Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JFbIS27IKVFB-sXMdYdpnlEymqA.roa
File:                     JFbIS27IKVFB-sXMdYdpnlEymqA.roa (raw, json)
Hash identifier:          y1iRyb0r9qXHHkGFrahYiSMyCM8wsIM4hJtuQx44zzA=
Subject key identifier:   24:56:C8:4B:6E:C8:29:51:41:FA:C5:CC:75:87:69:9E:51:32:9A:A0
Certificate issuer:       /CN=256065b6166aef96fcff3a2ea56fdffd390f3166
Certificate serial:       019A07B217836DAF0311DC15E52DA0C9B8BE
Authority key identifier: 25:60:65:B6:16:6A:EF:96:FC:FF:3A:2E:A5:6F:DF:FD:39:0F:31:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JFbIS27IKVFB-sXMdYdpnlEymqA.roa
Signing time:             Tue 21 Oct 2025 16:55:03 +0000
ROA not before:           Tue 21 Oct 2025 16:55:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215638
IP address blocks:        2a14:f700::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:b2:17:83:6d:af:03:11:dc:15:e5:2d:a0:c9:b8:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=256065b6166aef96fcff3a2ea56fdffd390f3166
        Validity
            Not Before: Oct 21 16:55:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2456c84b6ec8295141fac5cc7587699e51329aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:4f:d0:d0:c8:b3:4e:45:42:95:37:ea:2b:cf:
                    54:29:31:6d:fa:ea:6e:f0:66:25:20:de:92:29:b8:
                    5c:92:32:56:90:b3:d1:d1:ac:c4:55:41:ce:e5:f6:
                    85:a7:69:22:07:6e:e9:26:84:fc:cc:9e:b6:33:9e:
                    ad:34:4b:5c:c0:49:e9:6d:e5:0a:7c:5c:ed:78:f3:
                    82:d5:a1:49:74:3b:ed:9f:00:c9:fe:24:0c:0a:89:
                    85:66:46:c4:8b:61:5e:85:fb:f5:38:b1:3c:ea:79:
                    3f:88:a3:db:5c:ed:e1:bb:dd:a1:ad:43:0f:f3:1d:
                    f3:4d:b6:7c:59:b2:f6:bf:38:a4:48:03:f0:bf:93:
                    a0:6c:2d:28:58:68:a8:ab:83:fc:96:f0:76:2b:37:
                    7a:cc:94:6f:97:45:8c:9b:d7:41:27:82:5b:bd:c8:
                    68:7f:54:61:5d:2a:ca:b2:1e:2e:4a:b6:21:90:79:
                    0f:df:99:4f:ba:82:75:29:44:4b:76:d6:64:6e:2d:
                    df:2c:36:fa:9d:a1:c1:be:5d:3e:1a:aa:bf:cb:a2:
                    ec:f2:da:62:1d:95:2b:10:f2:38:85:5f:ba:cb:c8:
                    26:16:cc:b2:00:32:86:19:04:84:a7:02:ab:53:37:
                    8d:3f:e3:02:4f:73:85:4b:7f:35:ad:e1:90:c4:5e:
                    72:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:56:C8:4B:6E:C8:29:51:41:FA:C5:CC:75:87:69:9E:51:32:9A:A0
            X509v3 Authority Key Identifier:
                keyid:25:60:65:B6:16:6A:EF:96:FC:FF:3A:2E:A5:6F:DF:FD:39:0F:31:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JWBlthZq75b8_zoupW_f_TkPMWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JFbIS27IKVFB-sXMdYdpnlEymqA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/8cdc48-2822-4599-bb69-8c456af6b6bb/1/JWBlthZq75b8_zoupW_f_TkPMWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:f700::/29

