Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/mzUvfgVLoqjl_Pu4e_7hdH0g4tQ.roa
File:                     mzUvfgVLoqjl_Pu4e_7hdH0g4tQ.roa (raw, json)
Hash identifier:          nM7KewQVEjtLO/Upjj+aZLO5RewYm9AF+8kFiREJ2Jc=
Subject key identifier:   9B:35:2F:7E:05:4B:A2:A8:E5:FC:FB:B8:7B:FE:E1:74:7D:20:E2:D4
Certificate issuer:       /CN=acecd11269eea06726277ce361ab51ce42049e36
Certificate serial:       0199697C8AF5CFDC808A126551606A45296C
Authority key identifier: AC:EC:D1:12:69:EE:A0:67:26:27:7C:E3:61:AB:51:CE:42:04:9E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rOzREmnuoGcmJ3zjYatRzkIEnjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/mzUvfgVLoqjl_Pu4e_7hdH0g4tQ.roa
Signing time:             Sat 20 Sep 2025 23:36:33 +0000
ROA not before:           Sat 20 Sep 2025 23:36:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60223
IP address blocks:        2a14:9e00:9000::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/rOzREmnuoGcmJ3zjYatRzkIEnjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/rOzREmnuoGcmJ3zjYatRzkIEnjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rOzREmnuoGcmJ3zjYatRzkIEnjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:69:7c:8a:f5:cf:dc:80:8a:12:65:51:60:6a:45:29:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acecd11269eea06726277ce361ab51ce42049e36
        Validity
            Not Before: Sep 20 23:36:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9b352f7e054ba2a8e5fcfbb87bfee1747d20e2d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e2:aa:a8:30:8f:2d:0e:84:d5:be:b1:be:ce:
                    ef:5b:1f:24:45:21:94:7f:88:9e:df:8a:69:d8:fd:
                    6e:7f:55:71:e1:b8:e4:b4:f9:73:90:35:62:f2:e9:
                    52:d0:29:ce:82:db:62:ec:d0:18:75:bc:b1:58:06:
                    dd:c2:61:f7:ac:86:3c:ed:b2:a6:2a:38:0f:9b:22:
                    7c:4a:a3:39:1d:c9:6b:b2:fb:81:2f:46:83:32:6d:
                    c2:87:50:3b:37:8a:9f:40:3b:55:9e:dd:a8:96:b5:
                    67:df:0f:a6:55:61:f3:04:8f:86:d1:50:8d:c7:7f:
                    91:7d:2d:b2:50:6e:f7:db:63:ad:24:bb:10:d1:a4:
                    56:a4:82:57:ee:8d:d4:1f:07:40:77:2b:fa:51:bb:
                    fc:00:58:b1:a3:0c:41:3b:57:59:14:79:6e:40:3e:
                    1b:2a:92:64:94:16:e2:e1:0c:c6:7a:c1:ff:5f:48:
                    2b:82:e5:4a:3d:e8:7f:d8:4b:2d:05:ea:b1:9f:2e:
                    60:7c:c7:51:1a:ec:c6:e5:9b:84:13:30:1d:9c:7f:
                    91:f0:5f:6a:d0:82:a4:fa:e9:ff:23:86:b3:3c:e2:
                    d1:8b:7e:ec:b1:95:a2:20:a4:c1:37:dc:ca:0e:aa:
                    18:49:2e:f1:b7:82:1d:b2:91:d6:f4:a3:71:8a:2c:
                    dc:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:35:2F:7E:05:4B:A2:A8:E5:FC:FB:B8:7B:FE:E1:74:7D:20:E2:D4
            X509v3 Authority Key Identifier:
                keyid:AC:EC:D1:12:69:EE:A0:67:26:27:7C:E3:61:AB:51:CE:42:04:9E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rOzREmnuoGcmJ3zjYatRzkIEnjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/mzUvfgVLoqjl_Pu4e_7hdH0g4tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/rOzREmnuoGcmJ3zjYatRzkIEnjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:9000::/40

    Signature Algorithm: sha256WithRSAEncryption
         4c:f4:4b:81:6e:c1:c3:be:ea:36:fb:21:86:e9:ec:cd:0d:db:
         eb:ce:37:b8:fd:b1:0d:ab:61:5c:92:e9:bd:27:f1:c0:8e:5d:
         64:87:0e:e3:46:86:e2:ef:e8:b4:9f:c2:b0:0d:bf:e4:f6:00:
         57:47:61:88:80:dc:aa:e0:49:48:fd:2c:a3:29:25:0a:36:d6:
         34:62:b3:96:1a:ec:12:ed:e8:29:e0:ca:4b:8d:29:9e:b7:f9:
         20:99:4f:48:30:78:6d:16:f0:8d:6a:af:6b:b8:26:4a:58:f5:
         a8:da:f3:62:07:ef:07:82:89:f3:df:8d:f0:6e:1b:42:7b:32:
         b3:e3:cf:0e:e4:11:78:19:bc:80:79:1c:b5:e8:6d:97:1a:00:
         c0:9b:58:76:01:b4:28:3c:b4:0e:16:0b:37:93:f2:e6:6e:45:
         39:8e:38:ce:63:75:23:27:fa:b1:fa:a8:f3:50:a5:c9:06:cd:
         28:96:c0:75:43:22:35:c9:5f:ec:d5:06:5e:53:fa:bf:23:ab:
         d0:3a:1a:b1:42:f4:af:5e:c5:0a:38:d3:a1:8d:40:6c:c3:c9:
         2e:85:d5:c1:fa:28:7b:b1:f3:56:60:a5:6a:ea:e6:fa:57:d5:
         54:fe:64:38:2e:91:10:a8:1f:f5:6c:69:85:39:98:ae:b3:b9:
         ab:80:d0:c0
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZlpfIr1z9yAihJlUWBqRSlsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZWNkMTEyNjllZWEwNjcyNjI3N2NlMzYxYWI1MWNlNDIw
NDllMzYwHhcNMjUwOTIwMjMzNjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YjM1MmY3ZTA1NGJhMmE4ZTVmY2ZiYjg3YmZlZTE3NDdkMjBlMmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeKqqDCPLQ6E1b6xvs7vWx8kRSGU
f4ie34pp2P1uf1Vx4bjktPlzkDVi8ulS0CnOgtti7NAYdbyxWAbdwmH3rIY87bKm
KjgPmyJ8SqM5HclrsvuBL0aDMm3Ch1A7N4qfQDtVnt2olrVn3w+mVWHzBI+G0VCN
x3+RfS2yUG7322OtJLsQ0aRWpIJX7o3UHwdAdyv6Ubv8AFixowxBO1dZFHluQD4b
KpJklBbi4QzGesH/X0grguVKPeh/2EstBeqxny5gfMdRGuzG5ZuEEzAdnH+R8F9q
0IKk+un/I4azPOLRi37ssZWiIKTBN9zKDqoYSS7xt4IdspHW9KNxiizcWwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJs1L34FS6Ko5fz7uHv+4XR9IOLUMB8GA1UdIwQY
MBaAFKzs0RJp7qBnJid842GrUc5CBJ42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck96UkVtbnVvR2NtSjN6allhdFJ6a0lFbmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84NmVlOGYtMGM3Yi00OTIxLWJmZjUt
NDA0N2UwZmJlOWNiLzEvbXpVdmZnVkxvcWpsX1B1NGVfN2hkSDBnNHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84NmVlOGYtMGM3Yi00OTIxLWJmZjUtNDA0N2UwZmJlOWNi
LzEvck96UkVtbnVvR2NtSjN6allhdFJ6a0lFbmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhSeAJAw
DQYJKoZIhvcNAQELBQADggEBAEz0S4FuwcO+6jb7IYbp7M0N2+vON7j9sQ2rYVyS
6b0n8cCOXWSHDuNGhuLv6LSfwrANv+T2AFdHYYiA3KrgSUj9LKMpJQo21jRis5Ya
7BLt6CngykuNKZ63+SCZT0gweG0W8I1qr2u4JkpY9aja82IH7weCifPfjfBuG0J7
MrPjzw7kEXgZvIB5HLXobZcaAMCbWHYBtCg8tA4WCzeT8uZuRTmOOM5jdSMn+rH6
qPNQpckGzSiWwHVDIjXJX+zVBl5T+r8jq9A6GrFC9K9exQo406GNQGzDyS6F1cH6
KHux81ZgpWrq5vpX1VT+ZDgukRCoH/VsaYU5mK6zuauA0MA=
-----END CERTIFICATE-----