Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/brUYZq-nkv4YTdMdKfneMuBdKSo.roa
File:                     brUYZq-nkv4YTdMdKfneMuBdKSo.roa (raw, json)
Hash identifier:          FIGSxhtQT05ZYnj5kX8hUUD5j3WF0TXskZg1j9gufoU=
Subject key identifier:   6E:B5:18:66:AF:A7:92:FE:18:4D:D3:1D:29:F9:DE:32:E0:5D:29:2A
Certificate issuer:       /CN=68c7000f32467664ee8eed847ae012fc4318a029
Certificate serial:       019CBAB67B0B430CB62A2923877281AF8787
Authority key identifier: 68:C7:00:0F:32:46:76:64:EE:8E:ED:84:7A:E0:12:FC:43:18:A0:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/brUYZq-nkv4YTdMdKfneMuBdKSo.roa
Signing time:             Wed 04 Mar 2026 21:17:27 +0000
ROA not before:           Wed 04 Mar 2026 21:17:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     0
IP address blocks:        2a14:b400::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Mar 2026 00:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ba:b6:7b:0b:43:0c:b6:2a:29:23:87:72:81:af:87:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c7000f32467664ee8eed847ae012fc4318a029
        Validity
            Not Before: Mar  4 21:17:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6eb51866afa792fe184dd31d29f9de32e05d292a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:65:aa:18:27:93:b5:b8:4b:83:d6:73:00:5a:
                    af:e6:d3:2f:11:d5:f3:88:c8:2b:01:5c:00:0f:1d:
                    f1:29:7d:88:f6:8c:ac:a5:5e:8a:d0:d9:a2:d0:ae:
                    a3:73:f5:d3:85:a1:7f:9a:e5:af:35:b2:56:60:18:
                    49:89:94:46:1c:80:2e:0f:ab:fa:03:a6:79:a1:c9:
                    24:22:2a:c4:30:c3:bb:d2:2e:b7:9a:3e:fb:41:40:
                    2d:5d:a4:12:e3:50:67:99:36:5e:4f:ad:19:a1:0d:
                    3a:df:ab:1e:4d:58:f0:d2:be:5d:cd:64:73:ef:c0:
                    d1:c9:2c:1a:d2:67:c5:1c:73:aa:33:e3:bd:9a:d1:
                    56:e8:fb:ac:4a:69:4e:e6:6c:ef:2b:80:e8:87:d7:
                    1a:66:d0:fd:26:60:f2:47:3e:e6:99:18:a5:79:fe:
                    1b:09:db:81:56:fa:9a:c9:d9:1d:f1:3f:48:1a:c7:
                    5f:2a:36:b6:42:f9:8a:9d:0e:7f:76:13:39:e0:47:
                    ec:19:88:ae:d8:1f:23:d3:ec:49:2d:ad:26:06:74:
                    9c:cd:21:2d:ac:0c:55:14:83:f4:00:d1:f6:b2:93:
                    e7:f2:e7:03:21:9a:be:b7:aa:b5:38:46:34:02:8b:
                    53:4e:13:b0:67:bf:db:04:de:28:fe:18:ba:44:2c:
                    a4:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:B5:18:66:AF:A7:92:FE:18:4D:D3:1D:29:F9:DE:32:E0:5D:29:2A
            X509v3 Authority Key Identifier:
                keyid:68:C7:00:0F:32:46:76:64:EE:8E:ED:84:7A:E0:12:FC:43:18:A0:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/brUYZq-nkv4YTdMdKfneMuBdKSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b400::/29

