Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/gxyLL0IGyiMhhjpj3sLlr_mH5w4.roa
File:                     gxyLL0IGyiMhhjpj3sLlr_mH5w4.roa (raw, json)
Hash identifier:          SKKXshDDRLboHf4aa83YEQ13wtjAdxCRnTQaiwngbtU=
Subject key identifier:   83:1C:8B:2F:42:06:CA:23:21:86:3A:63:DE:C2:E5:AF:F9:87:E7:0E
Certificate issuer:       /CN=8d3526bb31b9e30c49045f4368c602ee98bec01a
Certificate serial:       019B76EB024490C261681F35F804835E099A
Authority key identifier: 8D:35:26:BB:31:B9:E3:0C:49:04:5F:43:68:C6:02:EE:98:BE:C0:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jTUmuzG54wxJBF9DaMYC7pi-wBo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/gxyLL0IGyiMhhjpj3sLlr_mH5w4.roa
Signing time:             Thu 01 Jan 2026 00:17:51 +0000
ROA not before:           Thu 01 Jan 2026 00:17:51 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207277
IP address blocks:        2a14:2780::/48 maxlen: 48
                          2a14:2780:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/jTUmuzG54wxJBF9DaMYC7pi-wBo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/jTUmuzG54wxJBF9DaMYC7pi-wBo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jTUmuzG54wxJBF9DaMYC7pi-wBo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:76:eb:02:44:90:c2:61:68:1f:35:f8:04:83:5e:09:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3526bb31b9e30c49045f4368c602ee98bec01a
        Validity
            Not Before: Jan  1 00:17:51 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=831c8b2f4206ca2321863a63dec2e5aff987e70e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fa:37:3a:77:b5:ed:95:c7:51:5e:5c:79:e8:
                    3a:30:f1:9e:28:ae:83:bb:fe:2e:e6:6a:e1:88:94:
                    00:b7:6f:ab:e2:b7:a7:7f:68:3e:a0:d1:e4:1b:01:
                    66:cb:59:17:6d:62:8f:9d:e4:a2:c3:33:a3:ce:16:
                    1f:34:0a:13:99:26:90:60:90:dc:c7:54:bd:47:3c:
                    94:d9:26:51:60:81:87:54:81:3c:62:25:9b:4c:ae:
                    24:c6:fa:a5:59:d9:99:a7:63:50:41:a4:7e:9b:2d:
                    59:50:7e:93:ac:01:48:bd:c2:10:ed:47:c4:dc:a7:
                    58:77:5b:9d:59:fd:08:c6:fb:10:7d:f9:a5:a8:98:
                    1f:ee:b5:e3:a1:07:25:3f:ab:98:c2:a6:6f:5a:68:
                    d4:7e:74:27:55:4a:1a:95:f1:a8:5b:81:c7:e0:28:
                    ab:8d:0d:c1:ae:21:35:93:c4:ad:93:89:dd:44:62:
                    c0:8c:d3:5e:ca:76:2a:f8:c3:3c:1a:88:f9:e0:13:
                    75:df:27:46:a8:85:55:c9:f0:cf:5c:83:2a:57:c5:
                    0f:8a:11:8a:27:78:d4:91:6c:c4:83:f5:69:6b:c9:
                    1b:23:38:8d:a2:80:a4:b6:a4:a6:4a:0e:ee:06:d1:
                    6f:06:f6:6b:dd:20:d4:5d:2f:82:4a:23:ec:a4:cd:
                    b9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:1C:8B:2F:42:06:CA:23:21:86:3A:63:DE:C2:E5:AF:F9:87:E7:0E
            X509v3 Authority Key Identifier:
                keyid:8D:35:26:BB:31:B9:E3:0C:49:04:5F:43:68:C6:02:EE:98:BE:C0:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jTUmuzG54wxJBF9DaMYC7pi-wBo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/gxyLL0IGyiMhhjpj3sLlr_mH5w4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1a4b21-fda3-4c8a-aee0-7253da3510ee/1/jTUmuzG54wxJBF9DaMYC7pi-wBo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:2780::/47

    Signature Algorithm: sha256WithRSAEncryption
         3f:be:09:a4:13:68:d3:bb:5c:c3:ff:80:ac:53:08:9c:d6:47:
         39:f3:bd:dd:08:bd:fe:23:80:a3:67:29:b3:5f:fb:42:f9:bb:
         94:4f:f4:4a:db:ce:6f:0a:02:eb:39:ef:d9:7f:6a:41:79:cc:
         80:0f:e2:35:b8:99:b0:a7:36:7e:f0:32:e7:f2:9e:de:00:97:
         16:bf:0d:f3:4c:8f:e6:74:4b:9d:13:e6:73:48:ea:df:e5:44:
         dc:a7:2f:2c:19:fe:34:41:43:78:04:c4:62:ab:53:3e:09:96:
         66:5f:21:d5:f7:1b:ae:72:fd:d2:a1:23:07:ca:d5:37:a8:7e:
         3b:cf:63:eb:70:53:8a:a1:22:37:1b:5a:2d:dc:99:0b:30:57:
         20:af:8b:20:cb:c3:7f:41:a6:4f:7a:ee:18:7e:54:a7:14:6e:
         a7:c2:61:3c:c0:be:6d:3f:ce:de:2f:e3:6e:98:17:ec:d9:74:
         28:48:c0:c1:41:36:46:84:78:62:ba:43:cb:0e:09:a5:59:90:
         17:06:a4:3e:9b:a5:df:57:ba:a7:54:00:28:58:4b:f9:76:90:
         91:d6:78:e7:6d:7e:73:b3:22:9a:0e:be:ac:15:43:27:6f:91:
         85:98:9d:05:ad:ce:b3:e3:b5:1c:85:ad:ec:ef:72:1e:99:68:
         35:13:2f:65
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt26wJEkMJhaB81+ASDXgmaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMzUyNmJiMzFiOWUzMGM0OTA0NWY0MzY4YzYwMmVlOThi
ZWMwMWEwHhcNMjYwMTAxMDAxNzUxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzFjOGIyZjQyMDZjYTIzMjE4NjNhNjNkZWMyZTVhZmY5ODdlNzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoPo3One17ZXHUV5ceeg6MPGeKK6D
u/4u5mrhiJQAt2+r4renf2g+oNHkGwFmy1kXbWKPneSiwzOjzhYfNAoTmSaQYJDc
x1S9RzyU2SZRYIGHVIE8YiWbTK4kxvqlWdmZp2NQQaR+my1ZUH6TrAFIvcIQ7UfE
3KdYd1udWf0IxvsQffmlqJgf7rXjoQclP6uYwqZvWmjUfnQnVUoalfGoW4HH4Cir
jQ3BriE1k8Stk4ndRGLAjNNeynYq+MM8Goj54BN13ydGqIVVyfDPXIMqV8UPihGK
J3jUkWzEg/Vpa8kbIziNooCktqSmSg7uBtFvBvZr3SDUXS+CSiPspM25RQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIMciy9CBsojIYY6Y97C5a/5h+cOMB8GA1UdIwQY
MBaAFI01JrsxueMMSQRfQ2jGAu6YvsAaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalRVbXV6RzU0d3hKQkY5RGFNWUM3cGktd0JvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYTRiMjEtZmRhMy00YzhhLWFlZTAt
NzI1M2RhMzUxMGVlLzEvZ3h5TEwwSUd5aU1oaGpwajNzTGxyX21INXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYTRiMjEtZmRhMy00YzhhLWFlZTAtNzI1M2RhMzUxMGVl
LzEvalRVbXV6RzU0d3hKQkY5RGFNWUM3cGktd0JvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhQngAAA
MA0GCSqGSIb3DQEBCwUAA4IBAQA/vgmkE2jTu1zD/4CsUwic1kc5873dCL3+I4Cj
ZymzX/tC+buUT/RK285vCgLrOe/Zf2pBecyAD+I1uJmwpzZ+8DLn8p7eAJcWvw3z
TI/mdEudE+ZzSOrf5UTcpy8sGf40QUN4BMRiq1M+CZZmXyHV9xuucv3SoSMHytU3
qH47z2PrcFOKoSI3G1ot3JkLMFcgr4sgy8N/QaZPeu4YflSnFG6nwmE8wL5tP87e
L+NumBfs2XQoSMDBQTZGhHhiukPLDgmlWZAXBqQ+m6XfV7qnVAAoWEv5dpCR1njn
bX5zsyKaDr6sFUMnb5GFmJ0Frc6z47Ucha3s73IemWg1Ey9l
-----END CERTIFICATE-----