Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/VOMVh_thSJP-NnQuUuaBb_bDrKc.roa
File:                     VOMVh_thSJP-NnQuUuaBb_bDrKc.roa (raw, json)
Hash identifier:          8AIiAJoD9lmnykKpNP7JQo6/DYsUJUi1SaRT4mNDMo8=
Subject key identifier:   54:E3:15:87:FB:61:48:93:FE:36:74:2E:52:E6:81:6F:F6:C3:AC:A7
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019C9F928AC1CB642E00BB42173D7423BB22
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/VOMVh_thSJP-NnQuUuaBb_bDrKc.roa
Signing time:             Fri 27 Feb 2026 14:48:26 +0000
ROA not before:           Fri 27 Feb 2026 14:48:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     212238
IP address blocks:        2a14:ae00:e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:9f:92:8a:c1:cb:64:2e:00:bb:42:17:3d:74:23:bb:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: Feb 27 14:48:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54e31587fb614893fe36742e52e6816ff6c3aca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:a8:c6:c7:36:59:d0:d7:74:47:c5:4c:ed:a3:
                    99:f0:84:9a:c6:e6:4d:b4:6b:2e:9f:9d:75:7e:c0:
                    f9:e5:63:d9:e0:9b:9e:2d:7f:42:13:38:2c:54:cd:
                    c9:b9:fe:a3:8e:07:b2:44:fd:59:5e:a4:ca:4f:97:
                    3e:9e:36:f2:55:dd:d3:05:d0:4b:12:b3:79:c6:37:
                    61:9a:2d:c0:ae:67:59:5b:c1:f3:68:a2:47:f4:f7:
                    3a:54:fc:95:22:aa:fe:dc:af:99:bf:f6:04:51:11:
                    b0:38:d9:18:7b:37:d1:91:2a:02:0b:fc:3a:36:3e:
                    b2:77:fb:24:05:fc:ee:9e:74:cd:bf:b9:14:f8:40:
                    cf:3b:90:50:da:d7:72:62:6e:dd:51:db:4b:62:2a:
                    e6:e2:13:c3:f9:d0:a9:2e:ef:d5:b8:5f:3a:f3:52:
                    84:a4:4c:50:a7:0f:0f:2a:2d:01:bf:90:c4:c7:d5:
                    c6:61:fe:7e:0f:54:39:32:6f:84:bd:96:20:c0:9f:
                    04:4e:07:62:8e:81:8b:5c:6e:df:99:df:2b:c6:c5:
                    52:b6:c4:cc:7f:81:1a:a3:e3:00:a0:71:f7:6e:dd:
                    9c:04:ab:25:29:1b:66:50:50:41:31:d3:08:41:7e:
                    c1:10:6f:09:da:19:e3:f8:c1:fd:cf:3a:53:06:92:
                    33:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:E3:15:87:FB:61:48:93:FE:36:74:2E:52:E6:81:6F:F6:C3:AC:A7
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/VOMVh_thSJP-NnQuUuaBb_bDrKc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:e::/48

    Signature Algorithm: sha256WithRSAEncryption
         94:2c:60:f3:b2:fb:f2:49:98:68:f7:68:b0:8d:a9:40:57:79:
         af:eb:b7:c7:aa:e8:c4:c7:fc:9f:07:6d:6d:74:c4:23:75:49:
         0a:10:2a:8d:b1:d0:70:75:13:0a:39:6b:3a:f9:52:c3:ea:b7:
         99:2c:47:65:d9:ca:9f:d4:21:c5:3f:df:0a:bd:0d:1e:25:c0:
         6a:97:ce:63:61:9e:24:ca:38:19:92:bf:e0:48:f6:79:57:8e:
         ba:2b:1f:bd:bc:4c:93:fb:3a:e9:27:75:9c:ab:3a:3d:d4:d8:
         f2:0c:1d:cc:2a:80:db:6b:aa:28:69:e3:8f:e0:6e:5c:16:95:
         04:c1:01:f6:d5:f8:d1:1f:97:a4:b7:a6:89:55:1a:36:12:03:
         be:11:13:bb:94:34:0a:5d:35:ae:7e:0b:e2:91:53:fc:9f:22:
         a5:9b:dd:87:de:b4:3f:11:88:d4:0f:60:58:b8:05:07:eb:b9:
         6c:37:75:78:c4:ab:e9:e2:23:a3:f7:91:10:76:92:b1:52:e1:
         be:4d:ad:5f:4c:16:99:9b:63:d9:03:01:58:b4:8b:bb:d8:db:
         28:29:a0:33:e2:12:1c:4a:e9:e7:4d:bd:10:35:fa:8a:70:cc:
         ae:7f:9a:bb:ab:64:14:ca:0a:e8:8f:7e:5c:64:d6:c8:d4:c7:
         3d:47:98:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyfkorBy2QuALtCFz10I7siMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwMjI3MTQ0ODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGUzMTU4N2ZiNjE0ODkzZmUzNjc0MmU1MmU2ODE2ZmY2YzNhY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA16jGxzZZ0Nd0R8VM7aOZ8ISaxuZN
tGsun511fsD55WPZ4JueLX9CEzgsVM3Juf6jjgeyRP1ZXqTKT5c+njbyVd3TBdBL
ErN5xjdhmi3ArmdZW8HzaKJH9Pc6VPyVIqr+3K+Zv/YEURGwONkYezfRkSoCC/w6
Nj6yd/skBfzunnTNv7kU+EDPO5BQ2tdyYm7dUdtLYirm4hPD+dCpLu/VuF8681KE
pExQpw8PKi0Bv5DEx9XGYf5+D1Q5Mm+EvZYgwJ8ETgdijoGLXG7fmd8rxsVStsTM
f4Eao+MAoHH3bt2cBKslKRtmUFBBMdMIQX7BEG8J2hnj+MH9zzpTBpIzCQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFTjFYf7YUiT/jZ0LlLmgW/2w6ynMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvVk9NVmhfdGhTSlAtTm5RdVV1YUJiX2JEcktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAAO
MA0GCSqGSIb3DQEBCwUAA4IBAQCULGDzsvvySZho92iwjalAV3mv67fHqujEx/yf
B21tdMQjdUkKECqNsdBwdRMKOWs6+VLD6reZLEdl2cqf1CHFP98KvQ0eJcBql85j
YZ4kyjgZkr/gSPZ5V466Kx+9vEyT+zrpJ3Wcqzo91NjyDB3MKoDba6ooaeOP4G5c
FpUEwQH21fjRH5ekt6aJVRo2EgO+ERO7lDQKXTWufgvikVP8nyKlm92H3rQ/EYjU
D2BYuAUH67lsN3V4xKvp4iOj95EQdpKxUuG+Ta1fTBaZm2PZAwFYtIu72NsoKaAz
4hIcSunnTb0QNfqKcMyuf5q7q2QUygroj35cZNbI1Mc9R5hr
-----END CERTIFICATE-----