Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/bGFz57_Y06lvptxzcfzOeAbZ2SE.roa
File:                     bGFz57_Y06lvptxzcfzOeAbZ2SE.roa (raw, json)
Hash identifier:          A/MOWotoVowQSsb16FnwkgScXAh2bTf9znNwXhRX+hA=
Subject key identifier:   6C:61:73:E7:BF:D8:D3:A9:6F:A6:DC:73:71:FC:CE:78:06:D9:D9:21
Certificate issuer:       /CN=68c7000f32467664ee8eed847ae012fc4318a029
Certificate serial:       019CCE7F2C9735E5A520D4736C3E7C2DF589
Authority key identifier: 68:C7:00:0F:32:46:76:64:EE:8E:ED:84:7A:E0:12:FC:43:18:A0:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/bGFz57_Y06lvptxzcfzOeAbZ2SE.roa
Signing time:             Sun 08 Mar 2026 17:29:26 +0000
ROA not before:           Sun 08 Mar 2026 17:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213279
IP address blocks:        2a14:b400::/32 maxlen: 32
                          2a14:b400::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ce:7f:2c:97:35:e5:a5:20:d4:73:6c:3e:7c:2d:f5:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c7000f32467664ee8eed847ae012fc4318a029
        Validity
            Not Before: Mar  8 17:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6c6173e7bfd8d3a96fa6dc7371fcce7806d9d921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:00:83:e6:19:18:18:83:d7:eb:53:81:a2:ab:
                    68:2b:9f:0f:e9:77:90:a9:b9:17:4c:65:4c:a8:24:
                    99:ec:b5:9a:7f:22:0f:64:65:f7:26:38:c9:03:d3:
                    cf:42:af:6c:28:32:a8:23:d5:db:0d:49:62:cd:48:
                    f2:54:2b:6f:a9:a9:65:6f:76:8f:83:07:36:b6:f8:
                    a7:66:1f:73:e2:05:04:ff:8c:55:4d:f1:70:3e:96:
                    49:61:74:06:d3:a8:36:25:0d:86:52:8b:de:6c:e1:
                    35:21:3f:be:d9:8d:7e:b4:ce:68:cd:05:6d:ad:b2:
                    1c:eb:e0:33:53:8a:95:a6:7f:78:81:c8:bc:95:9b:
                    94:28:8f:f4:45:4b:c9:1e:03:a1:c5:ed:65:22:9f:
                    15:bf:0e:76:5c:bc:d6:be:1a:df:93:47:9c:e1:7a:
                    b8:e6:4d:31:45:35:cf:79:23:20:4f:27:3f:99:07:
                    54:70:f4:a1:63:09:33:d5:85:1e:ad:33:2c:04:54:
                    5f:fc:e4:05:83:d2:d9:80:73:53:04:54:3d:22:44:
                    aa:6f:21:dc:51:0b:30:d1:8d:da:31:2d:a4:be:44:
                    55:9a:5b:b8:2f:fc:3a:03:30:e8:79:b2:a3:2e:97:
                    07:a5:38:fc:50:40:0a:98:a2:74:d9:05:56:29:50:
                    b0:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:61:73:E7:BF:D8:D3:A9:6F:A6:DC:73:71:FC:CE:78:06:D9:D9:21
            X509v3 Authority Key Identifier:
