Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/1GJLTD2q2LI7f0g0wLirVu1kitA.roa
File:                     1GJLTD2q2LI7f0g0wLirVu1kitA.roa (raw, json)
Hash identifier:          SCXmEszbZj/KleycKxx/iUkRFRTrEJdEV420wmdAqTA=
Subject key identifier:   D4:62:4B:4C:3D:AA:D8:B2:3B:7F:48:34:C0:B8:AB:56:ED:64:8A:D0
Certificate issuer:       /CN=68c7000f32467664ee8eed847ae012fc4318a029
Certificate serial:       019C99ADDD1E2A3F65578DD896F7C83C6C60
Authority key identifier: 68:C7:00:0F:32:46:76:64:EE:8E:ED:84:7A:E0:12:FC:43:18:A0:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/1GJLTD2q2LI7f0g0wLirVu1kitA.roa
Signing time:             Thu 26 Feb 2026 11:20:34 +0000
ROA not before:           Thu 26 Feb 2026 11:20:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213279
IP address blocks:        2a14:b400::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:99:ad:dd:1e:2a:3f:65:57:8d:d8:96:f7:c8:3c:6c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c7000f32467664ee8eed847ae012fc4318a029
        Validity
            Not Before: Feb 26 11:20:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d4624b4c3daad8b23b7f4834c0b8ab56ed648ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:ca:de:d7:79:d9:44:e7:1e:94:17:80:42:fb:
                    e1:b8:d8:8d:a4:20:d9:af:43:d4:73:00:9b:1e:9f:
                    cf:ad:4e:f5:19:9e:fb:e9:18:53:a7:07:60:31:45:
                    5f:ea:e7:5d:29:49:4b:c7:0f:75:71:f9:6b:2e:32:
                    94:15:23:ba:46:8c:8e:0a:28:53:c9:80:82:ef:87:
                    6b:fd:29:b3:ae:11:6e:a9:d5:77:bf:44:82:82:52:
                    d6:bc:ba:97:f8:f5:80:be:a1:06:72:a4:b8:06:2c:
                    fc:8d:a2:1f:6f:c0:79:a9:ca:e9:9c:6b:29:fb:f5:
                    71:60:d4:36:f4:37:91:9e:23:80:65:88:a6:b5:29:
                    c4:7d:be:fd:96:79:5e:30:c8:27:54:25:a6:1c:62:
                    eb:58:30:30:32:f2:fc:25:44:a7:fa:92:cc:d4:93:
                    30:d0:27:13:2a:ca:87:d4:0c:72:92:64:36:89:30:
                    5a:d7:8d:22:70:ec:a8:32:1b:5e:a8:87:97:75:49:
                    67:46:2b:32:07:de:f9:b0:86:ae:b7:90:98:64:90:
                    ce:b8:0e:b8:37:0d:23:b8:3d:2b:1b:e2:3d:18:e7:
                    7d:bf:6a:ee:86:a3:62:fa:57:e2:ed:60:a9:13:00:
                    47:1e:72:7f:64:ae:a8:c7:12:d7:26:5e:af:f7:80:
                    35:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:62:4B:4C:3D:AA:D8:B2:3B:7F:48:34:C0:B8:AB:56:ED:64:8A:D0
            X509v3 Authority Key Identifier:
                keyid:68:C7:00:0F:32:46:76:64:EE:8E:ED:84:7A:E0:12:FC:43:18:A0:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMcADzJGdmTuju2EeuAS_EMYoCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/1GJLTD2q2LI7f0g0wLirVu1kitA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/fd4fab-e061-4168-b4a2-6db87478c9da/1/aMcADzJGdmTuju2EeuAS_EMYoCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:b400::/29