    Signature Algorithm: sha256WithRSAEncryption
         81:8a:ea:b5:1b:68:47:2e:c6:8e:a8:8f:ff:df:c8:d4:3b:de:
         ff:81:d0:bd:3f:bc:4c:4f:75:61:94:a8:2f:db:99:77:d6:50:
         89:e3:11:6b:58:84:2f:32:2f:47:19:16:00:8c:b2:dc:32:8b:
         96:3f:1a:01:87:21:aa:37:7f:7c:fd:f3:7f:4f:a3:16:06:d3:
         f2:d9:eb:e8:72:06:39:d0:b9:50:05:f6:1a:f4:63:2d:72:e6:
         7e:d1:58:d5:c0:27:b8:2b:a3:b3:70:ee:f0:5b:c5:d9:89:df:
         0a:51:cf:18:12:30:b8:01:1a:b5:aa:bf:45:7c:d0:1c:9e:e4:
         26:22:97:63:11:03:63:7f:6c:dc:6d:e8:79:0a:15:5f:c9:8c:
         53:db:8b:54:b8:a9:0e:a6:81:59:d1:b2:c5:ef:c1:53:38:1b:
         b2:13:d2:7a:c6:a1:4c:78:33:c9:68:ca:bc:1e:40:02:55:73:
         2d:88:ad:51:4c:95:72:45:67:bd:8e:55:f0:12:21:36:58:22:
         2a:89:c8:fc:18:93:63:7f:ec:c7:43:ae:92:d5:d1:a8:45:85:
         28:b0:81:20:25:73:87:2a:8e:0f:98:6d:32:2e:d5:f7:ec:f6:
         67:ee:0b:a9:ea:8d:5b:ff:75:60:5b:4c:a2:8a:c2:00:e1:61:
         f8:6c:3b:40
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZoHsheDba8DEdwV5S2gybi+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1NjA2NWI2MTY2YWVmOTZmY2ZmM2EyZWE1NmZkZmZkMzkw
ZjMxNjYwHhcNMjUxMDIxMTY1NTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDU2Yzg0YjZlYzgyOTUxNDFmYWM1Y2M3NTg3Njk5ZTUxMzI5YWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj0/Q0MizTkVClTfqK89UKTFt+upu
8GYlIN6SKbhckjJWkLPR0azEVUHO5faFp2kiB27pJoT8zJ62M56tNEtcwEnpbeUK
fFztePOC1aFJdDvtnwDJ/iQMComFZkbEi2Fehfv1OLE86nk/iKPbXO3hu92hrUMP
8x3zTbZ8WbL2vzikSAPwv5OgbC0oWGioq4P8lvB2Kzd6zJRvl0WMm9dBJ4Jbvcho
f1RhXSrKsh4uSrYhkHkP35lPuoJ1KURLdtZkbi3fLDb6naHBvl0+Gqq/y6Ls8tpi
HZUrEPI4hV+6y8gmFsyyADKGGQSEpwKrUzeNP+MCT3OFS381reGQxF5ysQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCRWyEtuyClRQfrFzHWHaZ5RMpqgMB8GA1UdIwQY
MBaAFCVgZbYWau+W/P86LqVv3/05DzFmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSldCbHRoWnE3NWI4X3pvdXBXX2ZfVGtQTVdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi84Y2RjNDgtMjgyMi00NTk5LWJiNjkt
OGM0NTZhZjZiNmJiLzEvSkZiSVMyN0lLVkZCLXNYTWRZZHBubEV5bXFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi84Y2RjNDgtMjgyMi00NTk5LWJiNjktOGM0NTZhZjZiNmJi
LzEvSldCbHRoWnE3NWI4X3pvdXBXX2ZfVGtQTVdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhT3ADAN
BgkqhkiG9w0BAQsFAAOCAQEAgYrqtRtoRy7GjqiP/9/I1Dve/4HQvT+8TE91YZSo
L9uZd9ZQieMRa1iELzIvRxkWAIyy3DKLlj8aAYchqjd/fP3zf0+jFgbT8tnr6HIG
OdC5UAX2GvRjLXLmftFY1cAnuCujs3Du8FvF2YnfClHPGBIwuAEataq/RXzQHJ7k
JiKXYxEDY39s3G3oeQoVX8mMU9uLVLipDqaBWdGyxe/BUzgbshPSesahTHgzyWjK
vB5AAlVzLYitUUyVckVnvY5V8BIhNlgiKonI/BiTY3/sx0OuktXRqEWFKLCBICVz
hyqOD5htMi7V9+z2Z+4LqeqNW/91YFtMoorCAOFh+Gw7QA==
-----END CERTIFICATE-----