                keyid:68:C7:00:0F:32:46:76:64:EE:8E:ED:84:7A:E0:12:FC:43:18:A0:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/bGFz57_Y06lvptxzcfzOeAbZ2SE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b400::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:71:b6:07:7a:c5:6b:06:d4:9e:0a:5a:d6:bf:9e:5c:29:76:
         72:b2:1b:bf:62:6c:89:a1:9a:58:e1:be:53:52:32:de:ed:19:
         bb:32:73:ae:78:08:2f:f2:de:12:18:36:d3:92:05:d0:be:29:
         f8:09:fc:3a:78:ed:ae:2b:9b:88:7a:93:6e:ef:55:11:9c:5a:
         8a:9a:52:7d:9b:5f:fa:01:46:fa:3b:5e:dc:45:0b:2f:1a:e4:
         fb:d7:db:49:60:25:16:c6:bf:04:30:be:c8:3d:63:cc:b4:0d:
         36:1d:27:62:7c:f9:bc:20:c9:3f:28:ed:ab:5c:a2:69:df:34:
         73:b5:66:70:20:b6:3c:12:c3:df:e9:40:b2:9d:f0:b7:5f:e3:
         75:57:2f:a6:19:00:53:f4:6a:8d:67:44:d7:74:12:79:ef:a5:
         d3:0c:58:29:77:6d:cc:4c:90:bc:3c:83:50:59:7d:34:fa:76:
         43:e8:7a:38:07:b3:4a:46:58:35:6e:47:ab:f5:3f:f4:42:22:
         53:0b:5a:7e:4b:8c:fe:54:e0:f5:66:00:ae:18:a9:f3:d7:46:
         ad:fa:42:35:58:48:e4:c7:66:a7:4d:5f:8a:9d:ff:6c:8b:e5:
         bf:13:cf:58:f3:51:4c:b8:08:35:fc:d0:e6:6b:57:b9:77:93:
         a1:51:4f:ad
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzOfyyXNeWlINRzbD58LfWJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzcwMDBmMzI0Njc2NjRlZThlZWQ4NDdhZTAxMmZjNDMx
OGEwMjkwHhcNMjYwMzA4MTcyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzYxNzNlN2JmZDhkM2E5NmZhNmRjNzM3MWZjY2U3ODA2ZDlkOTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgCD5hkYGIPX61OBoqtoK58P6XeQ
qbkXTGVMqCSZ7LWafyIPZGX3JjjJA9PPQq9sKDKoI9XbDUlizUjyVCtvqallb3aP
gwc2tvinZh9z4gUE/4xVTfFwPpZJYXQG06g2JQ2GUovebOE1IT++2Y1+tM5ozQVt
rbIc6+AzU4qVpn94gci8lZuUKI/0RUvJHgOhxe1lIp8Vvw52XLzWvhrfk0ec4Xq4
5k0xRTXPeSMgTyc/mQdUcPShYwkz1YUerTMsBFRf/OQFg9LZgHNTBFQ9IkSqbyHc
UQsw0Y3aMS2kvkRVmlu4L/w6AzDoebKjLpcHpTj8UEAKmKJ02QVWKVCwtwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGxhc+e/2NOpb6bcc3H8zngG2dkhMB8GA1UdIwQY
MBaAFGjHAA8yRnZk7o7thHrgEvxDGKApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1jQUR6SkdkbVR1anUyRWV1QVNfRU1Zb0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9mZDRmYWItZTA2MS00MTY4LWI0YTIt
NmRiODc0NzhjOWRhLzEvYkdGejU3X1kwNmx2cHR4emNmek9lQWJaMlNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9mZDRmYWItZTA2MS00MTY4LWI0YTItNmRiODc0NzhjOWRh
LzEvYU1jQUR6SkdkbVR1anUyRWV1QVNfRU1Zb0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhS0ADAN
BgkqhkiG9w0BAQsFAAOCAQEAH3G2B3rFawbUngpa1r+eXCl2crIbv2JsiaGaWOG+
U1Iy3u0ZuzJzrngIL/LeEhg205IF0L4p+An8OnjtriubiHqTbu9VEZxaippSfZtf
+gFG+jte3EULLxrk+9fbSWAlFsa/BDC+yD1jzLQNNh0nYnz5vCDJPyjtq1yiad80
c7VmcCC2PBLD3+lAsp3wt1/jdVcvphkAU/RqjWdE13QSee+l0wxYKXdtzEyQvDyD
UFl9NPp2Q+h6OAezSkZYNW5Hq/U/9EIiUwtafkuM/lTg9WYArhip89dGrfpCNVhI
5Mdmp01fip3/bIvlvxPPWPNRTLgINfzQ5mtXuXeToVFPrQ==
-----END CERTIFICATE-----