Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/fLheGX0xW_tRzZjsFeTSdm63He4.roa
File:                     fLheGX0xW_tRzZjsFeTSdm63He4.roa (raw, json)
Hash identifier:          IFC3aboVBMf5Y8TFLDmis8KTbzKJObHX6ilJBei1aa4=
Subject key identifier:   7C:B8:5E:19:7D:31:5B:FB:51:CD:98:EC:15:E4:D2:76:6E:B7:1D:EE
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019D393A09B2B6D61BBDC9C51390FFC42153
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/fLheGX0xW_tRzZjsFeTSdm63He4.roa
Signing time:             Sun 29 Mar 2026 10:53:18 +0000
ROA not before:           Sun 29 Mar 2026 10:53:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        2a14:6a40::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:3a:09:b2:b6:d6:1b:bd:c9:c5:13:90:ff:c4:21:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Mar 29 10:53:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7cb85e197d315bfb51cd98ec15e4d2766eb71dee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:9b:c9:a1:05:2d:38:de:4c:14:2d:f2:d0:55:
                    07:24:34:bc:c0:bd:71:a3:9e:0f:95:26:90:6b:67:
                    12:1f:7a:6c:2e:93:cb:20:a7:25:e6:02:ee:36:72:
                    aa:5e:95:dc:ac:3f:c7:77:40:a4:77:ca:21:1b:5f:
                    59:e5:de:5a:b4:0e:0b:48:dc:3d:31:e4:90:d4:7a:
                    cb:91:4c:90:95:f0:61:91:8c:6e:30:68:f5:41:ea:
                    d7:a1:f4:99:b4:0b:f2:0e:05:0c:bf:af:61:41:f3:
                    a0:ee:17:18:55:61:30:af:fe:6c:0f:d7:b5:37:a0:
                    cb:d5:f0:29:cb:25:5d:a3:55:3f:3b:66:e7:74:ec:
                    2b:d2:60:ba:be:57:52:2b:44:42:fb:bd:78:50:f9:
                    c3:c4:27:cc:28:bf:00:39:51:b5:65:a6:1f:29:5f:
                    af:4c:5d:6d:c3:a0:ce:52:61:07:2d:d1:4e:cb:c6:
                    4f:ea:52:e6:5b:e5:82:35:b6:d0:cd:65:2f:fa:64:
                    ae:08:52:e0:cc:ad:ec:e0:68:e2:a6:21:c6:9b:fb:
                    98:bb:b7:7a:16:6f:53:c6:88:50:81:76:dc:9b:52:
                    a3:6c:10:cb:55:43:f8:b0:69:1a:a8:2d:63:6c:28:
                    89:61:cb:33:13:c3:ae:31:2a:b2:a6:3f:a4:80:1e:
                    75:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:B8:5E:19:7D:31:5B:FB:51:CD:98:EC:15:E4:D2:76:6E:B7:1D:EE
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/fLheGX0xW_tRzZjsFeTSdm63He4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6a40::/29

    Signature Algorithm: sha256WithRSAEncryption
         84:3f:e3:77:17:67:3a:ea:74:4e:bb:62:76:18:ab:8a:d3:f7:
         01:d7:83:f1:c9:aa:0d:f8:fe:02:e7:e7:a5:61:ed:61:bc:b4:
         91:8d:cc:bd:77:ff:8e:5d:77:f8:a1:7c:81:18:dd:9d:6e:92:
         1f:50:a5:e2:6f:6c:60:4d:ba:1c:86:7f:9a:74:dc:ca:52:74:
         c0:6a:20:7c:25:0b:7e:d3:2e:0f:08:66:dd:19:89:1e:af:94:
         0d:ab:ac:64:46:42:58:8e:43:2f:bb:1b:48:66:af:5b:d9:ad:
         63:22:ab:cb:45:7a:43:e8:83:e0:2e:d0:40:24:56:ec:04:c9:
         bd:5c:2d:d2:31:be:78:51:98:5d:f3:63:f6:c3:3a:00:26:52:
         80:92:21:49:b6:f2:2f:99:23:67:6c:52:f0:2c:98:bd:db:2c:
         d9:17:0a:df:c5:36:b2:b1:31:a6:8b:b7:ff:79:15:82:89:4a:
         74:7f:a6:b0:d4:db:11:3b:ff:e2:53:18:67:fd:67:08:e9:92:
         b4:17:34:fe:25:6a:0c:06:cb:f8:b0:87:6e:ba:01:2e:f7:49:
         d1:e5:6b:a7:4b:a0:ce:c9:c1:69:81:82:47:4a:aa:90:8f:f0:
         23:ff:6a:1b:7a:a3:29:78:c7:55:40:9a:ba:ff:8e:34:d6:0b:
         2a:86:93:c0
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ05OgmyttYbvcnFE5D/xCFTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwMzI5MTA1MzE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2I4NWUxOTdkMzE1YmZiNTFjZDk4ZWMxNWU0ZDI3NjZlYjcxZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpvJoQUtON5MFC3y0FUHJDS8wL1x
o54PlSaQa2cSH3psLpPLIKcl5gLuNnKqXpXcrD/Hd0Ckd8ohG19Z5d5atA4LSNw9
MeSQ1HrLkUyQlfBhkYxuMGj1QerXofSZtAvyDgUMv69hQfOg7hcYVWEwr/5sD9e1
N6DL1fApyyVdo1U/O2bndOwr0mC6vldSK0RC+714UPnDxCfMKL8AOVG1ZaYfKV+v
TF1tw6DOUmEHLdFOy8ZP6lLmW+WCNbbQzWUv+mSuCFLgzK3s4GjipiHGm/uYu7d6
Fm9TxohQgXbcm1KjbBDLVUP4sGkaqC1jbCiJYcszE8OuMSqypj+kgB51mwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHy4Xhl9MVv7Uc2Y7BXk0nZutx3uMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvZkxoZUdYMHhXX3RSelpqc0ZlVFNkbTYzSGU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRqQDAN
BgkqhkiG9w0BAQsFAAOCAQEAhD/jdxdnOup0TrtidhiritP3AdeD8cmqDfj+Aufn
pWHtYby0kY3MvXf/jl13+KF8gRjdnW6SH1Cl4m9sYE26HIZ/mnTcylJ0wGogfCUL
ftMuDwhm3RmJHq+UDausZEZCWI5DL7sbSGavW9mtYyKry0V6Q+iD4C7QQCRW7ATJ
vVwt0jG+eFGYXfNj9sM6ACZSgJIhSbbyL5kjZ2xS8CyYvdss2RcK38U2srExpou3
/3kVgolKdH+msNTbETv/4lMYZ/1nCOmStBc0/iVqDAbL+LCHbroBLvdJ0eVrp0ug
zsnBaYGCR0qqkI/wI/9qG3qjKXjHVUCauv+ONNYLKoaTwA==
-----END CERTIFICATE-----