    Signature Algorithm: sha256WithRSAEncryption
         0c:08:31:a0:0b:4f:03:44:2b:07:4d:92:bb:08:5c:0e:86:4a:
         4a:88:cc:e7:f8:86:50:90:e5:16:53:66:1c:e5:46:10:0b:59:
         73:09:3d:84:0d:b7:a6:90:5b:5b:b6:85:56:0b:c7:6e:82:7a:
         99:ea:ef:34:30:df:aa:30:05:a0:21:b6:50:17:5f:01:41:55:
         14:c0:59:56:48:11:d6:2e:c3:f0:48:64:37:f5:de:88:6c:61:
         88:93:f8:70:da:69:5a:40:2d:b7:79:ec:9b:a3:4c:72:3d:68:
         2e:ea:1d:48:ae:0f:2c:68:1b:06:97:bf:36:9c:7c:d6:61:ee:
         bf:db:d6:9f:ab:a7:18:af:4e:44:b5:96:38:8a:53:52:6c:ed:
         c2:fc:b6:7d:4b:ae:35:57:65:bd:24:a1:13:56:2f:e6:17:69:
         84:11:24:93:11:3a:da:82:42:01:c6:19:8e:e9:2a:f3:5f:1b:
         da:c2:2f:cf:44:2b:82:7f:a7:57:cf:a2:19:19:48:89:eb:a2:
         b6:18:f7:a9:eb:cf:4d:7b:0d:46:8b:4a:4e:78:cb:a5:d6:fb:
         ab:ae:94:b2:e4:28:61:2a:ce:e7:41:1c:a0:75:62:72:f6:05:
         bc:4c:18:66:81:5f:f9:d7:d4:9f:8c:76:a1:60:49:4c:15:02:
         1f:b8:6e:92
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZyZrd0eKj9lV43YlvfIPGxgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzcwMDBmMzI0Njc2NjRlZThlZWQ4NDdhZTAxMmZjNDMx
OGEwMjkwHhcNMjYwMjI2MTEyMDM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDYyNGI0YzNkYWFkOGIyM2I3ZjQ4MzRjMGI4YWI1NmVkNjQ4YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAycre13nZROcelBeAQvvhuNiNpCDZ
r0PUcwCbHp/PrU71GZ776RhTpwdgMUVf6uddKUlLxw91cflrLjKUFSO6RoyOCihT
yYCC74dr/SmzrhFuqdV3v0SCglLWvLqX+PWAvqEGcqS4Biz8jaIfb8B5qcrpnGsp
+/VxYNQ29DeRniOAZYimtSnEfb79lnleMMgnVCWmHGLrWDAwMvL8JUSn+pLM1JMw
0CcTKsqH1AxykmQ2iTBa140icOyoMhteqIeXdUlnRisyB975sIaut5CYZJDOuA64
Nw0juD0rG+I9GOd9v2ruhqNi+lfi7WCpEwBHHnJ/ZK6oxxLXJl6v94A19wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNRiS0w9qtiyO39INMC4q1btZIrQMB8GA1UdIwQY
MBaAFGjHAA8yRnZk7o7thHrgEvxDGKApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1jQUR6SkdkbVR1anUyRWV1QVNfRU1Zb0NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9mZDRmYWItZTA2MS00MTY4LWI0YTIt
NmRiODc0NzhjOWRhLzEvMUdKTFREMnEyTEk3ZjBnMHdMaXJWdTFraXRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9mZDRmYWItZTA2MS00MTY4LWI0YTItNmRiODc0NzhjOWRh
LzEvYU1jQUR6SkdkbVR1anUyRWV1QVNfRU1Zb0NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhS0ADAN
BgkqhkiG9w0BAQsFAAOCAQEADAgxoAtPA0QrB02SuwhcDoZKSojM5/iGUJDlFlNm
HOVGEAtZcwk9hA23ppBbW7aFVgvHboJ6mervNDDfqjAFoCG2UBdfAUFVFMBZVkgR
1i7D8EhkN/XeiGxhiJP4cNppWkAtt3nsm6NMcj1oLuodSK4PLGgbBpe/Npx81mHu
v9vWn6unGK9ORLWWOIpTUmztwvy2fUuuNVdlvSShE1Yv5hdphBEkkxE62oJCAcYZ
jukq818b2sIvz0Qrgn+nV8+iGRlIieuithj3qevPTXsNRotKTnjLpdb7q66UsuQo
YSrO50EcoHVicvYFvEwYZoFf+dfUn4x2oWBJTBUCH7hukg==
-----END CERTIFICATE-----