Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/lf7VZmq2rsBXJedCujxEgR3JSRw.roa
File:                     lf7VZmq2rsBXJedCujxEgR3JSRw.roa (raw, json)
Hash identifier:          i4ihoqVdnAGdUVkmGd9SoSzj6rV5e9gZRKeKMlY+OMU=
Subject key identifier:   95:FE:D5:66:6A:B6:AE:C0:57:25:E7:42:BA:3C:44:81:1D:C9:49:1C
Certificate issuer:       /CN=05d4d49da3e14855a7b883603ff148c1bb21f690
Certificate serial:       019935292F31F236F7D0117C8743F62069FD
Authority key identifier: 05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/lf7VZmq2rsBXJedCujxEgR3JSRw.roa
Signing time:             Wed 10 Sep 2025 19:45:15 +0000
ROA not before:           Wed 10 Sep 2025 19:45:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61976
IP address blocks:        2a14:e600::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 08:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:35:29:2f:31:f2:36:f7:d0:11:7c:87:43:f6:20:69:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05d4d49da3e14855a7b883603ff148c1bb21f690
        Validity
            Not Before: Sep 10 19:45:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=95fed5666ab6aec05725e742ba3c44811dc9491c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:06:ad:40:b9:6c:47:e2:35:f8:03:5b:10:4c:
                    ea:c5:4d:66:21:26:5a:89:d2:44:a2:45:8f:d1:3b:
                    30:74:52:d4:32:59:35:fd:eb:b1:39:2a:5c:98:13:
                    af:e7:30:f3:6e:a3:d0:d9:7d:be:d7:11:0c:af:00:
                    41:bf:e5:64:39:d0:14:62:c3:f3:49:45:49:d6:8e:
                    09:06:3a:48:1a:3a:82:1a:e5:ca:f7:a2:2f:b3:af:
                    e3:97:07:b6:23:50:8d:9f:99:0c:b6:32:9b:c3:0e:
                    38:dc:3d:b2:58:2c:c1:0f:7a:e9:74:dd:58:6b:5c:
                    bf:7b:af:e6:f4:92:10:cc:7e:1d:b9:03:0c:be:15:
                    bb:66:08:d2:5c:5d:b2:8a:5f:a2:fe:93:ca:3e:ea:
                    e1:61:c4:16:78:79:fb:24:ae:91:4a:6f:78:53:2b:
                    90:99:b0:e3:dc:f4:45:fc:03:c2:06:cb:43:fa:63:
                    c6:2f:a9:84:be:2d:7a:f5:bb:2c:d7:b3:af:87:51:
                    94:12:f5:84:cd:59:62:6d:9c:59:36:02:d0:e9:86:
                    17:cb:ca:4d:0f:fd:67:1b:96:35:50:51:74:d1:0c:
                    42:5a:58:b0:8a:ac:0d:1d:e0:90:10:c0:31:bb:54:
                    22:42:22:eb:65:7d:db:21:df:8d:30:cb:fb:ba:4a:
                    71:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:FE:D5:66:6A:B6:AE:C0:57:25:E7:42:BA:3C:44:81:1D:C9:49:1C
            X509v3 Authority Key Identifier:
                keyid:05:D4:D4:9D:A3:E1:48:55:A7:B8:83:60:3F:F1:48:C1:BB:21:F6:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BdTUnaPhSFWnuINgP_FIwbsh9pA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/lf7VZmq2rsBXJedCujxEgR3JSRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/1a3f91-15bc-4eb8-97dd-58f1cbf3cac3/1/BdTUnaPhSFWnuINgP_FIwbsh9pA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:e600::/32

