Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/nV2o0oFyX-lneGR6GzHkwS7FLmg.roa
File:                     nV2o0oFyX-lneGR6GzHkwS7FLmg.roa (raw, json)
Hash identifier:          odxjwKFN7d94aZu6UUbc/PvvX8JBTFfltC6/19R1tdU=
Subject key identifier:   9D:5D:A8:D2:81:72:5F:E9:67:78:64:7A:1B:31:E4:C1:2E:C5:2E:68
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019CC321A16C5D4A86B77335973B4279162C
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/nV2o0oFyX-lneGR6GzHkwS7FLmg.roa
Signing time:             Fri 06 Mar 2026 12:31:26 +0000
ROA not before:           Fri 06 Mar 2026 12:31:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213861
IP address blocks:        2a14:a086::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Mar 2026 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c3:21:a1:6c:5d:4a:86:b7:73:35:97:3b:42:79:16:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Mar  6 12:31:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9d5da8d281725fe96778647a1b31e4c12ec52e68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:dd:24:7a:78:8f:0e:31:10:5f:72:86:8d:6c:
                    d2:8c:64:09:b4:ea:19:65:f9:39:58:0b:f6:1a:c7:
                    85:07:37:d8:a2:af:29:ef:c6:1f:72:1a:81:02:81:
                    e4:0b:c0:84:cf:88:fa:5e:64:88:e0:63:65:00:d4:
                    ed:6c:ec:0d:ab:f9:e8:4c:88:b2:62:22:92:36:6f:
                    31:79:14:52:5a:ef:65:2a:96:c1:70:df:91:1d:8f:
                    58:65:c5:c3:c2:c8:c4:05:2e:62:e4:d2:eb:b8:76:
                    b6:48:32:b0:13:4e:8d:d1:ad:3b:37:39:ed:82:f8:
                    11:7d:0c:a2:b3:85:29:22:0f:35:cd:77:48:24:78:
                    c0:7e:9f:ba:c4:bc:6d:38:75:61:83:98:eb:76:a9:
                    2a:e1:74:67:6e:67:83:5d:22:39:a1:71:dc:58:9c:
                    3f:05:60:0b:ec:13:29:f1:4b:54:ed:81:e2:f4:97:
                    d3:db:fb:2a:b9:93:eb:f1:3a:9e:43:f5:94:09:b7:
                    7e:8b:68:cb:b0:2e:1c:ba:e1:22:47:df:19:10:9b:
                    d2:c1:9a:d8:54:ce:4c:e8:69:22:82:ab:5b:5e:c9:
                    4d:b0:cb:bd:31:47:47:3b:66:bd:7b:ef:d3:8c:56:
                    ce:8f:16:70:95:23:28:35:3c:13:b2:1c:08:fe:51:
                    a4:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:5D:A8:D2:81:72:5F:E9:67:78:64:7A:1B:31:E4:C1:2E:C5:2E:68
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/nV2o0oFyX-lneGR6GzHkwS7FLmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a086::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:38:7f:11:52:c5:41:c4:29:7d:b0:b7:b2:41:61:d5:60:26:
         1d:aa:23:ca:7f:d8:80:6a:81:29:8b:23:02:b4:ac:e1:11:cf:
         0c:1d:d8:fb:8b:2b:8f:ba:e6:f7:60:4b:04:d9:ca:f2:91:24:
         fb:c6:70:1c:c0:4f:b6:44:9c:b6:9a:de:6f:30:db:2a:a2:12:
         b3:97:c0:d3:b5:85:6f:60:60:44:e2:d2:50:b0:6c:3e:6a:de:
         fe:60:7d:34:a3:06:3c:09:af:e9:3d:07:32:7a:65:d1:e7:59:
         11:5a:ca:a2:ff:a9:de:3e:6b:50:a0:2d:dd:fa:d9:83:24:6f:
         2c:6a:b1:de:f5:ce:3d:13:93:56:d3:f4:8e:fd:64:3a:bc:0a:
         af:ff:83:37:f5:d2:3a:af:cc:34:57:41:52:d7:f0:3e:6d:33:
         19:67:80:f9:b4:6f:16:83:a8:50:96:fd:29:55:db:c4:3f:d1:
         fe:7f:7a:fa:9a:f0:52:3b:cc:2d:5d:59:f3:db:2c:fd:f1:23:
         ce:cf:bb:94:ee:97:a8:e3:03:3c:4e:ba:79:55:a3:82:f1:16:
         f4:e7:22:d4:dd:6f:c3:7f:c1:2c:09:ef:1e:15:f3:f2:d1:c6:
         43:69:14:c3:ce:74:84:24:24:5e:44:f5:5b:fc:37:40:04:fb:
         83:f4:48:6e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzDIaFsXUqGt3M1lztCeRYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwMzA2MTIzMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDVkYThkMjgxNzI1ZmU5Njc3ODY0N2ExYjMxZTRjMTJlYzUyZTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsN0keniPDjEQX3KGjWzSjGQJtOoZ
Zfk5WAv2GseFBzfYoq8p78YfchqBAoHkC8CEz4j6XmSI4GNlANTtbOwNq/noTIiy
YiKSNm8xeRRSWu9lKpbBcN+RHY9YZcXDwsjEBS5i5NLruHa2SDKwE06N0a07Nznt
gvgRfQyis4UpIg81zXdIJHjAfp+6xLxtOHVhg5jrdqkq4XRnbmeDXSI5oXHcWJw/
BWAL7BMp8UtU7YHi9JfT2/squZPr8TqeQ/WUCbd+i2jLsC4cuuEiR98ZEJvSwZrY
VM5M6GkigqtbXslNsMu9MUdHO2a9e+/TjFbOjxZwlSMoNTwTshwI/lGkuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJ1dqNKBcl/pZ3hkehsx5MEuxS5oMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvblYybzBvRnlYLWxuZUdSNkd6SGt3UzdGTG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhSghjAN
BgkqhkiG9w0BAQsFAAOCAQEAdjh/EVLFQcQpfbC3skFh1WAmHaojyn/YgGqBKYsj
ArSs4RHPDB3Y+4srj7rm92BLBNnK8pEk+8ZwHMBPtkSctprebzDbKqISs5fA07WF
b2BgROLSULBsPmre/mB9NKMGPAmv6T0HMnpl0edZEVrKov+p3j5rUKAt3frZgyRv
LGqx3vXOPROTVtP0jv1kOrwKr/+DN/XSOq/MNFdBUtfwPm0zGWeA+bRvFoOoUJb9
KVXbxD/R/n96+prwUjvMLV1Z89ss/fEjzs+7lO6XqOMDPE66eVWjgvEW9Oci1N1v
w3/BLAnvHhXz8tHGQ2kUw850hCQkXkT1W/w3QAT7g/RIbg==
-----END CERTIFICATE-----