Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/vwkWycVdom3nvYeKOf0XRuXuyg8.roa
File:                     vwkWycVdom3nvYeKOf0XRuXuyg8.roa (raw, json)
Hash identifier:          GQTFaeIhIDJqGTNfp3g118208VXOEiHmD7gFsTFKtRc=
Subject key identifier:   BF:09:16:C9:C5:5D:A2:6D:E7:BD:87:8A:39:FD:17:46:E5:EE:CA:0F
Certificate issuer:       /CN=ea1ecfadfafd4fe14cbdc221b9159ee9618efe89
Certificate serial:       019B7EA70502E4DC02992D2A5DD02585A0D9
Authority key identifier: EA:1E:CF:AD:FA:FD:4F:E1:4C:BD:C2:21:B9:15:9E:E9:61:8E:FE:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6h7Prfr9T-FMvcIhuRWe6WGO_ok.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/vwkWycVdom3nvYeKOf0XRuXuyg8.roa
Signing time:             Fri 02 Jan 2026 12:20:33 +0000
ROA not before:           Fri 02 Jan 2026 12:20:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214667
IP address blocks:        2a14:6840::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/6h7Prfr9T-FMvcIhuRWe6WGO_ok.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/6h7Prfr9T-FMvcIhuRWe6WGO_ok.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6h7Prfr9T-FMvcIhuRWe6WGO_ok.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:a7:05:02:e4:dc:02:99:2d:2a:5d:d0:25:85:a0:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea1ecfadfafd4fe14cbdc221b9159ee9618efe89
        Validity
            Not Before: Jan  2 12:20:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bf0916c9c55da26de7bd878a39fd1746e5eeca0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a2:a9:3f:54:db:a8:c2:71:95:7b:d5:b4:40:
                    bb:e0:42:d8:11:c0:f9:f8:ff:7c:e4:a9:21:9b:21:
                    77:43:cc:91:ea:63:6f:26:49:30:a6:b8:b3:85:b9:
                    81:3d:b2:a5:68:e1:f5:3e:1f:12:68:95:6b:07:61:
                    17:78:39:0d:5b:74:00:56:f2:24:35:01:f0:f3:2b:
                    11:c3:b3:d3:54:cb:f1:0d:23:88:73:8c:a8:67:c4:
                    37:41:8f:45:a9:38:85:3c:8b:a3:2c:4d:f0:ac:37:
                    23:d3:83:e8:78:da:74:1b:4d:f1:81:52:95:7a:b8:
                    e6:02:46:52:dd:c1:89:e5:72:f8:ff:46:a3:0f:b9:
                    1e:05:d6:4c:5d:de:de:9e:b0:31:df:6f:bf:73:bd:
                    e6:29:f3:d6:06:6d:c5:78:d7:d3:dc:8a:1f:ca:c9:
                    a1:a2:3f:55:93:db:25:cd:84:ce:e2:44:ad:0e:5b:
                    f6:2f:44:41:f8:f4:c0:08:fb:a8:f8:be:0b:71:bd:
                    7f:aa:e1:fb:7f:1b:ea:65:0e:bb:93:6e:01:82:ad:
                    3f:94:e7:56:a8:e1:fd:b4:69:4f:56:61:ea:32:ba:
                    f0:4a:67:bb:24:fb:26:55:d9:ba:37:1b:ac:35:ca:
                    13:42:da:a5:40:05:a0:d9:49:f8:3e:e7:0f:4e:82:
                    af:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:09:16:C9:C5:5D:A2:6D:E7:BD:87:8A:39:FD:17:46:E5:EE:CA:0F
            X509v3 Authority Key Identifier:
                keyid:EA:1E:CF:AD:FA:FD:4F:E1:4C:BD:C2:21:B9:15:9E:E9:61:8E:FE:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6h7Prfr9T-FMvcIhuRWe6WGO_ok.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/vwkWycVdom3nvYeKOf0XRuXuyg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/021eaa-1cf0-41cb-b95b-162a82729f73/1/6h7Prfr9T-FMvcIhuRWe6WGO_ok.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:6840::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:0f:3e:75:d3:83:e4:80:57:71:3b:10:92:c4:82:48:03:73:
         a5:43:fe:dc:8e:54:e6:96:95:94:df:9e:e5:6b:fc:8e:b1:f0:
         69:b4:91:91:5f:30:ed:db:6a:16:a1:65:81:6e:01:31:91:6f:
         ba:55:aa:29:30:fc:52:b4:69:17:ed:e4:04:91:8c:ae:c9:f4:
         73:9e:f2:54:70:c9:b4:8f:e7:ae:57:2e:00:4a:aa:00:58:6f:
         77:01:89:7e:1c:56:02:0b:ae:f2:61:91:6d:ff:a1:9f:22:19:
         2a:ba:61:7f:db:c6:9f:2b:a7:1e:5a:5f:45:d4:9e:c1:1e:51:
         39:bd:d8:7c:b1:0e:e5:90:35:ab:dd:90:b7:61:22:b8:83:91:
         97:46:61:0c:b8:a2:90:89:86:df:fe:4c:c1:c4:72:ef:7a:ee:
         8e:5e:18:e6:ea:93:7d:bc:ad:2b:ed:fd:75:50:df:39:da:97:
         94:3d:b2:45:43:dc:c0:3c:de:43:6d:d2:01:bb:6a:aa:79:bd:
         84:e7:f3:bb:c7:9d:40:42:a6:16:d9:a2:92:12:cb:52:fa:86:
         06:f0:00:42:29:fc:79:46:48:e3:48:19:15:d4:bc:e0:54:f1:
         f2:8f:c8:1f:da:6f:9f:90:ab:fa:5c:d6:1c:52:fa:5a:f4:c0:
         c7:a9:77:ed
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt+pwUC5NwCmS0qXdAlhaDZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhMWVjZmFkZmFmZDRmZTE0Y2JkYzIyMWI5MTU5ZWU5NjE4
ZWZlODkwHhcNMjYwMTAyMTIyMDMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjA5MTZjOWM1NWRhMjZkZTdiZDg3OGEzOWZkMTc0NmU1ZWVjYTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6KpP1TbqMJxlXvVtEC74ELYEcD5
+P985KkhmyF3Q8yR6mNvJkkwprizhbmBPbKlaOH1Ph8SaJVrB2EXeDkNW3QAVvIk
NQHw8ysRw7PTVMvxDSOIc4yoZ8Q3QY9FqTiFPIujLE3wrDcj04PoeNp0G03xgVKV
erjmAkZS3cGJ5XL4/0ajD7keBdZMXd7enrAx32+/c73mKfPWBm3FeNfT3Iofysmh
oj9Vk9slzYTO4kStDlv2L0RB+PTACPuo+L4Lcb1/quH7fxvqZQ67k24Bgq0/lOdW
qOH9tGlPVmHqMrrwSme7JPsmVdm6NxusNcoTQtqlQAWg2Un4PucPToKv2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFL8JFsnFXaJt572Hijn9F0bl7soPMB8GA1UdIwQY
MBaAFOoez636/U/hTL3CIbkVnulhjv6JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNmg3UHJmcjlULUZNdmNJaHVSV2U2V0dPX29rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8wMjFlYWEtMWNmMC00MWNiLWI5NWIt
MTYyYTgyNzI5ZjczLzEvdndrV3ljVmRvbTNudlllS09mMFhSdVh1eWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8wMjFlYWEtMWNmMC00MWNiLWI5NWItMTYyYTgyNzI5Zjcz
LzEvNmg3UHJmcjlULUZNdmNJaHVSV2U2V0dPX29rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhRoQDAN
BgkqhkiG9w0BAQsFAAOCAQEAIA8+ddOD5IBXcTsQksSCSANzpUP+3I5U5paVlN+e
5Wv8jrHwabSRkV8w7dtqFqFlgW4BMZFvulWqKTD8UrRpF+3kBJGMrsn0c57yVHDJ
tI/nrlcuAEqqAFhvdwGJfhxWAguu8mGRbf+hnyIZKrphf9vGnyunHlpfRdSewR5R
Ob3YfLEO5ZA1q92Qt2EiuIORl0ZhDLiikImG3/5MwcRy73rujl4Y5uqTfbytK+39
dVDfOdqXlD2yRUPcwDzeQ23SAbtqqnm9hOfzu8edQEKmFtmikhLLUvqGBvAAQin8
eUZI40gZFdS84FTx8o/IH9pvn5Cr+lzWHFL6WvTAx6l37Q==
-----END CERTIFICATE-----