Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/LtRuJcDQFgXrBJSxyY1nA0HvnuU.roa
File:                     LtRuJcDQFgXrBJSxyY1nA0HvnuU.roa (raw, json)
Hash identifier:          Fm9L8uM5OQuU38BmCU77e5/o3WHCT2yCoE5kiEsmZuU=
Subject key identifier:   2E:D4:6E:25:C0:D0:16:05:EB:04:94:B1:C9:8D:67:03:41:EF:9E:E5
Certificate issuer:       /CN=256065b6166aef96fcff3a2ea56fdffd390f3166
Certificate serial:       0197CC9761AB277D191BCA0C55622D945E04
Authority key identifier: 25:60:65:B6:16:6A:EF:96:FC:FF:3A:2E:A5:6F:DF:FD:39:0F:31:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/LtRuJcDQFgXrBJSxyY1nA0HvnuU.roa
Signing time:             Wed 02 Jul 2025 19:22:42 +0000
ROA not before:           Wed 02 Jul 2025 19:22:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214402
IP address blocks:        2a14:f704:1000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Jul 2025 22:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:cc:97:61:ab:27:7d:19:1b:ca:0c:55:62:2d:94:5e:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=256065b6166aef96fcff3a2ea56fdffd390f3166
        Validity
            Not Before: Jul  2 19:22:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2ed46e25c0d01605eb0494b1c98d670341ef9ee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:09:b7:60:b5:21:22:b5:ce:3e:97:af:65:46:
                    7c:94:c9:c0:a0:c2:35:43:a9:86:ba:7d:3c:e3:7f:
                    c8:dd:53:0e:fe:fc:44:3a:83:f7:92:91:cd:c8:a5:
                    8d:04:83:1d:ac:9b:4f:3a:b3:88:78:ab:e0:b4:a4:
                    39:32:9b:77:b4:ac:a4:6d:c9:f6:3c:35:63:86:aa:
                    b9:11:ac:f4:47:2b:0b:2b:a2:f5:07:48:0c:84:5d:
                    f7:0c:b6:2e:37:e3:a3:7f:43:de:5f:a2:e9:2b:8b:
                    9d:52:b1:6c:bb:9a:03:32:b2:6c:aa:5b:c6:2e:b8:
                    81:06:a1:41:92:20:37:09:60:91:51:cf:80:56:48:
                    62:59:7c:9b:23:12:57:f0:5d:df:cc:06:26:4e:27:
                    fd:15:67:57:96:cb:a0:52:3e:fd:0b:5e:dc:13:7e:
                    f9:66:16:22:12:48:32:41:13:8d:4a:e8:69:b5:13:
                    81:da:44:e1:9e:ca:ea:cc:6c:f1:e3:66:d8:77:77:
                    c0:97:e0:1c:18:df:07:17:fc:1c:d9:95:e9:f4:87:
                    53:7b:74:7c:ab:0a:83:80:9c:22:28:4b:ea:72:4c:
                    b3:54:6b:da:ae:b0:6d:ec:fd:31:f7:9b:d2:33:02:
                    a9:07:57:a6:b9:ad:df:45:65:6e:81:68:8f:b7:64:
                    61:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D4:6E:25:C0:D0:16:05:EB:04:94:B1:C9:8D:67:03:41:EF:9E:E5
            X509v3 Authority Key Identifier:
                keyid:25:60:65:B6:16:6A:EF:96:FC:FF:3A:2E:A5:6F:DF:FD:39:0F:31:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/LtRuJcDQFgXrBJSxyY1nA0HvnuU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:f704:1000::/40