    Signature Algorithm: sha256WithRSAEncryption
         81:34:f0:59:95:3d:43:e1:1a:3c:bd:f7:83:06:df:6a:3a:e2:
         08:9c:88:02:98:28:c0:7c:85:47:4b:ae:4c:5e:8d:1f:1f:88:
         9b:2d:84:a6:46:f3:78:65:82:1e:01:db:b3:42:fe:d7:97:1f:
         84:2d:e8:ab:81:c5:3f:77:a2:27:4b:c5:e2:73:04:cd:70:d0:
         03:5b:e3:3c:84:ff:40:ca:61:51:8f:7f:7f:f5:54:ad:c9:bd:
         c8:3e:2f:fa:da:c5:d1:07:fc:4c:ee:f3:76:75:c4:a4:ec:d1:
         b1:1a:d0:81:8f:fb:af:6e:89:2d:27:98:16:87:e0:b3:c1:16:
         6b:0f:b1:76:ec:b4:99:b1:9f:50:c4:81:01:b1:11:73:d7:42:
         85:cd:c4:4c:68:3e:b8:a4:3d:58:f8:0b:ab:3b:0d:c6:78:29:
         d4:5f:d5:44:a8:c4:59:2b:d3:f6:f6:41:e4:d7:b2:e6:57:04:
         83:4d:5b:97:c0:23:02:3d:73:f7:78:50:23:a1:12:d3:b7:ea:
         ea:f3:62:47:2a:88:7c:e2:b5:8d:9a:c7:e8:32:19:39:18:33:
         9b:a0:4a:2d:15:f2:5a:d0:ab:98:9b:aa:e1:de:78:68:30:d3:
         a3:f3:3b:b0:97:5e:26:e1:71:83:20:7c:58:2b:29:45:9b:a8:
         0e:ff:2d:30
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZk1KS8x8jb30BF8h0P2IGn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZDRkNDlkYTNlMTQ4NTVhN2I4ODM2MDNmZjE0OGMxYmIy
MWY2OTAwHhcNMjUwOTEwMTk0NTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWZlZDU2NjZhYjZhZWMwNTcyNWU3NDJiYTNjNDQ4MTFkYzk0OTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AatQLlsR+I1+ANbEEzqxU1mISZa
idJEokWP0TswdFLUMlk1/euxOSpcmBOv5zDzbqPQ2X2+1xEMrwBBv+VkOdAUYsPz
SUVJ1o4JBjpIGjqCGuXK96Ivs6/jlwe2I1CNn5kMtjKbww443D2yWCzBD3rpdN1Y
a1y/e6/m9JIQzH4duQMMvhW7ZgjSXF2yil+i/pPKPurhYcQWeHn7JK6RSm94UyuQ
mbDj3PRF/APCBstD+mPGL6mEvi169bss17Ovh1GUEvWEzVlibZxZNgLQ6YYXy8pN
D/1nG5Y1UFF00QxCWliwiqwNHeCQEMAxu1QiQiLrZX3bId+NMMv7ukpxVwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJX+1WZqtq7AVyXnQro8RIEdyUkcMB8GA1UdIwQY
MBaAFAXU1J2j4UhVp7iDYD/xSMG7IfaQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQt
NThmMWNiZjNjYWMzLzEvbGY3VlptcTJyc0JYSmVkQ3VqeEVnUjNKU1J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC8xYTNmOTEtMTViYy00ZWI4LTk3ZGQtNThmMWNiZjNjYWMz
LzEvQmRUVW5hUGhTRldudUlOZ1BfRkl3YnNoOXBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhTmADAN
BgkqhkiG9w0BAQsFAAOCAQEAgTTwWZU9Q+EaPL33gwbfajriCJyIApgowHyFR0uu
TF6NHx+Imy2EpkbzeGWCHgHbs0L+15cfhC3oq4HFP3eiJ0vF4nMEzXDQA1vjPIT/
QMphUY9/f/VUrcm9yD4v+trF0Qf8TO7zdnXEpOzRsRrQgY/7r26JLSeYFofgs8EW
aw+xduy0mbGfUMSBAbERc9dChc3ETGg+uKQ9WPgLqzsNxngp1F/VRKjEWSvT9vZB
5Ney5lcEg01bl8AjAj1z93hQI6ES07fq6vNiRyqIfOK1jZrH6DIZORgzm6BKLRXy
WtCrmJuq4d54aDDTo/M7sJdeJuFxgyB8WCspRZuoDv8tMA==
-----END CERTIFICATE-----