v3 Authority Key Identifier:
                keyid:25:60:65:B6:16:6A:EF:96:FC:FF:3A:2E:A5:6F:DF:FD:39:0F:31:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/7Neyj-EgqtHn8yPIzyvgflhPyEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:f700::/30

    Signature Algorithm: sha256WithRSAEncryption
         9f:76:56:43:e5:12:65:0f:e5:f0:9e:f7:fa:48:a6:f7:37:5c:
         c2:a6:cb:b5:7a:76:67:19:71:2c:2b:3a:76:8d:3e:41:8a:bd:
         b6:f6:4c:c4:f2:9e:87:32:79:9f:f8:c0:7a:b1:fc:38:b3:06:
         50:52:27:5f:89:f8:96:30:18:12:7a:05:cf:37:a5:97:25:8b:
         a5:60:5c:35:e2:2c:67:6c:43:3e:78:a3:0e:ca:5f:f0:82:53:
         80:57:e2:b8:94:a5:8f:d2:85:8d:26:53:3b:c8:5c:17:39:9e:
         e7:93:2f:92:13:81:f8:9b:ce:0d:6d:7c:d3:91:28:ea:56:03:
         8f:a5:47:c4:5a:33:f5:cc:71:0b:a4:aa:30:16:b3:ac:5f:8e:
         bd:db:db:db:7f:e9:89:f9:ef:f1:20:b9:38:64:f3:13:12:a0:
         41:9f:e8:56:3f:41:6a:15:5b:71:18:6d:aa:e5:2a:dc:aa:81:
         7a:d6:b8:37:ee:de:80:96:03:bb:45:8c:45:48:9d:b2:90:2b:
         c9:52:a5:62:a2:13:23:bf:ec:86:4c:6a:bd:33:f7:45:44:1d:
         6f:da:92:d5:b8:fe:b5:0e:16:9c:dc:80:06:13:12:b0:e7:f2:
         c7:86:3a:90:47:af:9a:4c:26:7b:41:53:88:32:50:19:2a:d7:
         39:de:dd:86
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZedeouLKfb2tINWfJ2OSZ5QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NjA2NWI2MTY2YWVmOTZmY2ZmM2EyZWE1NmZkZmZkMzkw
ZjMxNjYwHhcNMjUwNjIzMTU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Q3YjI4ZmUxMjBhYWQxZTdmMzIzYzhjZjJiZTA3ZTU4NGZjODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvm/ARC3p5sUfDUNjX88OqmmfRhk4
8ti6/qBeIRFWLK/4FNQoncQyqpgSPR7kP4/Xx7yrI1bwY+q8SNTdjPl/05u1vn/v
uLvRQHy/B/IB/Kbv1CW/gxGv/x+luvqesU/557wa90i6kkKYkRkOrW/GwGaBomG4
PKkpvILIFsNNDgwxV+xQVGKDu4m4N3JRaaVKEC32c/8KyHPxsGOGIYhengSD8NiP
t3c+I70fIJOMn4WvoAnPSGJ28a2DW4Y9hEVDMNEpCFw86/x93jFLXNSdKBvwS6a3
IZA4b0BwxTQxDXR+5XSEkPSZcMbhWoAxShWluAbnmUQ6PeubKE7a77Xz6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOzXso/hIKrR5/MjyM8r4H5YT8hJMB8GA1UdIwQY
MBaAFCVgZbYWau+W/P86LqVv3/05DzFmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSldCbHRoWnE3NWI4X3pvdXBXX2ZfVGtQTVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84Y2RjNDgtMjgyMi00NTk5LWJiNjkt
OGM0NTZhZjZiNmJiLzEvN05leWotRWdxdEhuOHlQSXp5dmdmbGhQeUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84Y2RjNDgtMjgyMi00NTk5LWJiNjktOGM0NTZhZjZiNmJi
LzEvSldCbHRoWnE3NWI4X3pvdXBXX2ZfVGtQTVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUCKhT3ADAN
BgkqhkiG9w0BAQsFAAOCAQEAn3ZWQ+USZQ/l8J73+kim9zdcwqbLtXp2ZxlxLCs6
do0+QYq9tvZMxPKehzJ5n/jAerH8OLMGUFInX4n4ljAYEnoFzzellyWLpWBcNeIs
Z2xDPnijDspf8IJTgFfiuJSlj9KFjSZTO8hcFzme55MvkhOB+JvODW1805Eo6lYD
j6VHxFoz9cxxC6SqMBazrF+Ovdvb23/pifnv8SC5OGTzExKgQZ/oVj9BahVbcRht
quUq3KqBeta4N+7egJYDu0WMRUidspAryVKlYqITI7/shkxqvTP3RUQdb9qS1bj+
tQ4WnNyABhMSsOfyx4Y6kEevmkwme0FTiDJQGSrXOd7dhg==
-----END CERTIFICATE-----