Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Mqq7SV3NGJTSOx84rxj94A-wPE8.roa
File:                     Mqq7SV3NGJTSOx84rxj94A-wPE8.roa (raw, json)
Hash identifier:          voREkWGhCrw900evRr16QgfguPMQ213UULwbannmpXs=
Subject key identifier:   32:AA:BB:49:5D:CD:18:94:D2:3B:1F:38:AF:18:FD:E0:0F:B0:3C:4F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D0B4C1A7CD9CA8CC5EE803463966A805B
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Mqq7SV3NGJTSOx84rxj94A-wPE8.roa
Signing time:             Fri 20 Mar 2026 12:50:30 +0000
ROA not before:           Fri 20 Mar 2026 12:50:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62240
IP address blocks:        2a14:1100::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Mar 2026 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:4c:1a:7c:d9:ca:8c:c5:ee:80:34:63:96:6a:80:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 20 12:50:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=32aabb495dcd1894d23b1f38af18fde00fb03c4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:d9:c5:94:99:c2:7b:1c:8c:30:97:8a:c1:53:
                    b5:8e:89:98:f8:26:83:fe:8a:5e:b2:39:bb:e1:d1:
                    89:3d:a0:f9:1a:ff:5f:d0:9a:1a:1c:da:39:f4:a7:
                    4a:6d:f5:45:f3:9b:52:05:6d:73:b0:b6:6a:46:90:
                    2f:d7:10:01:63:dc:11:b2:c7:22:ab:71:37:a0:c6:
                    b4:81:c8:c9:5a:30:e8:bc:3d:e7:0e:0d:ed:76:3d:
                    a2:bd:fc:77:e9:d2:c3:1a:83:f0:c2:a2:eb:5a:1b:
                    42:9b:9a:d2:b0:62:43:15:88:46:c2:b6:d8:91:2f:
                    a8:9f:f7:74:47:4d:8b:ff:f7:46:b9:90:8e:55:e9:
                    24:e6:da:fe:b3:a0:70:c4:cd:47:bb:a9:49:cc:ed:
                    0d:97:6c:5e:f6:15:2f:39:bc:ed:31:84:48:8a:4c:
                    7a:8c:f8:60:1d:94:52:b1:f8:82:30:60:5b:15:b6:
                    61:1d:c7:84:fc:f6:0f:0a:36:cf:da:3e:b1:64:c7:
                    80:b7:d8:44:ea:d1:d5:3d:07:2c:d3:59:ec:d3:1c:
                    fc:55:e3:3b:25:f3:84:17:55:ba:7b:0c:27:3a:bc:
                    27:c2:db:38:85:f6:ef:93:51:bf:8c:2e:5b:cd:8f:
                    5a:e0:2f:1d:7f:cc:56:cc:39:36:94:ea:9b:32:f3:
                    5c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:AA:BB:49:5D:CD:18:94:D2:3B:1F:38:AF:18:FD:E0:0F:B0:3C:4F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/Mqq7SV3NGJTSOx84rxj94A-wPE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1100::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:14:9e:11:c1:b8:21:fc:9b:36:29:22:b5:5d:21:17:c6:b3:
         48:41:c9:fe:21:dc:12:76:ca:cc:10:e3:1a:ce:b1:37:9a:bd:
         9d:7a:44:6a:12:36:e5:1c:bd:16:3b:6c:1b:63:4e:51:a1:e5:
         a8:81:c3:39:97:13:1c:8f:eb:07:8c:8b:45:23:d4:aa:bc:7d:
         07:46:08:d1:e9:f8:bf:b4:2f:48:0f:db:e4:1b:c1:75:77:3b:
         3d:65:42:53:f2:3e:65:69:87:c7:03:83:34:d2:5e:3e:78:8b:
         0b:98:4f:ce:c1:a1:c1:12:c2:60:76:fe:68:fa:cc:5c:bd:1c:
         a8:61:bc:f7:39:5a:11:24:cb:0c:9f:ac:2a:a5:f6:28:61:c4:
         91:e9:f0:ff:af:41:12:a2:54:d7:2e:7f:14:04:b8:3c:cd:48:
         cb:f7:b6:9b:5a:10:ac:c3:c5:8f:07:60:bc:9e:6d:3b:0c:1c:
         fe:22:0d:3e:fe:cd:13:20:47:9d:5f:05:d0:7b:47:50:65:50:
         61:93:3d:46:56:15:18:02:5c:dc:a2:85:32:68:94:36:19:d4:
         53:c8:a8:91:28:c1:fd:b4:f3:90:2c:ce:6a:dc:c2:82:45:ec:
         1b:05:52:e0:23:22:4f:93:a0:63:3c:15:aa:2c:ca:48:ff:1a:
         e7:a6:a2:65
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0LTBp82cqMxe6ANGOWaoBbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzIwMTI1MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmFhYmI0OTVkY2QxODk0ZDIzYjFmMzhhZjE4ZmRlMDBmYjAzYzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxdnFlJnCexyMMJeKwVO1jomY+CaD
/opesjm74dGJPaD5Gv9f0JoaHNo59KdKbfVF85tSBW1zsLZqRpAv1xABY9wRssci
q3E3oMa0gcjJWjDovD3nDg3tdj2ivfx36dLDGoPwwqLrWhtCm5rSsGJDFYhGwrbY
kS+on/d0R02L//dGuZCOVekk5tr+s6BwxM1Hu6lJzO0Nl2xe9hUvObztMYRIikx6
jPhgHZRSsfiCMGBbFbZhHceE/PYPCjbP2j6xZMeAt9hE6tHVPQcs01ns0xz8VeM7
JfOEF1W6ewwnOrwnwts4hfbvk1G/jC5bzY9a4C8df8xWzDk2lOqbMvNciQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFDKqu0ldzRiU0jsfOK8Y/eAPsDxPMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTXFxN1NWM05HSlRTT3g4NHJ4ajk0QS13UEU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhQRADAN
BgkqhkiG9w0BAQsFAAOCAQEAQhSeEcG4IfybNikitV0hF8azSEHJ/iHcEnbKzBDj
Gs6xN5q9nXpEahI25Ry9FjtsG2NOUaHlqIHDOZcTHI/rB4yLRSPUqrx9B0YI0en4
v7QvSA/b5BvBdXc7PWVCU/I+ZWmHxwODNNJePniLC5hPzsGhwRLCYHb+aPrMXL0c
qGG89zlaESTLDJ+sKqX2KGHEkenw/69BEqJU1y5/FAS4PM1Iy/e2m1oQrMPFjwdg
vJ5tOwwc/iINPv7NEyBHnV8F0HtHUGVQYZM9RlYVGAJc3KKFMmiUNhnUU8iokSjB
/bTzkCzOatzCgkXsGwVS4CMiT5OgYzwVqizKSP8a56aiZQ==
-----END CERTIFICATE-----