Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/dhsY2IAvNXBTicgHJHB6ZrojcBA.roa
File:                     dhsY2IAvNXBTicgHJHB6ZrojcBA.roa (raw, json)
Hash identifier:          PEV0VoS70dsxhMm2BgqSLtkd4HInBikIw2B3mfyz1do=
Subject key identifier:   76:1B:18:D8:80:2F:35:70:53:89:C8:07:24:70:7A:66:BA:23:70:10
Certificate issuer:       /CN=a7a4e23482268475c1b935637d0002c2fd2993b8
Certificate serial:       019D788A9127CB85EFD46D321FF795449601
Authority key identifier: A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/dhsY2IAvNXBTicgHJHB6ZrojcBA.roa
Signing time:             Fri 10 Apr 2026 17:57:20 +0000
ROA not before:           Fri 10 Apr 2026 17:57:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199154
IP address blocks:        2a14:ae00:101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:78:8a:91:27:cb:85:ef:d4:6d:32:1f:f7:95:44:96:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7a4e23482268475c1b935637d0002c2fd2993b8
        Validity
            Not Before: Apr 10 17:57:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=761b18d8802f35705389c80724707a66ba237010
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a9:4b:d3:15:ba:d3:9a:6c:59:cc:fc:1e:d6:
                    1b:05:94:93:4a:ce:3b:73:ee:bd:fc:b5:24:b7:02:
                    27:8f:53:32:ac:12:72:e5:57:79:e4:ea:5e:ec:51:
                    b3:e6:25:de:49:91:6a:62:d6:1e:50:4a:13:ef:26:
                    02:e0:7e:5a:96:bd:a6:5b:1f:b8:89:2c:87:a3:db:
                    14:22:56:ba:4f:27:7d:53:32:bf:30:c9:bf:e7:70:
                    33:d7:8c:43:1a:78:e0:e4:95:12:a4:47:11:21:15:
                    a1:f4:ea:cd:87:64:d1:91:02:ea:c0:94:a0:48:06:
                    82:a8:36:25:4e:cb:3f:58:a1:94:9c:0e:0c:84:c9:
                    fc:81:8f:6f:50:f2:be:2f:dd:f4:e5:9a:54:af:19:
                    b8:c1:bb:d4:68:6d:73:ef:f8:79:af:ce:1b:44:32:
                    0e:84:0e:1a:c6:00:f2:ec:4a:56:0c:3b:69:a0:c1:
                    8b:09:f1:be:a5:15:4a:5c:5e:b5:9e:20:c4:43:8a:
                    56:8f:ae:61:ae:ee:80:61:95:e7:0f:9b:96:b5:6b:
                    ea:73:0f:ee:76:f9:92:26:15:87:6d:e9:26:c3:fa:
                    e1:3a:78:e0:b4:b1:5b:37:9b:70:7c:0e:26:fb:b9:
                    1c:e6:54:ca:61:f0:2d:07:83:24:97:8f:c7:9d:dc:
                    5b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:1B:18:D8:80:2F:35:70:53:89:C8:07:24:70:7A:66:BA:23:70:10
            X509v3 Authority Key Identifier:
