Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/DPSfvDhpe1b6QFI2PW6n7TYO3_k.roa
File:                     DPSfvDhpe1b6QFI2PW6n7TYO3_k.roa (raw, json)
Hash identifier:          G1MtgzpeM9nW/lViOj/+N0ux77lUSJzG5CV9it6DWeY=
Subject key identifier:   0C:F4:9F:BC:38:69:7B:56:FA:40:52:36:3D:6E:A7:ED:36:0E:DF:F9
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019E2D4992E67E0D57EC13F0746C8AC32765
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/DPSfvDhpe1b6QFI2PW6n7TYO3_k.roa
Signing time:             Fri 15 May 2026 20:17:36 +0000
ROA not before:           Fri 15 May 2026 20:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216174
IP address blocks:        2a14:ae00:40::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 16:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2d:49:92:e6:7e:0d:57:ec:13:f0:74:6c:8a:c3:27:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: May 15 20:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0cf49fbc38697b56fa4052363d6ea7ed360edff9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:02:3e:3e:87:44:22:9a:b0:56:cc:f3:a6:1e:
                    fd:88:b2:38:ea:82:03:f1:d6:c2:6f:30:02:60:a8:
                    48:46:83:24:97:3f:f8:8f:39:ec:de:4d:df:c3:16:
                    05:ef:78:28:d3:bc:02:c1:fa:96:f9:5e:87:3b:1b:
                    c7:29:a2:06:75:95:db:2c:35:78:6a:36:26:10:26:
                    2b:f2:f7:b7:11:d9:4b:17:85:40:42:41:06:5f:ed:
                    4b:c3:1a:fb:09:57:0b:b7:c3:48:75:f6:ac:02:02:
                    ee:ea:3e:05:dc:44:b1:81:d9:8e:f4:c1:1a:20:07:
                    7b:14:33:ae:ad:03:a5:1c:ac:18:dd:28:0a:47:0d:
                    11:c2:cf:90:c2:46:38:21:8b:be:61:fa:be:29:31:
                    54:f8:d7:2a:00:e7:01:1e:96:b4:81:30:3f:a6:47:
                    34:a9:b9:d5:61:c5:9f:11:81:66:16:f6:29:b1:17:
                    c2:01:d2:10:7d:fb:7e:e2:67:96:3b:30:07:2e:10:
                    0f:2b:5c:8f:7d:fb:ec:50:8c:cd:a5:f3:da:a8:42:
                    ce:dc:96:b5:6c:e9:dd:a3:be:f1:92:66:fc:99:02:
                    ee:21:1e:c9:57:8f:89:22:57:1e:15:dc:a9:21:c9:
                    16:ae:e4:07:58:48:a2:9d:4f:ac:1d:50:74:c4:87:
                    fa:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:F4:9F:BC:38:69:7B:56:FA:40:52:36:3D:6E:A7:ED:36:0E:DF:F9
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/DPSfvDhpe1b6QFI2PW6n7TYO3_k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:40::/44

    Signature Algorithm: sha256WithRSAEncryption
         70:db:90:a1:fa:6a:d4:c8:65:67:50:80:1a:2d:85:72:86:b9:
         0e:cb:ab:23:e7:d2:06:fb:97:ec:c7:45:32:f7:2c:48:2a:7a:
         ed:06:46:16:f4:94:db:e8:53:03:df:d3:a5:0f:7d:9b:54:72:
         19:6b:eb:47:9a:af:49:f8:97:9f:c2:66:5e:9d:a8:d4:a2:f5:
         8a:88:ac:a3:82:a0:f9:0f:ae:85:9c:39:d3:2d:6e:c7:66:56:
         9c:1c:9b:15:b1:41:c5:9f:03:44:34:29:7d:c6:74:b5:b3:42:
         b4:24:da:28:5f:71:be:29:2c:44:a2:92:e6:c5:34:84:6b:6c:
         61:30:b8:12:92:af:8a:d5:44:7c:eb:f9:bb:3a:9a:b0:8b:2d:
         2b:9f:64:b4:11:1f:3c:83:78:3b:97:25:34:c6:fe:c6:90:f5:
         90:9b:60:ad:05:1e:a6:d3:2e:65:84:64:f9:0a:35:d6:08:8e:
         a1:db:2b:7a:1b:e5:ff:e6:1a:b0:30:8f:89:5d:28:6c:18:d6:
         ed:f3:d1:93:6e:e4:05:1f:c5:c2:a7:68:5a:52:62:67:3c:dd:
         44:1c:5c:6d:4d:29:57:6c:c0:05:0b:8d:7b:61:c1:94:66:1e:
         24:9e:7e:02:be:ef:18:aa:76:04:af:80:f7:a1:32:06:9f:f3:
         29:20:be:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4tSZLmfg1X7BPwdGyKwydlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwNTE1MjAxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2Y0OWZiYzM4Njk3YjU2ZmE0MDUyMzYzZDZlYTdlZDM2MGVkZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wI+PodEIpqwVszzph79iLI46oID
8dbCbzACYKhIRoMklz/4jzns3k3fwxYF73go07wCwfqW+V6HOxvHKaIGdZXbLDV4
ajYmECYr8ve3EdlLF4VAQkEGX+1Lwxr7CVcLt8NIdfasAgLu6j4F3ESxgdmO9MEa
IAd7FDOurQOlHKwY3SgKRw0Rws+QwkY4IYu+Yfq+KTFU+NcqAOcBHpa0gTA/pkc0
qbnVYcWfEYFmFvYpsRfCAdIQfft+4meWOzAHLhAPK1yPffvsUIzNpfPaqELO3Ja1
bOndo77xkmb8mQLuIR7JV4+JIlceFdypIckWruQHWEiinU+sHVB0xIf6cwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAz0n7w4aXtW+kBSNj1up+02Dt/5MB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvRFBTZnZEaHBlMWI2UUZJMlBXNm43VFlPM19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhSuAABA
MA0GCSqGSIb3DQEBCwUAA4IBAQBw25Ch+mrUyGVnUIAaLYVyhrkOy6sj59IG+5fs
x0Uy9yxIKnrtBkYW9JTb6FMD39OlD32bVHIZa+tHmq9J+JefwmZenajUovWKiKyj
gqD5D66FnDnTLW7HZlacHJsVsUHFnwNENCl9xnS1s0K0JNooX3G+KSxEopLmxTSE
a2xhMLgSkq+K1UR86/m7Opqwiy0rn2S0ER88g3g7lyU0xv7GkPWQm2CtBR6m0y5l
hGT5CjXWCI6h2yt6G+X/5hqwMI+JXShsGNbt89GTbuQFH8XCp2haUmJnPN1EHFxt
TSlXbMAFC417YcGUZh4knn4Cvu8YqnYEr4D3oTIGn/MpIL7g
-----END CERTIFICATE-----