Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/ca9e47-566f-4e7d-b859-ba2efcc56558/1/tAvWDg6C9tWGpf0qOSBi-bl1UoA.roa
File:                     tAvWDg6C9tWGpf0qOSBi-bl1UoA.roa (raw, json)
Hash identifier:          FHTTlK5qR2SriPlyoIDjDg0qyB1eJuPYoS9o961aumY=
Subject key identifier:   B4:0B:D6:0E:0E:82:F6:D5:86:A5:FD:2A:39:20:62:F9:B9:75:52:80
Certificate issuer:       /CN=6692749727bee6e8b484ad5de3ec2a86024ea1fb
Certificate serial:       019D2FE9FF05E48346B8829C09F435A796DB
Authority key identifier: 66:92:74:97:27:BE:E6:E8:B4:84:AD:5D:E3:EC:2A:86:02:4E:A1:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZpJ0lye-5ui0hK1d4-wqhgJOofs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/ca9e47-566f-4e7d-b859-ba2efcc56558/1/tAvWDg6C9tWGpf0qOSBi-bl1UoA.roa
Signing time:             Fri 27 Mar 2026 15:29:17 +0000
ROA not before:           Fri 27 Mar 2026 15:29:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213279
IP address blocks:        194.62.114.0/24 maxlen: 24
                          2a14:b400::/32 maxlen: 32
                          2a14:b400::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/ca9e47-566f-4e7d-b859-ba2efcc56558/1/ZpJ0lye-5ui0hK1d4-wqhgJOofs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/ca9e47-566f-4e7d-b859-ba2efcc56558/1/ZpJ0lye-5ui0hK1d4-wqhgJOofs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZpJ0lye-5ui0hK1d4-wqhgJOofs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Mar 2026 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:2f:e9:ff:05:e4:83:46:b8:82:9c:09:f4:35:a7:96:db
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6692749727bee6e8b484ad5de3ec2a86024ea1fb
        Validity
            Not Before: Mar 27 15:29:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b40bd60e0e82f6d586a5fd2a392062f9b9755280
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:7d:25:49:4b:ef:35:5a:0a:8c:2e:21:11:20:
                    16:ab:fa:5f:9f:83:65:7b:b5:f6:8e:1d:c3:bd:6f:
                    c1:9b:23:e4:8a:b6:19:70:d0:65:4a:2b:95:17:db:
                    6d:32:c5:9f:cc:0a:ab:7c:1a:a7:11:26:cd:0f:fc:
                    d0:d3:f8:50:d5:2f:0b:37:56:c0:7e:62:6b:f5:d8:
                    82:50:f9:16:f9:32:67:01:79:dc:b2:97:eb:d5:6e:
                    e9:42:c5:6a:38:a8:ca:ca:ab:49:24:1d:bf:77:f8:
                    9b:a2:a4:3f:4b:71:e7:0a:4a:ed:61:1a:e6:5f:e4:
                    bb:ee:bf:5f:5d:d8:a2:58:b2:e4:3c:b2:4f:c2:ce:
                    4b:2b:53:74:e6:3f:cf:fd:94:94:37:ae:61:71:47:
                    a0:49:b2:a0:0b:4e:44:2a:57:a2:dc:b0:87:88:e7:
                    51:43:58:02:e7:28:1f:0b:ca:57:15:6a:b0:47:a2:
                    44:82:87:96:c0:ab:2d:8c:97:b2:32:79:1d:35:ae:
                    68:13:ef:4f:93:08:73:81:bf:c5:03:29:e2:a5:09:
                    3d:6a:a1:bf:39:c8:81:4f:ab:45:c9:4b:d0:4b:97:
                    d8:21:58:77:14:57:f0:0c:9e:43:5a:fd:51:67:26:
                    57:a1:fe:38:3e:35:a1:98:86:80:09:4e:e9:4b:95:
                    bc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:0B:D6:0E:0E:82:F6:D5:86:A5:FD:2A:39:20:62:F9:B9:75:52:80
            X509v3 Authority Key Identifier:
                keyid:66:92:74:97:27:BE:E6:E8:B4:84:AD:5D:E3:EC:2A:86:02:4E:A1:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZpJ0lye-5ui0hK1d4-wqhgJOofs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ca9e47-566f-4e7d-b859-ba2efcc56558/1/tAvWDg6C9tWGpf0qOSBi-bl1UoA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/ca9e47-566f-4e7d-b859-ba2efcc56558/1/ZpJ0lye-5ui0hK1d4-wqhgJOofs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.114.0/24
                IPv6:
                  2a14:b400::/32

    Signature Algorithm: sha256WithRSAEncryption
         35:52:4f:9f:bf:e0:3d:44:d4:51:e1:be:ec:e3:d5:bb:0a:4f:
         34:be:85:b7:9c:c2:0b:ae:1e:c9:53:34:9c:c5:81:1b:65:1c:
         8f:ff:6a:ff:61:bd:f3:f0:a9:3d:4b:c6:de:d5:71:a2:83:08:
         b3:48:01:dd:7a:11:d2:97:0d:f7:b0:5c:73:61:97:15:40:5d:
         c4:2c:a7:1f:05:01:e3:fe:d6:f4:73:fd:f7:37:8d:44:ba:db:
         e5:5c:df:a7:24:a0:ca:15:32:2c:ff:61:fa:99:66:8a:2d:04:
         44:0f:18:de:e6:ae:8f:df:73:f0:05:d7:6b:30:c1:f5:a1:bf:
         14:da:35:22:2d:16:44:58:2f:6d:1f:94:bc:37:75:8a:eb:32:
         a4:c0:bb:be:7e:00:91:23:19:47:a0:00:dd:66:6c:55:a1:e2:
         c8:e2:1c:b6:d5:a4:61:d4:fb:89:01:6e:5a:e4:e8:1e:83:6e:
         55:76:ee:d0:85:f9:76:fa:d4:f5:ab:9e:3e:f7:06:5e:50:77:
         dd:73:c0:78:1d:da:7a:0e:17:d4:33:2b:de:1d:64:c6:56:2a:
         85:49:85:9d:90:fb:f5:5b:ef:46:d6:5d:d6:e5:9c:c3:29:8a:
         1d:ed:16:ca:eb:44:00:89:d8:9e:f9:d2:32:8b:09:ce:83:71:
         3c:8f:1b:c1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ0v6f8F5INGuIKcCfQ1p5bbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2OTI3NDk3MjdiZWU2ZThiNDg0YWQ1ZGUzZWMyYTg2MDI0
ZWExZmIwHhcNMjYwMzI3MTUyOTE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDBiZDYwZTBlODJmNmQ1ODZhNWZkMmEzOTIwNjJmOWI5NzU1MjgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx30lSUvvNVoKjC4hESAWq/pfn4Nl
e7X2jh3DvW/BmyPkirYZcNBlSiuVF9ttMsWfzAqrfBqnESbND/zQ0/hQ1S8LN1bA
fmJr9diCUPkW+TJnAXncspfr1W7pQsVqOKjKyqtJJB2/d/iboqQ/S3HnCkrtYRrm
X+S77r9fXdiiWLLkPLJPws5LK1N05j/P/ZSUN65hcUegSbKgC05EKlei3LCHiOdR
Q1gC5ygfC8pXFWqwR6JEgoeWwKstjJeyMnkdNa5oE+9Pkwhzgb/FAynipQk9aqG/
OciBT6tFyUvQS5fYIVh3FFfwDJ5DWv1RZyZXof44PjWhmIaACU7pS5W80wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLQL1g4OgvbVhqX9KjkgYvm5dVKAMB8GA1UdIwQY
MBaAFGaSdJcnvubotIStXePsKoYCTqH7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnBKMGx5ZS01dWkwaEsxZDQtd3FoZ0pPb2ZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My9jYTllNDctNTY2Zi00ZTdkLWI4NTkt
YmEyZWZjYzU2NTU4LzEvdEF2V0RnNkM5dFdHcGYwcU9TQmktYmwxVW9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My9jYTllNDctNTY2Zi00ZTdkLWI4NTktYmEyZWZjYzU2NTU4
LzEvWnBKMGx5ZS01dWkwaEsxZDQtd3FoZ0pPb2ZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwj5yMA0E
AgACMAcDBQAqFLQAMA0GCSqGSIb3DQEBCwUAA4IBAQA1Uk+fv+A9RNRR4b7s49W7
Ck80voW3nMILrh7JUzScxYEbZRyP/2r/Yb3z8Kk9S8be1XGigwizSAHdehHSlw33
sFxzYZcVQF3ELKcfBQHj/tb0c/33N41EutvlXN+nJKDKFTIs/2H6mWaKLQREDxje
5q6P33PwBddrMMH1ob8U2jUiLRZEWC9tH5S8N3WK6zKkwLu+fgCRIxlHoADdZmxV
oeLI4hy21aRh1PuJAW5a5Ogeg25Vdu7Qhfl2+tT1q54+9wZeUHfdc8B4Hdp6DhfU
MyveHWTGViqFSYWdkPv1W+9G1l3W5ZzDKYod7RbK60QAidie+dIyiwnOg3E8jxvB
-----END CERTIFICATE-----