    Signature Algorithm: sha256WithRSAEncryption
         a3:49:21:cc:79:0c:d7:24:e7:9f:ba:a2:f8:2d:52:05:e8:7f:
         b4:c6:7d:ce:8e:3e:8e:b4:cb:b1:ac:c0:89:31:f6:e3:e6:f5:
         69:29:5e:56:81:41:29:70:d5:d9:5b:52:c0:8c:15:a1:e0:12:
         70:18:77:ae:8d:7e:51:5a:c0:44:c6:32:63:d6:ec:44:fb:ba:
         81:ea:2d:db:b5:7b:bc:2e:bf:67:b1:7f:9b:c9:81:d0:fd:2c:
         44:0d:4e:64:a6:92:79:14:f7:1b:be:80:87:61:4c:96:d7:10:
         7d:db:8a:52:de:b2:0a:f0:82:32:0f:32:c1:5b:e8:fd:1b:37:
         08:b1:e1:97:64:1a:e1:00:7a:56:51:75:c6:e1:7d:6d:9d:17:
         64:5c:cf:17:2d:a7:65:f0:5c:b2:7d:83:90:f2:bd:4e:78:ea:
         6e:9a:17:05:9d:36:1c:b7:db:5d:53:1a:ab:5b:76:b9:2c:79:
         17:16:98:7e:96:50:2e:c5:bb:40:5b:43:b1:26:42:47:01:9b:
         d1:10:00:1e:cd:a3:83:ac:95:03:68:53:ef:eb:be:be:3d:68:
         8a:2d:0b:48:65:29:d2:a0:b8:07:62:53:e4:1e:c1:5a:40:05:
         45:c1:3e:b5:95:2c:49:6b:84:5f:80:6e:67:b5:64:45:0e:a9:
         2a:13:d1:6a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZfMl2GrJ30ZG8oMVWItlF4EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NjA2NWI2MTY2YWVmOTZmY2ZmM2EyZWE1NmZkZmZkMzkw
ZjMxNjYwHhcNMjUwNzAyMTkyMjQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ0NmUyNWMwZDAxNjA1ZWIwNDk0YjFjOThkNjcwMzQxZWY5ZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAm3YLUhIrXOPpevZUZ8lMnAoMI1
Q6mGun0843/I3VMO/vxEOoP3kpHNyKWNBIMdrJtPOrOIeKvgtKQ5Mpt3tKykbcn2
PDVjhqq5Eaz0RysLK6L1B0gMhF33DLYuN+Ojf0PeX6LpK4udUrFsu5oDMrJsqlvG
LriBBqFBkiA3CWCRUc+AVkhiWXybIxJX8F3fzAYmTif9FWdXlsugUj79C17cE375
ZhYiEkgyQRONSuhptROB2kThnsrqzGzx42bYd3fAl+AcGN8HF/wc2ZXp9IdTe3R8
qwqDgJwiKEvqckyzVGvarrBt7P0x95vSMwKpB1emua3fRWVugWiPt2RhdQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFC7UbiXA0BYF6wSUscmNZwNB757lMB8GA1UdIwQY
MBaAFCVgZbYWau+W/P86LqVv3/05DzFmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSldCbHRoWnE3NWI4X3pvdXBXX2ZfVGtQTVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84Y2RjNDgtMjgyMi00NTk5LWJiNjkt
OGM0NTZhZjZiNmJiLzEvTHRSdUpjRFFGZ1hyQkpTeHlZMW5BMEh2bnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84Y2RjNDgtMjgyMi00NTk5LWJiNjktOGM0NTZhZjZiNmJi
LzEvSldCbHRoWnE3NWI4X3pvdXBXX2ZfVGtQTVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhT3BBAw
DQYJKoZIhvcNAQELBQADggEBAKNJIcx5DNck55+6ovgtUgXof7TGfc6OPo60y7Gs
wIkx9uPm9WkpXlaBQSlw1dlbUsCMFaHgEnAYd66NflFawETGMmPW7ET7uoHqLdu1
e7wuv2exf5vJgdD9LEQNTmSmknkU9xu+gIdhTJbXEH3bilLesgrwgjIPMsFb6P0b
Nwix4ZdkGuEAelZRdcbhfW2dF2Rczxctp2XwXLJ9g5DyvU546m6aFwWdNhy3211T
GqtbdrkseRcWmH6WUC7Fu0BbQ7EmQkcBm9EQAB7No4OslQNoU+/rvr49aIotC0hl
KdKguAdiU+QewVpABUXBPrWVLElrhF+Abme1ZEUOqSoT0Wo=
-----END CERTIFICATE-----