Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/H6KJXCzsVKBCex8bdjdpcPzKj4k.roa
File:                     H6KJXCzsVKBCex8bdjdpcPzKj4k.roa (raw, json)
Hash identifier:          ayVcJHTWFx5ebEEYZQnqngJlO1dTOXNsn34hSHck390=
Subject key identifier:   1F:A2:89:5C:2C:EC:54:A0:42:7B:1F:1B:76:37:69:70:FC:CA:8F:89
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       01980D7DDB30A912E342B33225E2149C2F0A
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/H6KJXCzsVKBCex8bdjdpcPzKj4k.roa
Signing time:             Tue 15 Jul 2025 09:50:08 +0000
ROA not before:           Tue 15 Jul 2025 09:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206586
IP address blocks:        2a14:ae00:10::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 08:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:7d:db:30:a9:12:e3:42:b3:32:25:e2:14:9c:2f:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: Jul 15 09:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1fa2895c2cec54a0427b1f1b76376970fcca8f89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:16:a8:00:d8:14:ac:55:82:92:1b:44:1b:c3:
                    ed:65:35:dd:65:e8:09:67:de:c4:7a:81:cf:56:b8:
                    9c:ea:18:d9:15:98:7d:67:cd:cd:30:b7:04:68:a7:
                    eb:6c:c1:f5:1f:5d:29:62:3f:2a:9f:46:3d:ae:03:
                    72:98:76:6b:f3:3c:1a:e5:15:21:25:22:27:25:40:
                    90:d0:fe:6e:1f:33:46:32:24:0d:ff:ac:26:dd:17:
                    b8:93:6b:b8:f7:a8:5a:e2:60:a4:86:37:89:d0:fc:
                    2c:3a:e0:e2:25:f3:f5:ee:09:a0:90:77:3e:bc:e0:
                    62:19:2b:a1:43:7e:7f:aa:08:07:ec:71:36:54:70:
                    c0:85:32:cf:20:f0:32:f5:08:b4:61:cb:93:60:c1:
                    24:0c:5f:af:f1:98:04:fb:b9:d8:df:39:5d:e7:9f:
                    c2:a7:d1:f7:be:e7:b1:e8:be:6d:1b:cc:d4:f0:47:
                    cc:a5:cd:12:9c:37:c8:f9:21:c0:ad:be:75:1b:4a:
                    1d:f9:cd:40:cc:43:9c:6b:c4:57:de:ec:3e:87:f4:
                    49:a5:a8:54:93:12:d2:af:93:c4:89:2b:c4:4b:90:
                    d5:45:bf:79:b4:b1:90:21:0c:b2:ee:d5:d8:c7:56:
                    84:68:16:2d:df:96:49:b4:62:b8:f4:0c:7d:cc:ab:
                    b1:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A2:89:5C:2C:EC:54:A0:42:7B:1F:1B:76:37:69:70:FC:CA:8F:89
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/H6KJXCzsVKBCex8bdjdpcPzKj4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         35:6d:2f:21:71:f6:7b:0a:c4:87:34:46:68:c8:30:9c:6e:d3:
         9a:f2:20:1f:35:eb:13:bc:56:bb:cd:82:48:fc:7e:70:03:96:
         7b:44:72:c2:3c:74:f1:84:db:51:7b:86:12:02:0b:85:4a:a6:
         73:69:8a:4d:1e:83:2c:bc:53:47:6c:7e:31:8f:9b:17:10:16:
         04:8a:b1:0b:d4:6c:9f:79:59:a6:24:43:fa:74:48:92:e3:a9:
         02:72:f1:50:ec:0e:3a:40:66:40:81:62:21:dd:59:2b:c3:17:
         28:7f:51:da:f7:c6:7a:0c:ce:e2:c8:a8:b4:6b:1b:0a:4d:d7:
         5c:31:5b:0c:c0:e8:0b:b4:b7:5d:a7:c7:90:e9:67:be:b2:b6:
         8c:a2:2e:0c:d1:c7:6d:60:f1:f0:bc:ad:4f:fb:a7:b3:6c:3f:
         03:b6:00:29:01:df:c4:bd:d6:96:83:db:35:f1:1d:f5:c0:5b:
         ce:88:cd:2e:1b:d2:d3:8c:72:fb:aa:27:ef:e3:c6:8c:1b:5d:
         da:b5:31:4b:39:e2:4c:e3:c2:07:04:13:1e:5b:0a:58:cf:d8:
         3a:50:ef:45:dd:fd:c6:82:a6:79:26:ca:97:1c:da:c4:73:3b:
         45:5e:7b:00:91:be:14:df:64:2a:52:00:89:fb:2f:9b:1d:da:
         9e:5b:2d:c3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZgNfdswqRLjQrMyJeIUnC8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjUwNzE1MDk1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmEyODk1YzJjZWM1NGEwNDI3YjFmMWI3NjM3Njk3MGZjY2E4Zjg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAshaoANgUrFWCkhtEG8PtZTXdZegJ
Z97EeoHPVric6hjZFZh9Z83NMLcEaKfrbMH1H10pYj8qn0Y9rgNymHZr8zwa5RUh
JSInJUCQ0P5uHzNGMiQN/6wm3Re4k2u496ha4mCkhjeJ0PwsOuDiJfP17gmgkHc+
vOBiGSuhQ35/qggH7HE2VHDAhTLPIPAy9Qi0YcuTYMEkDF+v8ZgE+7nY3zld55/C
p9H3vuex6L5tG8zU8EfMpc0SnDfI+SHArb51G0od+c1AzEOca8RX3uw+h/RJpahU
kxLSr5PEiSvES5DVRb95tLGQIQyy7tXYx1aEaBYt35ZJtGK49Ax9zKuxFQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFB+iiVws7FSgQnsfG3Y3aXD8yo+JMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvSDZLSlhDenNWS0JDZXg4YmRqZHBjUHpLajRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhSuAAAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQA1bS8hcfZ7CsSHNEZoyDCcbtOa8iAfNesTvFa7
zYJI/H5wA5Z7RHLCPHTxhNtRe4YSAguFSqZzaYpNHoMsvFNHbH4xj5sXEBYEirEL
1GyfeVmmJEP6dEiS46kCcvFQ7A46QGZAgWIh3Vkrwxcof1Ha98Z6DM7iyKi0axsK
TddcMVsMwOgLtLddp8eQ6We+sraMoi4M0cdtYPHwvK1P+6ezbD8DtgApAd/EvdaW
g9s18R31wFvOiM0uG9LTjHL7qifv48aMG13atTFLOeJM48IHBBMeWwpYz9g6UO9F
3f3GgqZ5JsqXHNrEcztFXnsAkb4U32QqUgCJ+y+bHdqeWy3D
-----END CERTIFICATE-----