Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/nfjfWnhtI5wjidgXoFPNKZl2hok.roa
File:                     nfjfWnhtI5wjidgXoFPNKZl2hok.roa (raw, json)
Hash identifier:          sGiSIEqIVPO8w9D0sKdW1XKoGTvI+ujABJDMM86Yt0I=
Subject key identifier:   9D:F8:DF:5A:78:6D:23:9C:23:89:D8:17:A0:53:CD:29:99:76:86:89
Certificate issuer:       /CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
Certificate serial:       019BE51DBF595DB06434C43820AE177C18C6
Authority key identifier: 07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/nfjfWnhtI5wjidgXoFPNKZl2hok.roa
Signing time:             Thu 22 Jan 2026 09:51:30 +0000
ROA not before:           Thu 22 Jan 2026 09:51:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214160
IP address blocks:        2a14:6:10::/48 maxlen: 48
                          2a14:6:11::/48 maxlen: 48
                          2a14:6:12::/48 maxlen: 48
                          2a14:6:13::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Feb 2026 20:53:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:e5:1d:bf:59:5d:b0:64:34:c4:38:20:ae:17:7c:18:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07f0ba59b1c76cf20dc4382e5a2854d7142c26ba
        Validity
            Not Before: Jan 22 09:51:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9df8df5a786d239c2389d817a053cd2999768689
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:df:48:e5:78:ef:e2:04:c5:78:fc:ad:9d:9c:
                    57:09:1a:d8:22:9c:4e:aa:56:96:e3:0c:ab:ed:d8:
                    5a:15:44:54:c9:e3:9c:7f:29:bf:be:0f:40:fb:37:
                    97:f2:2e:05:6f:6c:c8:85:7d:10:5f:c7:5b:17:9c:
                    f2:f5:0e:69:86:27:af:b8:ea:47:e3:b8:92:4a:ab:
                    2a:1f:de:3c:c2:d2:bb:c9:c4:95:dd:90:f7:71:02:
                    53:c5:e7:c6:ac:d7:c2:db:16:59:c8:20:f9:d7:78:
                    e2:d7:fe:af:03:f4:15:a3:d0:8f:03:80:fb:fe:47:
                    d5:54:d2:81:0c:32:f3:b1:fa:6d:17:29:c3:d2:34:
                    3b:15:a2:1b:5f:76:64:e5:a2:b6:cc:b2:26:59:9d:
                    fc:f1:c9:c1:56:a6:fc:31:d8:e7:b6:9a:34:b9:8c:
                    b8:73:bc:2f:81:51:9b:4e:5b:7f:37:13:66:58:1e:
                    a4:6c:70:a5:fb:ae:cd:cd:1b:c0:a5:64:7d:1d:ee:
                    e4:72:3a:fe:d9:19:2b:40:06:e7:0d:9f:5b:b4:04:
                    b3:d5:89:87:e1:e6:59:0b:af:be:de:60:e8:43:1c:
                    09:e5:e5:72:73:c2:d6:1d:48:2f:72:78:d2:79:01:
                    50:6c:66:fe:53:c2:41:0f:b5:16:0a:a6:fa:cc:e9:
                    98:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:F8:DF:5A:78:6D:23:9C:23:89:D8:17:A0:53:CD:29:99:76:86:89
            X509v3 Authority Key Identifier:
                keyid:07:F0:BA:59:B1:C7:6C:F2:0D:C4:38:2E:5A:28:54:D7:14:2C:26:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_C6WbHHbPINxDguWihU1xQsJro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/nfjfWnhtI5wjidgXoFPNKZl2hok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/296a78-01e2-496d-ba59-2200b3cc57e6/1/B_C6WbHHbPINxDguWihU1xQsJro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6:10::/46

    Signature Algorithm: sha256WithRSAEncryption
         aa:04:81:9d:35:c3:04:99:6d:62:97:d1:1c:8d:0f:94:0e:0f:
         9e:7a:44:4d:71:60:99:77:d7:cc:0d:35:81:09:fe:74:50:df:
         65:22:12:8d:f2:fc:fc:13:41:8d:9e:59:51:14:6c:ae:50:31:
         79:26:c6:7a:e8:8f:48:a1:86:b3:e9:f6:c6:c8:63:bd:9c:ae:
         3a:c0:21:d2:5d:d9:1c:99:07:6b:ec:c0:dc:9d:a2:ec:bc:3a:
         98:6e:fb:a9:1a:fc:24:de:d1:e9:a1:8f:67:db:06:05:a2:ee:
         a8:4e:f3:71:51:44:54:3a:60:29:17:2a:82:8c:43:63:48:17:
         5c:59:21:8a:3f:9e:88:2b:c4:40:49:69:46:83:fd:a7:94:a2:
         70:6c:f5:fe:dc:f7:be:4a:53:cb:57:32:3f:b6:f9:32:02:26:
         fb:3b:4d:0f:78:52:d1:a7:1c:11:27:30:b3:f7:fb:05:1f:4a:
         fb:5b:5e:76:71:b2:6d:85:b2:97:a6:21:2b:e5:2e:eb:0d:f5:
         a0:b2:3c:f5:d3:c9:50:58:e1:09:62:cc:e6:18:c2:a6:37:8b:
         1e:34:6b:b4:0e:fc:45:5e:9f:10:1d:ca:c5:71:5d:3f:93:b0:
         84:ca:dd:cd:6f:61:58:7a:49:a1:a8:6c:e5:52:bf:2b:e0:a6:
         7f:3d:ae:3e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZvlHb9ZXbBkNMQ4IK4XfBjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZjBiYTU5YjFjNzZjZjIwZGM0MzgyZTVhMjg1NGQ3MTQy
YzI2YmEwHhcNMjYwMTIyMDk1MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGY4ZGY1YTc4NmQyMzljMjM4OWQ4MTdhMDUzY2QyOTk5NzY4Njg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd9I5Xjv4gTFePytnZxXCRrYIpxO
qlaW4wyr7dhaFURUyeOcfym/vg9A+zeX8i4Fb2zIhX0QX8dbF5zy9Q5phievuOpH
47iSSqsqH948wtK7ycSV3ZD3cQJTxefGrNfC2xZZyCD513ji1/6vA/QVo9CPA4D7
/kfVVNKBDDLzsfptFynD0jQ7FaIbX3Zk5aK2zLImWZ388cnBVqb8Mdjntpo0uYy4
c7wvgVGbTlt/NxNmWB6kbHCl+67NzRvApWR9He7kcjr+2RkrQAbnDZ9btASz1YmH
4eZZC6++3mDoQxwJ5eVyc8LWHUgvcnjSeQFQbGb+U8JBD7UWCqb6zOmYewIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJ3431p4bSOcI4nYF6BTzSmZdoaJMB8GA1UdIwQY
MBaAFAfwulmxx2zyDcQ4LlooVNcULCa6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTkt
MjIwMGIzY2M1N2U2LzEvbmZqZlduaHRJNXdqaWRnWG9GUE5LWmwyaG9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC8yOTZhNzgtMDFlMi00OTZkLWJhNTktMjIwMGIzY2M1N2U2
LzEvQl9DNldiSEhiUElOeERndVdpaFUxeFFzSnJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKhQABgAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCqBIGdNcMEmW1il9EcjQ+UDg+eekRNcWCZd9fM
DTWBCf50UN9lIhKN8vz8E0GNnllRFGyuUDF5JsZ66I9IoYaz6fbGyGO9nK46wCHS
XdkcmQdr7MDcnaLsvDqYbvupGvwk3tHpoY9n2wYFou6oTvNxUURUOmApFyqCjENj
SBdcWSGKP56IK8RASWlGg/2nlKJwbPX+3Pe+SlPLVzI/tvkyAib7O00PeFLRpxwR
JzCz9/sFH0r7W152cbJthbKXpiEr5S7rDfWgsjz108lQWOEJYszmGMKmN4seNGu0
DvxFXp8QHcrFcV0/k7CEyt3Nb2FYekmhqGzlUr8r4KZ/Pa4+
-----END CERTIFICATE-----