Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/IbaW7xjndY6EP4RVlLBG-ZEnYYo.roa
File:                     IbaW7xjndY6EP4RVlLBG-ZEnYYo.roa (raw, json)
Hash identifier:          ysgDo6QmZenYrn+i6Pxn3RI9PAFzW45gWtKEwSVQWB4=
Subject key identifier:   21:B6:96:EF:18:E7:75:8E:84:3F:84:55:94:B0:46:F9:91:27:61:8A
Certificate issuer:       /CN=7ca598322a69905a5c6e0295a0ca1fb55666c14b
Certificate serial:       019D5A143177F0B37F4314531B067B8ED222
Authority key identifier: 7C:A5:98:32:2A:69:90:5A:5C:6E:02:95:A0:CA:1F:B5:56:66:C1:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fKWYMippkFpcbgKVoMoftVZmwUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/IbaW7xjndY6EP4RVlLBG-ZEnYYo.roa
Signing time:             Sat 04 Apr 2026 19:59:25 +0000
ROA not before:           Sat 04 Apr 2026 19:59:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215946
IP address blocks:        2a14:7100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/fKWYMippkFpcbgKVoMoftVZmwUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/fKWYMippkFpcbgKVoMoftVZmwUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fKWYMippkFpcbgKVoMoftVZmwUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:5a:14:31:77:f0:b3:7f:43:14:53:1b:06:7b:8e:d2:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ca598322a69905a5c6e0295a0ca1fb55666c14b
        Validity
            Not Before: Apr  4 19:59:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=21b696ef18e7758e843f845594b046f99127618a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:11:65:97:f0:bb:f7:7c:23:80:bb:4f:30:eb:
                    78:45:f8:0b:b6:bb:f2:3b:c8:06:2b:0a:f3:e4:e0:
                    f6:47:19:94:00:0e:5a:6b:33:96:21:df:95:af:3a:
                    ed:79:8f:32:b7:ed:72:49:bc:99:67:39:7a:46:6d:
                    e1:77:99:98:51:8e:4b:61:a2:2a:02:69:19:f7:f6:
                    9a:c6:40:07:89:f9:2c:1a:c5:a2:1e:75:cb:92:d0:
                    a9:30:46:78:22:55:f0:d6:e4:f0:5b:ef:00:be:ed:
                    1f:d8:bf:60:b9:47:40:10:a5:8c:b6:ce:0b:af:17:
                    66:50:ff:fc:67:8b:fe:7f:f2:13:f9:26:aa:f2:4e:
                    9b:41:33:32:05:85:ab:67:5c:66:bd:0f:39:9e:7f:
                    cb:22:b8:28:a3:f1:21:d0:1c:7d:51:72:b3:46:25:
                    83:4d:70:9e:4e:3d:25:6c:23:0a:5e:2e:1a:94:5a:
                    4a:13:d8:72:11:51:ea:40:76:41:02:22:c2:d9:ec:
                    88:7c:96:e7:de:16:58:2d:73:71:3f:ef:18:54:6c:
                    19:ba:62:66:12:a2:34:51:ea:9f:27:73:c2:dd:dc:
                    17:c4:9e:2a:b5:a3:c0:dd:6f:bf:db:d6:47:89:7d:
                    c4:c5:56:0c:a1:2c:42:70:80:83:d0:e6:90:62:a9:
                    f1:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:B6:96:EF:18:E7:75:8E:84:3F:84:55:94:B0:46:F9:91:27:61:8A
            X509v3 Authority Key Identifier:
                keyid:7C:A5:98:32:2A:69:90:5A:5C:6E:02:95:A0:CA:1F:B5:56:66:C1:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fKWYMippkFpcbgKVoMoftVZmwUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/IbaW7xjndY6EP4RVlLBG-ZEnYYo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/da66c0-b9f8-4094-a935-580d876885a1/1/fKWYMippkFpcbgKVoMoftVZmwUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7100::/29

    Signature Algorithm: sha256WithRSAEncryption
         66:55:6d:0e:10:82:fe:1d:bc:96:c0:55:18:ab:a8:8e:71:12:
         03:9d:04:db:b2:30:ec:6c:12:f6:23:41:74:f6:dd:2f:b5:83:
         a2:da:2b:f7:db:d5:e7:92:58:59:c4:68:da:38:ba:00:c3:f9:
         ad:e9:49:56:58:3c:1f:ce:c7:ac:07:59:34:74:37:0b:0c:ee:
         e5:68:fb:62:9d:81:cc:6f:63:e4:80:b1:12:03:bf:74:9c:cf:
         0f:3c:39:93:e3:c9:1d:58:c6:cd:38:36:28:a0:ce:63:de:8d:
         ad:98:0c:5b:a0:79:80:6e:61:4c:97:70:31:1a:ae:ed:67:fb:
         15:81:e3:30:2d:5e:e0:6a:5e:6b:30:f7:f5:02:9c:d0:90:55:
         2d:c8:6a:bb:d3:b0:b2:c0:97:f6:d6:1e:ce:86:c4:85:85:6c:
         6e:f6:a7:5d:2e:22:c7:fe:fd:85:a7:fe:47:0a:dd:34:94:3c:
         89:6c:57:12:3c:60:75:cb:8b:ea:eb:81:bb:f7:09:fd:75:e8:
         3b:ff:d1:17:9d:63:c9:07:31:60:ac:c8:97:46:96:a8:db:44:
         a5:ae:68:50:df:e2:4b:69:17:89:7d:4e:b2:28:0f:c4:5e:fc:
         76:15:61:93:bd:c7:b0:99:c6:71:0b:88:2c:fe:81:50:06:1b:
         2d:16:db:93
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ1aFDF38LN/QxRTGwZ7jtIiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjYTU5ODMyMmE2OTkwNWE1YzZlMDI5NWEwY2ExZmI1NTY2
NmMxNGIwHhcNMjYwNDA0MTk1OTI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWI2OTZlZjE4ZTc3NThlODQzZjg0NTU5NGIwNDZmOTkxMjc2MThhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxFll/C793wjgLtPMOt4RfgLtrvy
O8gGKwrz5OD2RxmUAA5aazOWId+VrzrteY8yt+1ySbyZZzl6Rm3hd5mYUY5LYaIq
AmkZ9/aaxkAHifksGsWiHnXLktCpMEZ4IlXw1uTwW+8Avu0f2L9guUdAEKWMts4L
rxdmUP/8Z4v+f/IT+Saq8k6bQTMyBYWrZ1xmvQ85nn/LIrgoo/Eh0Bx9UXKzRiWD
TXCeTj0lbCMKXi4alFpKE9hyEVHqQHZBAiLC2eyIfJbn3hZYLXNxP+8YVGwZumJm
EqI0UeqfJ3PC3dwXxJ4qtaPA3W+/29ZHiX3ExVYMoSxCcICD0OaQYqnxoQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCG2lu8Y53WOhD+EVZSwRvmRJ2GKMB8GA1UdIwQY
MBaAFHylmDIqaZBaXG4ClaDKH7VWZsFLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZktXWU1pcHBrRnBjYmdLVm9Nb2Z0Vlptd1VzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi9kYTY2YzAtYjlmOC00MDk0LWE5MzUt
NTgwZDg3Njg4NWExLzEvSWJhVzd4am5kWTZFUDRSVmxMQkctWkVuWVlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi9kYTY2YzAtYjlmOC00MDk0LWE5MzUtNTgwZDg3Njg4NWEx
LzEvZktXWU1pcHBrRnBjYmdLVm9Nb2Z0Vlptd1VzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRxADAN
BgkqhkiG9w0BAQsFAAOCAQEAZlVtDhCC/h28lsBVGKuojnESA50E27Iw7GwS9iNB
dPbdL7WDotor99vV55JYWcRo2ji6AMP5relJVlg8H87HrAdZNHQ3Cwzu5Wj7Yp2B
zG9j5ICxEgO/dJzPDzw5k+PJHVjGzTg2KKDOY96NrZgMW6B5gG5hTJdwMRqu7Wf7
FYHjMC1e4GpeazD39QKc0JBVLchqu9OwssCX9tYezobEhYVsbvanXS4ix/79haf+
RwrdNJQ8iWxXEjxgdcuL6uuBu/cJ/XXoO//RF51jyQcxYKzIl0aWqNtEpa5oUN/i
S2kXiX1OsigPxF78dhVhk73HsJnGcQuILP6BUAYbLRbbkw==
-----END CERTIFICATE-----