Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/hBYMpOiwx939MIxYETSVpypgnWU.roa
File:                     hBYMpOiwx939MIxYETSVpypgnWU.roa (raw, json)
Hash identifier:          VYu4jP7LA16518TTkGafdx1wEfQ7qeulsxq1ASMUCmw=
Subject key identifier:   84:16:0C:A4:E8:B0:C7:DD:FD:30:8C:58:11:34:95:A7:2A:60:9D:65
Certificate issuer:       /CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
Certificate serial:       019D96714C23AD67187382846ABAA78B43C8
Authority key identifier: CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/hBYMpOiwx939MIxYETSVpypgnWU.roa
Signing time:             Thu 16 Apr 2026 13:18:20 +0000
ROA not before:           Thu 16 Apr 2026 13:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198883
IP address blocks:        2a14:a087:3::/48 maxlen: 48
                          2a14:a087:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:71:4c:23:ad:67:18:73:82:84:6a:ba:a7:8b:43:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca6441d9d807e0d78ce75213a103400ee14a7cdc
        Validity
            Not Before: Apr 16 13:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=84160ca4e8b0c7ddfd308c58113495a72a609d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a4:09:c0:93:29:09:67:d1:38:c2:34:4e:61:
                    36:6f:84:08:df:bc:79:71:77:96:c7:d8:05:cc:f4:
                    2b:cf:f3:a5:1c:3f:40:52:78:e2:1b:30:b3:66:37:
                    91:dd:f3:7a:93:47:4e:76:1c:13:a0:73:bb:5f:61:
                    83:d1:0b:c6:bc:bf:7d:44:1b:2f:5f:e3:1e:4b:0a:
                    b5:97:58:82:6e:05:1a:bf:c7:d3:ee:02:df:5f:02:
                    35:c0:d1:51:c9:bb:38:dd:46:c9:e5:ed:ec:ab:92:
                    b4:cf:d0:0f:4c:06:53:00:e6:1b:fa:ad:ae:06:53:
                    18:54:3d:84:af:44:6d:37:78:86:ae:fc:8d:dc:ee:
                    43:89:61:49:9d:8b:ad:d0:8a:80:30:63:b3:5a:dd:
                    10:d3:a5:eb:a2:85:9f:27:f1:cd:76:56:f6:df:a8:
                    56:cf:60:77:19:bc:f2:6c:60:a9:9a:25:6b:c3:34:
                    b3:ac:3d:39:db:07:cd:d4:c2:45:ef:c5:00:13:c3:
                    39:8f:0c:59:44:5a:2e:55:3c:8a:de:c8:5f:33:e8:
                    48:b2:ef:1d:8b:44:bc:c8:76:b3:ea:d5:98:1d:c6:
                    80:18:8f:2e:1c:43:8e:90:ec:b6:56:9d:df:c1:c6:
                    17:e7:63:cf:cf:b9:8c:c5:f3:0d:71:6b:68:83:c9:
                    c5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:16:0C:A4:E8:B0:C7:DD:FD:30:8C:58:11:34:95:A7:2A:60:9D:65
            X509v3 Authority Key Identifier:
                keyid:CA:64:41:D9:D8:07:E0:D7:8C:E7:52:13:A1:03:40:0E:E1:4A:7C:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ymRB2dgH4NeM51IToQNADuFKfNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/hBYMpOiwx939MIxYETSVpypgnWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/9947b6-34bc-477e-8816-2e28b96498a9/1/ymRB2dgH4NeM51IToQNADuFKfNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:a087:3::-2a14:a087:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         6c:cc:03:37:49:9a:85:02:ac:39:cb:93:ee:93:48:3f:c7:6b:
         36:c8:3b:75:f4:32:de:ea:5f:e9:24:27:68:0b:bf:43:ec:44:
         48:1b:6a:f2:fa:5e:57:4f:11:fa:15:11:48:c2:c9:d2:bb:2f:
         13:44:91:2b:7c:64:e6:bb:31:e7:a6:9e:86:98:40:53:15:82:
         86:8f:3d:9d:84:11:bf:65:4d:93:43:f8:8e:f4:48:d0:c8:6b:
         61:16:30:2f:3a:43:89:73:a7:cd:d9:b0:98:0a:1b:d6:ed:7c:
         8a:57:31:c6:c6:69:71:28:8c:b0:48:95:80:4e:2e:bc:ba:3f:
         5b:51:1f:6e:4d:0b:b5:63:1e:3c:64:fc:88:00:83:49:40:f4:
         f5:54:34:d3:4e:c9:be:e9:ea:6a:41:12:62:83:c1:79:a5:03:
         f5:d6:e0:8d:ce:84:1f:cc:ae:99:0b:8d:72:0e:8e:f0:27:78:
         7d:cb:7e:0c:16:cf:dd:9c:43:85:65:48:15:6e:fd:fc:bb:99:
         5d:79:34:ae:be:85:f6:13:15:4e:93:2d:aa:ad:5a:39:69:0c:
         44:af:5f:af:14:c5:a3:25:a8:c8:bf:cd:75:62:89:f8:99:da:
         a6:15:04:76:cc:93:40:04:5e:bc:b3:ce:2f:ae:f3:d8:5a:7b:
         08:af:06:3a
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ2WcUwjrWcYc4KEarqni0PIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhNjQ0MWQ5ZDgwN2UwZDc4Y2U3NTIxM2ExMDM0MDBlZTE0
YTdjZGMwHhcNMjYwNDE2MTMxODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDE2MGNhNGU4YjBjN2RkZmQzMDhjNTgxMTM0OTVhNzJhNjA5ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp6QJwJMpCWfROMI0TmE2b4QI37x5
cXeWx9gFzPQrz/OlHD9AUnjiGzCzZjeR3fN6k0dOdhwToHO7X2GD0QvGvL99RBsv
X+MeSwq1l1iCbgUav8fT7gLfXwI1wNFRybs43UbJ5e3sq5K0z9APTAZTAOYb+q2u
BlMYVD2Er0RtN3iGrvyN3O5DiWFJnYut0IqAMGOzWt0Q06XrooWfJ/HNdlb236hW
z2B3GbzybGCpmiVrwzSzrD052wfN1MJF78UAE8M5jwxZRFouVTyK3shfM+hIsu8d
i0S8yHaz6tWYHcaAGI8uHEOOkOy2Vp3fwcYX52PPz7mMxfMNcWtog8nFYwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIQWDKTosMfd/TCMWBE0lacqYJ1lMB8GA1UdIwQY
MBaAFMpkQdnYB+DXjOdSE6EDQA7hSnzcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYt
MmUyOGI5NjQ5OGE5LzEvaEJZTXBPaXd4OTM5TUl4WUVUU1ZweXBnbldVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC85OTQ3YjYtMzRiYy00NzdlLTg4MTYtMmUyOGI5NjQ5OGE5
LzEveW1SQjJkZ0g0TmVNNTFJVG9RTkFEdUZLZk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwAqFKCH
AAMDBwAqFKCHAAQwDQYJKoZIhvcNAQELBQADggEBAGzMAzdJmoUCrDnLk+6TSD/H
azbIO3X0Mt7qX+kkJ2gLv0PsREgbavL6XldPEfoVEUjCydK7LxNEkSt8ZOa7Meem
noaYQFMVgoaPPZ2EEb9lTZND+I70SNDIa2EWMC86Q4lzp83ZsJgKG9btfIpXMcbG
aXEojLBIlYBOLry6P1tRH25NC7VjHjxk/IgAg0lA9PVUNNNOyb7p6mpBEmKDwXml
A/XW4I3OhB/MrpkLjXIOjvAneH3LfgwWz92cQ4VlSBVu/fy7mV15NK6+hfYTFU6T
LaqtWjlpDESvX68UxaMlqMi/zXViifiZ2qYVBHbMk0AEXryzzi+u89haewivBjo=
-----END CERTIFICATE-----