Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/u2IX4EkJai3ioexOHoYjM2Ml8to.roa
File:                     u2IX4EkJai3ioexOHoYjM2Ml8to.roa (raw, json)
Hash identifier:          i4BxE3GSGZ+ekdiImOCsHefGInEBVb9xygrEnrf4oC0=
Subject key identifier:   BB:62:17:E0:49:09:6A:2D:E2:A1:EC:4E:1E:86:23:33:63:25:F2:DA
Certificate issuer:       /CN=e1257eaabbf604d4570055c2cd8ac249bb29c106
Certificate serial:       0199D2D1A35ADFBBD70696839B205DEC0588
Authority key identifier: E1:25:7E:AA:BB:F6:04:D4:57:00:55:C2:CD:8A:C2:49:BB:29:C1:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4SV-qrv2BNRXAFXCzYrCSbspwQY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/u2IX4EkJai3ioexOHoYjM2Ml8to.roa
Signing time:             Sat 11 Oct 2025 10:29:38 +0000
ROA not before:           Sat 11 Oct 2025 10:29:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     55201
IP address blocks:        2a14:4c42::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/4SV-qrv2BNRXAFXCzYrCSbspwQY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/4SV-qrv2BNRXAFXCzYrCSbspwQY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4SV-qrv2BNRXAFXCzYrCSbspwQY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 16:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d2:d1:a3:5a:df:bb:d7:06:96:83:9b:20:5d:ec:05:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1257eaabbf604d4570055c2cd8ac249bb29c106
        Validity
            Not Before: Oct 11 10:29:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bb6217e049096a2de2a1ec4e1e8623336325f2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:92:0e:9f:a7:a8:74:9c:95:d6:fc:b3:0f:2c:
                    c1:39:32:e8:59:09:f9:bb:20:c2:1a:c3:91:43:e1:
                    13:de:19:13:ba:42:09:14:ed:be:43:9b:c3:2c:6a:
                    22:e7:2d:6d:e0:f5:88:1b:0c:76:f4:6f:88:76:eb:
                    a5:36:ae:e7:16:60:b5:2b:33:f5:09:fb:50:7a:91:
                    5d:10:1c:af:b2:54:02:d5:d4:6f:e2:14:6b:5a:80:
                    0c:b3:e4:0b:96:75:ad:b8:d0:33:55:29:fd:23:b6:
                    94:1d:6d:4f:3b:52:5b:23:1a:52:20:b3:0f:73:78:
                    cf:ac:04:f9:4f:95:c9:94:06:a2:45:d9:fe:9d:45:
                    d0:11:8b:02:09:a9:9c:a3:dd:e9:f5:b1:62:d9:b5:
                    58:9b:46:0b:db:4e:91:81:f4:31:b2:7c:d8:23:89:
                    70:57:f4:e1:23:a1:dc:e8:de:d0:bc:9f:01:41:3b:
                    69:7c:e3:2e:e5:38:6e:12:d5:c5:ec:91:e6:32:93:
                    69:f5:78:56:12:70:47:14:66:ab:c4:d5:08:89:e8:
                    c6:00:70:19:e5:32:b3:86:99:3e:66:e5:d8:81:c5:
                    e0:9d:b8:b1:e8:e1:35:90:02:4d:16:9e:11:8e:22:
                    10:d8:31:1b:69:bc:60:24:f1:dd:af:b7:6d:a8:5f:
                    13:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:62:17:E0:49:09:6A:2D:E2:A1:EC:4E:1E:86:23:33:63:25:F2:DA
            X509v3 Authority Key Identifier:
                keyid:E1:25:7E:AA:BB:F6:04:D4:57:00:55:C2:CD:8A:C2:49:BB:29:C1:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4SV-qrv2BNRXAFXCzYrCSbspwQY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/u2IX4EkJai3ioexOHoYjM2Ml8to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/49bbd2-fe36-45d7-8def-81fa874ee2ed/1/4SV-qrv2BNRXAFXCzYrCSbspwQY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:4c42::/32

    Signature Algorithm: sha256WithRSAEncryption
         01:06:de:67:4f:92:be:60:be:e3:a9:45:ab:2f:db:38:df:fc:
         68:70:c1:cc:fc:29:85:a0:36:82:e8:1c:28:7a:bb:7b:5e:e1:
         fe:e9:c3:1d:aa:9c:56:d8:f3:8f:9b:ea:a2:8e:4f:2e:15:a5:
         3d:bb:1e:86:29:db:a9:19:99:7b:a5:2f:3f:c9:1e:c8:1e:5c:
         63:c4:77:3c:94:b7:14:4b:6e:86:3b:2a:14:fb:3a:aa:40:9b:
         e8:7b:30:46:ba:30:70:97:ac:f0:1b:b0:f8:1e:11:7a:5e:58:
         14:bb:6b:f6:3a:d5:bb:2e:72:5d:44:b1:fd:66:ae:9d:15:dc:
         4d:07:36:7d:53:36:4a:d6:1d:d3:24:1e:6f:9e:7d:dd:e2:e3:
         91:6c:1b:9a:b6:d7:29:36:31:be:d6:72:23:71:a6:86:6c:30:
         bc:bd:06:e1:5f:d3:4d:3c:ab:3a:77:41:5a:6b:0e:c2:9d:bf:
         73:1c:d4:60:f0:65:95:d2:70:1f:20:ca:f9:02:ee:2e:53:8e:
         46:42:d1:6e:62:3b:16:a9:89:af:68:a7:62:21:6c:1e:11:ef:
         d6:37:67:6b:7e:af:8a:2a:14:01:94:30:88:7a:fd:1f:7e:fc:
         d5:00:ef:27:91:df:8e:1f:70:c7:b8:d5:3b:ff:15:d8:3f:d5:
         49:e8:80:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZnS0aNa37vXBpaDmyBd7AWIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxMjU3ZWFhYmJmNjA0ZDQ1NzAwNTVjMmNkOGFjMjQ5YmIy
OWMxMDYwHhcNMjUxMDExMTAyOTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjYyMTdlMDQ5MDk2YTJkZTJhMWVjNGUxZTg2MjMzMzYzMjVmMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZIOn6eodJyV1vyzDyzBOTLoWQn5
uyDCGsORQ+ET3hkTukIJFO2+Q5vDLGoi5y1t4PWIGwx29G+IduulNq7nFmC1KzP1
CftQepFdEByvslQC1dRv4hRrWoAMs+QLlnWtuNAzVSn9I7aUHW1PO1JbIxpSILMP
c3jPrAT5T5XJlAaiRdn+nUXQEYsCCamco93p9bFi2bVYm0YL206RgfQxsnzYI4lw
V/ThI6Hc6N7QvJ8BQTtpfOMu5ThuEtXF7JHmMpNp9XhWEnBHFGarxNUIiejGAHAZ
5TKzhpk+ZuXYgcXgnbix6OE1kAJNFp4RjiIQ2DEbabxgJPHdr7dtqF8TWQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLtiF+BJCWot4qHsTh6GIzNjJfLaMB8GA1UdIwQY
MBaAFOElfqq79gTUVwBVws2Kwkm7KcEGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFNWLXFydjJCTlJYQUZYQ3pZckNTYnNwd1FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS80OWJiZDItZmUzNi00NWQ3LThkZWYt
ODFmYTg3NGVlMmVkLzEvdTJJWDRFa0phaTNpb2V4T0hvWWpNMk1sOHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS80OWJiZDItZmUzNi00NWQ3LThkZWYtODFmYTg3NGVlMmVk
LzEvNFNWLXFydjJCTlJYQUZYQ3pZckNTYnNwd1FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhRMQjAN
BgkqhkiG9w0BAQsFAAOCAQEAAQbeZ0+SvmC+46lFqy/bON/8aHDBzPwphaA2gugc
KHq7e17h/unDHaqcVtjzj5vqoo5PLhWlPbsehinbqRmZe6UvP8keyB5cY8R3PJS3
FEtuhjsqFPs6qkCb6HswRrowcJes8Buw+B4Rel5YFLtr9jrVuy5yXUSx/WaunRXc
TQc2fVM2StYd0yQeb5593eLjkWwbmrbXKTYxvtZyI3GmhmwwvL0G4V/TTTyrOndB
WmsOwp2/cxzUYPBlldJwHyDK+QLuLlOORkLRbmI7FqmJr2inYiFsHhHv1jdna36v
iioUAZQwiHr9H3781QDvJ5Hfjh9wx7jVO/8V2D/VSeiAKQ==
-----END CERTIFICATE-----