Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/uAH4xPc9AhtK2Uy6SZDxCuii3xg.roa
File:                     uAH4xPc9AhtK2Uy6SZDxCuii3xg.roa (raw, json)
Hash identifier:          7Lk71krqRJUVDRdcZl5XdOrWogQR7yqjHZ+KkfQmj9U=
Subject key identifier:   B8:01:F8:C4:F7:3D:02:1B:4A:D9:4C:BA:49:90:F1:0A:E8:A2:DF:18
Certificate issuer:       /CN=acecd11269eea06726277ce361ab51ce42049e36
Certificate serial:       0199697C8B31DB362942B23100AEA321DA13
Authority key identifier: AC:EC:D1:12:69:EE:A0:67:26:27:7C:E3:61:AB:51:CE:42:04:9E:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rOzREmnuoGcmJ3zjYatRzkIEnjY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/uAH4xPc9AhtK2Uy6SZDxCuii3xg.roa
Signing time:             Sat 20 Sep 2025 23:36:33 +0000
ROA not before:           Sat 20 Sep 2025 23:36:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        2a14:9e00:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/rOzREmnuoGcmJ3zjYatRzkIEnjY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/rOzREmnuoGcmJ3zjYatRzkIEnjY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rOzREmnuoGcmJ3zjYatRzkIEnjY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 06:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:69:7c:8b:31:db:36:29:42:b2:31:00:ae:a3:21:da:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=acecd11269eea06726277ce361ab51ce42049e36
        Validity
            Not Before: Sep 20 23:36:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b801f8c4f73d021b4ad94cba4990f10ae8a2df18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:6f:01:98:ae:e6:fd:1c:28:da:86:3b:93:52:
                    d0:c5:59:44:49:d0:65:52:38:6d:58:d8:98:11:9c:
                    5f:51:78:c0:bd:cb:60:e2:1e:f8:82:c8:6c:1e:57:
                    14:48:4b:e3:34:e3:33:32:81:69:69:8e:f5:22:cd:
                    64:d1:44:b4:ee:7d:70:9b:23:a8:04:33:4e:99:56:
                    ea:f8:90:d7:ae:e1:39:23:f2:5c:3f:1f:4d:83:6c:
                    41:e1:92:8f:e4:fd:94:f7:d7:2f:99:b7:95:54:ac:
                    1e:53:68:8b:7a:c6:09:94:f7:30:d1:75:b1:a2:50:
                    12:31:da:c3:39:16:2d:2d:c8:fb:d1:33:d2:68:d7:
                    57:d5:ef:a6:c3:d6:66:70:8a:8d:e5:99:52:aa:d3:
                    28:80:e2:0b:79:bb:85:0b:ef:9a:03:42:10:09:c6:
                    9d:0c:3c:d7:95:04:ae:7c:d6:80:de:e9:77:f5:56:
                    3d:7f:27:da:60:7d:0f:bd:25:da:e1:f8:e2:d8:46:
                    5c:ae:73:cf:bd:27:c4:dd:67:22:b8:4e:2b:40:92:
                    20:bb:1e:d9:60:b4:39:ce:1d:33:dc:13:27:9a:28:
                    2d:89:d7:3d:88:68:de:26:e5:52:69:65:09:23:35:
                    41:b2:16:4d:5d:2f:3c:c8:99:7b:cb:01:b2:ae:c3:
                    ba:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:01:F8:C4:F7:3D:02:1B:4A:D9:4C:BA:49:90:F1:0A:E8:A2:DF:18
            X509v3 Authority Key Identifier:
                keyid:AC:EC:D1:12:69:EE:A0:67:26:27:7C:E3:61:AB:51:CE:42:04:9E:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rOzREmnuoGcmJ3zjYatRzkIEnjY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/uAH4xPc9AhtK2Uy6SZDxCuii3xg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/86ee8f-0c7b-4921-bff5-4047e0fbe9cb/1/rOzREmnuoGcmJ3zjYatRzkIEnjY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9e00:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         98:be:d6:e4:3f:60:ad:64:18:3a:c6:0d:9d:3b:dd:dc:61:52:
         34:f1:5d:29:d9:29:af:81:36:4b:09:e7:34:df:80:7f:6a:88:
         47:79:a9:c1:9e:5f:a4:74:56:a3:42:14:d4:24:12:62:4a:f9:
         95:36:e7:da:cf:c4:f3:66:11:ad:5b:40:56:87:92:76:1d:e6:
         86:aa:40:9c:49:3f:21:cc:c9:24:6e:b6:16:c0:62:3a:17:61:
         d7:30:e6:c4:26:26:d3:27:97:3d:48:5d:ec:74:f9:ee:36:2e:
         9f:71:83:58:0d:5f:08:ce:41:b8:8f:64:83:98:55:ec:7d:5c:
         df:f4:37:cc:80:11:ff:7d:dc:3f:fd:05:8a:e1:b0:ed:c1:8d:
         c0:53:c8:9f:f4:fc:3f:b5:ac:e7:73:42:83:6f:34:91:e6:82:
         4e:c0:ed:9f:0d:36:7c:82:9d:76:ee:6d:c9:81:72:9f:f1:a8:
         72:01:86:f4:1c:bb:2c:00:53:1a:20:5e:41:cc:f5:35:f2:c8:
         18:9f:9a:c4:e2:93:89:bf:c4:2b:7c:9c:d6:15:95:db:cc:d3:
         d7:51:13:24:e6:ad:1b:59:c9:a8:30:24:dc:20:4a:4c:f1:c9:
         49:ab:fe:5c:7d:e0:3d:b1:aa:29:55:2f:42:75:a2:92:8f:e3:
         ef:7a:17:e8
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZlpfIsx2zYpQrIxAK6jIdoTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjZWNkMTEyNjllZWEwNjcyNjI3N2NlMzYxYWI1MWNlNDIw
NDllMzYwHhcNMjUwOTIwMjMzNjMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODAxZjhjNGY3M2QwMjFiNGFkOTRjYmE0OTkwZjEwYWU4YTJkZjE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxW8BmK7m/Rwo2oY7k1LQxVlESdBl
UjhtWNiYEZxfUXjAvctg4h74gshsHlcUSEvjNOMzMoFpaY71Is1k0US07n1wmyOo
BDNOmVbq+JDXruE5I/JcPx9Ng2xB4ZKP5P2U99cvmbeVVKweU2iLesYJlPcw0XWx
olASMdrDORYtLcj70TPSaNdX1e+mw9ZmcIqN5ZlSqtMogOILebuFC++aA0IQCcad
DDzXlQSufNaA3ul39VY9fyfaYH0PvSXa4fji2EZcrnPPvSfE3WciuE4rQJIgux7Z
YLQ5zh0z3BMnmigtidc9iGjeJuVSaWUJIzVBshZNXS88yJl7ywGyrsO6QQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLgB+MT3PQIbStlMukmQ8Qroot8YMB8GA1UdIwQY
MBaAFKzs0RJp7qBnJid842GrUc5CBJ42MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvck96UkVtbnVvR2NtSjN6allhdFJ6a0lFbmpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84NmVlOGYtMGM3Yi00OTIxLWJmZjUt
NDA0N2UwZmJlOWNiLzEvdUFINHhQYzlBaHRLMlV5NlNaRHhDdWlpM3hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84NmVlOGYtMGM3Yi00OTIxLWJmZjUtNDA0N2UwZmJlOWNi
LzEvck96UkVtbnVvR2NtSjN6allhdFJ6a0lFbmpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhSeAAIw
DQYJKoZIhvcNAQELBQADggEBAJi+1uQ/YK1kGDrGDZ073dxhUjTxXSnZKa+BNksJ
5zTfgH9qiEd5qcGeX6R0VqNCFNQkEmJK+ZU259rPxPNmEa1bQFaHknYd5oaqQJxJ
PyHMySRuthbAYjoXYdcw5sQmJtMnlz1IXex0+e42Lp9xg1gNXwjOQbiPZIOYVex9
XN/0N8yAEf993D/9BYrhsO3BjcBTyJ/0/D+1rOdzQoNvNJHmgk7A7Z8NNnyCnXbu
bcmBcp/xqHIBhvQcuywAUxogXkHM9TXyyBifmsTik4m/xCt8nNYVldvM09dREyTm
rRtZyagwJNwgSkzxyUmr/lx94D2xqilVL0J1opKP4+96F+g=
-----END CERTIFICATE-----