Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/xj3Ln95-hFh4rEM7sGlkoECxTmQ.roa
File:                     xj3Ln95-hFh4rEM7sGlkoECxTmQ.roa (raw, json)
Hash identifier:          6alYU2UN+ywiKhTD+kzDfhE9VgbsIdNhs3bMGakOID8=
Subject key identifier:   C6:3D:CB:9F:DE:7E:84:58:78:AC:43:3B:B0:69:64:A0:40:B1:4E:64
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019DC451C6E6E78B42581F0203E29BC5EA6E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/xj3Ln95-hFh4rEM7sGlkoECxTmQ.roa
Signing time:             Sat 25 Apr 2026 11:06:26 +0000
ROA not before:           Sat 25 Apr 2026 11:06:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        2a14:1101::/32 maxlen: 32
                          2a14:1102::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Apr 2026 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c4:51:c6:e6:e7:8b:42:58:1f:02:03:e2:9b:c5:ea:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 25 11:06:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c63dcb9fde7e845878ac433bb06964a040b14e64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1c:a9:21:8e:0c:3f:21:f2:cf:d4:bf:b8:70:
                    c7:43:2e:22:a9:b3:c0:71:86:04:41:9f:e7:e3:52:
                    37:4b:0d:31:14:5e:31:7f:6c:e7:66:93:c7:22:ab:
                    1e:93:60:b0:27:aa:d8:00:af:cf:96:96:61:fc:58:
                    98:56:4a:33:8c:a3:b8:d4:3b:fa:76:7a:ce:2c:9d:
                    a2:99:34:74:f7:f0:e6:b1:c8:07:e8:27:8e:d5:ee:
                    e1:9f:8f:cc:f4:17:15:8b:b3:e5:dc:e3:46:ce:f2:
                    80:a7:b3:b9:eb:6e:08:e5:65:1b:2f:2b:82:6b:c1:
                    14:c3:52:e9:84:57:53:f1:e6:8c:b7:93:02:70:a8:
                    e5:bc:72:9b:8d:a3:b8:09:db:fd:31:cb:4e:0c:32:
                    06:01:7b:23:98:51:f4:83:df:13:e5:ea:55:53:b9:
                    81:13:9d:6b:9f:cc:0f:97:d0:30:2c:db:52:ae:23:
                    73:b4:da:51:82:09:a9:48:db:77:db:44:19:16:9a:
                    3a:91:9c:e5:b1:b9:15:92:c3:e0:60:47:ee:94:93:
                    57:e9:51:b7:cb:74:fc:15:f8:95:40:6e:49:c5:89:
                    b7:c0:f5:ab:0c:d1:6e:aa:da:33:27:70:84:bc:6a:
                    0a:e2:18:97:9b:27:87:2c:83:84:c9:29:ff:ee:22:
                    1d:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:3D:CB:9F:DE:7E:84:58:78:AC:43:3B:B0:69:64:A0:40:B1:4E:64
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/xj3Ln95-hFh4rEM7sGlkoECxTmQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1101::-2a14:1102:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         14:cf:f1:4b:e0:eb:7a:f9:42:19:0a:e1:b6:f1:6e:30:94:67:
         ce:59:5a:35:28:fe:75:4b:54:71:b2:0d:6f:e2:d6:a3:de:a1:
         2f:06:75:56:c3:0e:50:fb:5b:ee:f7:35:2d:a8:44:3c:1c:cb:
         6f:14:25:2d:24:b4:df:27:21:39:4b:57:7e:ee:d9:e6:e2:6b:
         51:82:18:32:5e:16:57:17:fe:01:8b:c8:4d:86:59:f6:c7:79:
         f4:ec:f0:0c:05:89:57:09:bb:f8:b6:35:3f:4d:0d:a7:d0:3a:
         e3:4b:62:91:75:2c:df:8c:fd:4c:f0:f3:7c:6f:99:52:b0:2c:
         8d:28:65:47:97:1f:5c:f5:fc:cb:29:2f:b3:96:8b:c3:72:c1:
         79:de:a8:3f:06:19:9f:f1:f9:1e:62:52:eb:6e:bc:e4:99:5d:
         91:b7:cf:c7:84:dc:1a:08:7b:5c:70:ef:49:c4:27:70:72:47:
         af:4b:f6:17:ee:e3:09:bc:dd:9f:7d:0d:7e:5c:3b:ec:dd:0e:
         72:9e:a9:91:45:35:4b:36:4d:ca:0e:d3:46:d3:47:6e:e5:bd:
         7f:63:3a:9b:a1:5a:a8:b7:c4:e2:ac:18:e9:99:16:4b:3b:16:
         89:ef:7c:60:91:0b:98:5b:72:a8:33:0c:f7:ac:36:13:18:f4:
         b0:9d:2d:57
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZ3EUcbm54tCWB8CA+KbxepuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNDI1MTEwNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjNkY2I5ZmRlN2U4NDU4NzhhYzQzM2JiMDY5NjRhMDQwYjE0ZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxypIY4MPyHyz9S/uHDHQy4iqbPA
cYYEQZ/n41I3Sw0xFF4xf2znZpPHIqsek2CwJ6rYAK/PlpZh/FiYVkozjKO41Dv6
dnrOLJ2imTR09/DmscgH6CeO1e7hn4/M9BcVi7Pl3ONGzvKAp7O5624I5WUbLyuC
a8EUw1LphFdT8eaMt5MCcKjlvHKbjaO4Cdv9MctODDIGAXsjmFH0g98T5epVU7mB
E51rn8wPl9AwLNtSriNztNpRggmpSNt320QZFpo6kZzlsbkVksPgYEfulJNX6VG3
y3T8FfiVQG5JxYm3wPWrDNFuqtozJ3CEvGoK4hiXmyeHLIOEySn/7iIdiQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFMY9y5/efoRYeKxDO7BpZKBAsU5kMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEveGozTG45NS1oRmg0ckVNN3NHbGtvRUN4VG1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQMA4DBQAqFBEB
AwUAKhQRAjANBgkqhkiG9w0BAQsFAAOCAQEAFM/xS+DrevlCGQrhtvFuMJRnzlla
NSj+dUtUcbINb+LWo96hLwZ1VsMOUPtb7vc1LahEPBzLbxQlLSS03ychOUtXfu7Z
5uJrUYIYMl4WVxf+AYvITYZZ9sd59OzwDAWJVwm7+LY1P00Np9A640tikXUs34z9
TPDzfG+ZUrAsjShlR5cfXPX8yykvs5aLw3LBed6oPwYZn/H5HmJS62685JldkbfP
x4TcGgh7XHDvScQncHJHr0v2F+7jCbzdn30Nflw77N0Ocp6pkUU1SzZNyg7TRtNH
buW9f2M6m6FaqLfE4qwY6ZkWSzsWie98YJELmFtyqDMM96w2Exj0sJ0tVw==
-----END CERTIFICATE-----