                keyid:A7:A4:E2:34:82:26:84:75:C1:B9:35:63:7D:00:02:C2:FD:29:93:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p6TiNIImhHXBuTVjfQACwv0pk7g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/dhsY2IAvNXBTicgHJHB6ZrojcBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cc/07f623-14fb-4a80-9f46-23331b64916c/1/p6TiNIImhHXBuTVjfQACwv0pk7g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:ae00:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         6f:e6:31:5e:9f:0c:43:80:f4:6d:29:90:31:90:06:8a:20:0c:
         2d:ce:70:85:8b:aa:66:9a:6e:b1:3b:a0:5f:c5:10:89:76:53:
         40:b5:60:b5:bd:31:3a:27:79:1a:59:86:d3:84:ff:17:77:41:
         80:e4:5c:7e:22:33:b9:46:55:25:9b:11:fa:39:49:84:c9:3b:
         90:6d:62:a9:c6:a3:37:d1:66:53:c5:1d:09:e0:25:ce:25:78:
         cd:50:6f:07:00:8a:b5:06:ff:26:78:c2:52:d6:90:03:25:cd:
         1e:16:cb:38:55:db:71:a9:31:ee:d6:85:34:c9:91:75:07:e8:
         cc:18:25:18:3a:5e:2c:07:0f:c3:77:ad:53:b5:ad:cb:62:e5:
         0e:a5:c9:cf:ac:f8:84:65:aa:38:65:88:a5:4d:44:fe:0b:1f:
         b2:02:63:e1:6c:d8:36:06:b6:e4:57:21:a0:7d:14:b8:95:87:
         66:7c:72:35:e7:61:09:6b:5c:c4:68:ae:90:a9:f2:43:1a:cd:
         a7:18:c2:2d:0c:78:31:61:57:ab:4e:c2:ef:cf:37:94:04:7e:
         a2:35:e0:f1:23:6c:2e:a0:f1:f8:d5:23:08:47:ae:b6:2c:55:
         48:f6:d5:24:3a:c2:19:49:28:4b:2e:1f:e0:e6:39:86:36:46:
         b5:7c:7e:27
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ14ipEny4Xv1G0yH/eVRJYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3YTRlMjM0ODIyNjg0NzVjMWI5MzU2MzdkMDAwMmMyZmQy
OTkzYjgwHhcNMjYwNDEwMTc1NzIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjFiMThkODgwMmYzNTcwNTM4OWM4MDcyNDcwN2E2NmJhMjM3MDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqlL0xW605psWcz8HtYbBZSTSs47
c+69/LUktwInj1MyrBJy5Vd55Ope7FGz5iXeSZFqYtYeUEoT7yYC4H5alr2mWx+4
iSyHo9sUIla6Tyd9UzK/MMm/53Az14xDGnjg5JUSpEcRIRWh9OrNh2TRkQLqwJSg
SAaCqDYlTss/WKGUnA4MhMn8gY9vUPK+L9305ZpUrxm4wbvUaG1z7/h5r84bRDIO
hA4axgDy7EpWDDtpoMGLCfG+pRVKXF61niDEQ4pWj65hru6AYZXnD5uWtWvqcw/u
dvmSJhWHbekmw/rhOnjgtLFbN5twfA4m+7kc5lTKYfAtB4Mkl4/HndxbiwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHYbGNiALzVwU4nIByRwema6I3AQMB8GA1UdIwQY
MBaAFKek4jSCJoR1wbk1Y30AAsL9KZO4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYt
MjMzMzFiNjQ5MTZjLzEvZGhzWTJJQXZOWEJUaWNnSEpIQjZacm9qY0JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYy8wN2Y2MjMtMTRmYi00YTgwLTlmNDYtMjMzMzFiNjQ5MTZj
LzEvcDZUaU5JSW1oSFhCdVRWamZRQUN3djBwazdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhSuAAEB
MA0GCSqGSIb3DQEBCwUAA4IBAQBv5jFenwxDgPRtKZAxkAaKIAwtznCFi6pmmm6x
O6BfxRCJdlNAtWC1vTE6J3kaWYbThP8Xd0GA5Fx+IjO5RlUlmxH6OUmEyTuQbWKp
xqM30WZTxR0J4CXOJXjNUG8HAIq1Bv8meMJS1pADJc0eFss4VdtxqTHu1oU0yZF1
B+jMGCUYOl4sBw/Dd61Tta3LYuUOpcnPrPiEZao4ZYilTUT+Cx+yAmPhbNg2Brbk
VyGgfRS4lYdmfHI152EJa1zEaK6QqfJDGs2nGMItDHgxYVerTsLvzzeUBH6iNeDx
I2wuoPH41SMIR662LFVI9tUkOsIZSShLLh/g5jmGNka1fH4n
-----END CERTIFICATE-----