Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/1ZSlZp8Pb29fgzIVq0Xf5BVabwc.roa
File:                     1ZSlZp8Pb29fgzIVq0Xf5BVabwc.roa (raw, json)
Hash identifier:          Fhk9zgQnXWaUZjAp1jtrqS1/0PfYFEN/wvAhiUGmdkE=
Subject key identifier:   D5:94:A5:66:9F:0F:6F:6F:5F:83:32:15:AB:45:DF:E4:15:5A:6F:07
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019D3EAD85B2043CE805F11EC2B5BAF110E1
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/1ZSlZp8Pb29fgzIVq0Xf5BVabwc.roa
Signing time:             Mon 30 Mar 2026 12:17:32 +0000
ROA not before:           Mon 30 Mar 2026 12:17:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200182
IP address blocks:        2a14:ae00:f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:3e:ad:85:b2:04:3c:e8:05:f1:1e:c2:b5:ba:f1:10:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: Mar 30 12:17:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d594a5669f0f6f6f5f833215ab45dfe4155a6f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e4:ac:2a:5b:5c:d7:b1:2f:31:0a:6c:ce:21:
                    25:9e:09:f5:bd:c9:4b:26:4d:8d:f1:e2:d3:b1:c3:
                    a9:d1:3d:f9:d6:e9:be:27:23:b7:c3:bb:b1:35:36:
                    be:16:e5:97:33:86:23:20:0d:d7:5a:cf:e9:3a:c5:
                    81:bd:66:b4:1f:86:46:7d:26:98:38:28:cb:af:9e:
                    35:89:df:96:33:a3:c3:07:f0:23:3a:94:b3:25:32:
                    1d:0d:59:de:6c:4f:53:73:ca:60:c7:a5:3f:53:35:
                    bd:0c:84:49:3f:ac:cd:24:ab:98:fc:96:05:79:21:
                    17:dd:9b:9f:73:3d:5d:2b:52:3c:48:18:4e:1b:ae:
                    b3:c1:c1:83:b2:ed:27:54:41:08:bc:6c:10:86:b3:
                    f8:b7:f8:82:a5:10:6e:2f:cf:ae:e3:96:8f:f6:92:
                    ef:5d:bd:7e:49:4f:e8:e9:05:fa:52:ae:3d:1b:ce:
                    02:28:99:e5:81:93:40:c5:e7:34:0b:ec:c9:1a:2c:
                    cb:4e:09:01:02:6c:f0:51:ea:d7:af:03:0e:d3:7d:
                    f4:e8:ac:e8:2c:5c:79:8d:b3:f9:0a:1d:72:c4:d1:
                    45:b2:ff:35:46:29:67:a8:cd:1f:89:2c:68:2a:19:
                    58:e6:21:49:f6:f1:1a:25:33:37:9d:d9:a3:d9:98:
                    93:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:94:A5:66:9F:0F:6F:6F:5F:83:32:15:AB:45:DF:E4:15:5A:6F:07
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/1ZSlZp8Pb29fgzIVq0Xf5BVabwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:f::/48

    Signature Algorithm: sha256WithRSAEncryption
         2d:17:7f:ed:db:15:d3:d0:33:cb:96:92:a6:c5:bb:1a:eb:15:
         e7:a3:bd:be:07:52:c2:b0:66:bb:1a:c4:18:bc:33:b7:b2:0c:
         4d:1b:0b:e8:bc:9d:e9:cd:70:66:4d:bd:2f:3c:58:41:0f:46:
         35:91:94:bb:17:76:7e:c7:fd:bc:de:04:32:5b:c7:4b:56:b8:
         b0:24:9a:9d:61:a5:f0:56:37:0b:52:63:3c:bb:8c:d5:43:85:
         8d:d1:7f:2e:a1:44:a5:3f:1f:15:2d:42:e9:e8:0e:15:db:a7:
         b1:59:91:e0:e1:4a:24:0a:fa:9a:8f:47:e0:18:04:8a:ae:03:
         f5:13:fd:b0:4d:b8:9c:f4:37:a7:98:1e:7b:88:01:6b:17:c8:
         5d:24:2a:95:e7:09:f1:64:59:dc:da:7e:a8:6f:21:30:1e:99:
         75:72:c8:6e:eb:d7:7e:7a:9f:6f:98:9b:6e:be:f9:eb:f3:4a:
         a0:f0:94:f8:0e:42:33:95:71:13:3e:25:d0:ee:ce:2f:46:8d:
         3e:39:a7:ec:aa:e7:b9:9a:94:0e:1a:40:46:f3:05:be:36:a2:
         85:ee:fc:75:96:d4:47:30:54:84:3a:d5:05:fd:84:d0:0d:4b:
         68:eb:a9:be:c2:aa:ab:ac:5b:4d:78:87:07:95:9f:20:0f:c5:
         00:83:89:01
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ0+rYWyBDzoBfEewrW68RDhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwMzMwMTIxNzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTk0YTU2NjlmMGY2ZjZmNWY4MzMyMTVhYjQ1ZGZlNDE1NWE2ZjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuSsKltc17EvMQpsziElngn1vclL
Jk2N8eLTscOp0T351um+JyO3w7uxNTa+FuWXM4YjIA3XWs/pOsWBvWa0H4ZGfSaY
OCjLr541id+WM6PDB/AjOpSzJTIdDVnebE9Tc8pgx6U/UzW9DIRJP6zNJKuY/JYF
eSEX3Zufcz1dK1I8SBhOG66zwcGDsu0nVEEIvGwQhrP4t/iCpRBuL8+u45aP9pLv
Xb1+SU/o6QX6Uq49G84CKJnlgZNAxec0C+zJGizLTgkBAmzwUerXrwMO03306Kzo
LFx5jbP5Ch1yxNFFsv81RilnqM0fiSxoKhlY5iFJ9vEaJTM3ndmj2ZiTHwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNWUpWafD29vX4MyFatF3+QVWm8HMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvMVpTbFpwOFBiMjlmZ3pJVnEwWGY1QlZhYndjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAAP
MA0GCSqGSIb3DQEBCwUAA4IBAQAtF3/t2xXT0DPLlpKmxbsa6xXno72+B1LCsGa7
GsQYvDO3sgxNGwvovJ3pzXBmTb0vPFhBD0Y1kZS7F3Z+x/283gQyW8dLVriwJJqd
YaXwVjcLUmM8u4zVQ4WN0X8uoUSlPx8VLULp6A4V26exWZHg4UokCvqaj0fgGASK
rgP1E/2wTbic9DenmB57iAFrF8hdJCqV5wnxZFnc2n6obyEwHpl1cshu69d+ep9v
mJtuvvnr80qg8JT4DkIzlXETPiXQ7s4vRo0+Oafsque5mpQOGkBG8wW+NqKF7vx1
ltRHMFSEOtUF/YTQDUto66m+wqqrrFtNeIcHlZ8gD8UAg4kB
-----END CERTIFICATE-----