    Signature Algorithm: sha256WithRSAEncryption
         3e:84:fc:61:14:97:6e:bf:13:3f:b8:3f:33:7b:12:fb:ad:70:
         7b:14:07:f4:dd:b7:52:a5:a3:d5:71:48:30:05:f5:b1:cc:e2:
         bc:25:39:39:7b:d4:70:0e:41:42:68:e3:c4:bf:05:22:de:25:
         1f:9d:4e:57:ef:a6:13:73:66:15:14:16:8c:ef:9d:ce:e7:66:
         13:e5:37:10:27:52:87:c8:af:b9:c6:f8:b6:bf:b1:9c:20:39:
         31:47:17:57:c3:2e:47:35:6b:d0:4c:d0:c9:09:5c:1d:32:5b:
         6e:cb:cf:3d:6b:8c:ea:a6:44:45:08:cf:0e:63:59:cf:6b:9f:
         d4:54:20:d6:44:d3:44:aa:3b:91:10:e7:ed:a6:8d:a5:cf:7d:
         b2:d4:e2:7f:35:c9:00:d0:33:b7:cf:49:fc:37:55:88:db:7f:
         73:06:50:6c:ec:52:56:9c:45:0c:7d:3d:72:bb:2b:83:a6:d1:
         56:fd:04:84:1d:90:b3:21:b8:3e:10:2a:de:87:7b:6b:08:04:
         d5:22:17:e3:4e:36:d1:b5:68:7e:11:93:4c:fe:3d:8f:9b:07:
         53:ec:99:0a:00:99:74:5b:41:c1:2c:70:3d:b5:17:f1:60:8e:
         be:18:63:a7:32:d4:b9:52:7f:c8:7e:10:78:78:a5:bf:0e:01:
         6d:d5:61:d4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZy6tnsLQwy2Kikjh3KBr4eHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzcwMDBmMzI0Njc2NjRlZThlZWQ4NDdhZTAxMmZjNDMx
OGEwMjkwHhcNMjYwMzA0MjExNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWI1MTg2NmFmYTc5MmZlMTg0ZGQzMWQyOWY5ZGUzMmUwNWQyOTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2WqGCeTtbhLg9ZzAFqv5tMvEdXz
iMgrAVwADx3xKX2I9oyspV6K0Nmi0K6jc/XThaF/muWvNbJWYBhJiZRGHIAuD6v6
A6Z5ockkIirEMMO70i63mj77QUAtXaQS41BnmTZeT60ZoQ0636seTVjw0r5dzWRz
78DRySwa0mfFHHOqM+O9mtFW6PusSmlO5mzvK4Doh9caZtD9JmDyRz7mmRilef4b
CduBVvqaydkd8T9IGsdfKja2QvmKnQ5/dhM54EfsGYiu2B8j0+xJLa0mBnSczSEt
rAxVFIP0ANH2spPn8ucDIZq+t6q1OEY0AotTThOwZ7/bBN4o/hi6RCyk/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFG61GGavp5L+GE3THSn53jLgXSkqMB8GA1UdIwQY
MBaAFGjHAA8yRnZk7o7thHrgEvxDGKApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1jQUR6SkdkbVR1anUyRWV1QVNfRU1Zb0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9mZDRmYWItZTA2MS00MTY4LWI0YTIt
NmRiODc0NzhjOWRhLzEvYnJVWVpxLW5rdjRZVGRNZEtmbmVNdUJkS1NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9mZDRmYWItZTA2MS00MTY4LWI0YTItNmRiODc0NzhjOWRh
LzEvYU1jQUR6SkdkbVR1anUyRWV1QVNfRU1Zb0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhS0ADAN
BgkqhkiG9w0BAQsFAAOCAQEAPoT8YRSXbr8TP7g/M3sS+61wexQH9N23UqWj1XFI
MAX1sczivCU5OXvUcA5BQmjjxL8FIt4lH51OV++mE3NmFRQWjO+dzudmE+U3ECdS
h8ivucb4tr+xnCA5MUcXV8MuRzVr0EzQyQlcHTJbbsvPPWuM6qZERQjPDmNZz2uf
1FQg1kTTRKo7kRDn7aaNpc99stTifzXJANAzt89J/DdViNt/cwZQbOxSVpxFDH09
crsrg6bRVv0EhB2QsyG4PhAq3od7awgE1SIX40420bVofhGTTP49j5sHU+yZCgCZ
dFtBwSxwPbUX8WCOvhhjpzLUuVJ/yH4QeHilvw4BbdVh1A==
-----END CERTIFICATE-----