Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/TTHbsr6S4A2WiT-5UCVCIBGXt7g.roa
File:                     TTHbsr6S4A2WiT-5UCVCIBGXt7g.roa (raw, json)
Hash identifier:          tSI1qiCrhqG5RTuDVwd5YnhpKn7WMz1SwKPqjeiWtZ0=
Subject key identifier:   4D:31:DB:B2:BE:92:E0:0D:96:89:3F:B9:50:25:42:20:11:97:B7:B8
Certificate issuer:       /CN=33b65a8baeba4ff621492ebee6fc1e88adb21b03
Certificate serial:       019D21671D1BBB7A066054B13C7B5A3B3C37
Authority key identifier: 33:B6:5A:8B:AE:BA:4F:F6:21:49:2E:BE:E6:FC:1E:88:AD:B2:1B:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/TTHbsr6S4A2WiT-5UCVCIBGXt7g.roa
Signing time:             Tue 24 Mar 2026 19:51:38 +0000
ROA not before:           Tue 24 Mar 2026 19:51:38 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214371
IP address blocks:        2a14:9d04::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 07:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:67:1d:1b:bb:7a:06:60:54:b1:3c:7b:5a:3b:3c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=33b65a8baeba4ff621492ebee6fc1e88adb21b03
        Validity
            Not Before: Mar 24 19:51:38 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4d31dbb2be92e00d96893fb9502542201197b7b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b4:c4:b6:71:b4:0e:f9:21:e6:2c:b0:a1:fe:
                    7e:f9:c2:86:8b:ac:8d:3d:88:e4:10:3a:09:b9:a4:
                    0a:ce:c8:8f:39:81:86:95:e7:7d:7b:e5:44:14:09:
                    74:1d:e8:73:66:e9:37:a4:17:b7:86:2c:c5:45:f0:
                    e7:88:9a:da:5c:03:ae:37:61:1f:76:35:8f:f4:57:
                    93:d7:dc:2b:18:09:22:7d:fa:09:e8:13:53:1d:e9:
                    a4:ba:26:95:62:c1:4c:de:71:09:2c:ff:40:a0:96:
                    38:1d:50:33:33:45:e0:c2:6b:8d:a9:1f:f9:23:8e:
                    fe:fe:8c:21:4b:f0:ca:6f:00:c9:1b:ad:cf:c0:7e:
                    68:9f:51:81:d2:1e:9e:6c:af:a8:4f:4d:f5:48:88:
                    2f:5e:0b:6f:b3:59:b4:d8:01:c1:bc:b5:5d:c4:fd:
                    62:3a:72:55:be:ae:86:e8:42:9c:68:da:a6:11:8a:
                    1c:aa:a5:c6:ed:d3:d5:f3:12:27:e4:3b:21:22:ad:
                    dc:06:91:bd:8e:2a:75:2c:86:39:bd:6a:25:4c:cf:
                    a2:0e:b1:bc:6d:90:df:bd:b7:d3:c9:6f:e5:14:3a:
                    70:47:11:46:61:68:7b:1f:2d:e1:7a:c7:6a:69:d1:
                    0a:be:b0:d3:29:73:6f:39:68:69:fb:cd:a4:24:5e:
                    ce:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:31:DB:B2:BE:92:E0:0D:96:89:3F:B9:50:25:42:20:11:97:B7:B8
            X509v3 Authority Key Identifier:
                keyid:33:B6:5A:8B:AE:BA:4F:F6:21:49:2E:BE:E6:FC:1E:88:AD:B2:1B:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M7Zai666T_YhSS6-5vweiK2yGwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/TTHbsr6S4A2WiT-5UCVCIBGXt7g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/aabc6c-0456-4935-a469-d547185512de/1/M7Zai666T_YhSS6-5vweiK2yGwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:9d04::/32

    Signature Algorithm: sha256WithRSAEncryption
         67:12:2d:e8:96:12:c1:ce:f0:e8:80:ce:a5:be:d3:fb:94:39:
         13:ae:fb:6f:6a:de:67:e4:65:b0:29:7d:1f:d5:4e:91:08:bb:
         40:56:6b:c6:35:18:8a:3b:a3:3e:fa:19:c2:4d:21:76:33:bb:
         8e:86:dc:4e:99:33:68:f0:6a:31:10:70:39:77:b7:e7:40:33:
         f7:bb:ae:84:0c:6d:ff:cd:9a:7b:e0:7e:ec:23:2f:a1:cb:5a:
         35:26:dd:13:69:92:22:e7:95:35:ce:e3:95:25:b8:04:c0:f6:
         0f:e3:0a:b3:68:57:cf:df:2a:3e:8b:9d:69:00:1c:c4:81:26:
         6b:ba:f2:01:54:fd:73:ec:93:a3:cb:f2:5a:65:0b:20:26:42:
         df:ae:b9:88:97:d5:bc:8d:ef:26:5e:d5:a2:48:e5:6f:4f:8c:
         5c:9b:f8:a4:9f:b6:e4:8c:88:90:50:a9:5f:a5:a8:97:5f:79:
         1b:72:76:37:03:67:5b:54:5e:2e:9c:44:bb:a5:94:5b:cd:01:
         d5:46:60:ba:42:56:68:2a:aa:72:11:70:8f:87:f8:38:60:8f:
         27:5e:76:b5:0e:e1:87:64:6f:12:77:e9:fb:fb:22:b8:ba:96:
         0a:41:f1:1f:af:ca:de:f2:69:56:86:21:27:d2:b2:26:db:8e:
         56:c9:36:4d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ0hZx0bu3oGYFSxPHtaOzw3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzYjY1YThiYWViYTRmZjYyMTQ5MmViZWU2ZmMxZTg4YWRi
MjFiMDMwHhcNMjYwMzI0MTk1MTM4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDMxZGJiMmJlOTJlMDBkOTY4OTNmYjk1MDI1NDIyMDExOTdiN2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbTEtnG0Dvkh5iywof5++cKGi6yN
PYjkEDoJuaQKzsiPOYGGled9e+VEFAl0HehzZuk3pBe3hizFRfDniJraXAOuN2Ef
djWP9FeT19wrGAkiffoJ6BNTHemkuiaVYsFM3nEJLP9AoJY4HVAzM0XgwmuNqR/5
I47+/owhS/DKbwDJG63PwH5on1GB0h6ebK+oT031SIgvXgtvs1m02AHBvLVdxP1i
OnJVvq6G6EKcaNqmEYocqqXG7dPV8xIn5DshIq3cBpG9jip1LIY5vWolTM+iDrG8
bZDfvbfTyW/lFDpwRxFGYWh7Hy3hesdqadEKvrDTKXNvOWhp+82kJF7OywIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFE0x27K+kuANlok/uVAlQiARl7e4MB8GA1UdIwQY
MBaAFDO2Wouuuk/2IUkuvub8HoitshsDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTdaYWk2NjZUX1loU1M2LTV2d2VpSzJ5R3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9hYWJjNmMtMDQ1Ni00OTM1LWE0Njkt
ZDU0NzE4NTUxMmRlLzEvVFRIYnNyNlM0QTJXaVQtNVVDVkNJQkdYdDdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9hYWJjNmMtMDQ1Ni00OTM1LWE0NjktZDU0NzE4NTUxMmRl
LzEvTTdaYWk2NjZUX1loU1M2LTV2d2VpSzJ5R3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhSdBDAN
BgkqhkiG9w0BAQsFAAOCAQEAZxIt6JYSwc7w6IDOpb7T+5Q5E677b2reZ+RlsCl9
H9VOkQi7QFZrxjUYijujPvoZwk0hdjO7jobcTpkzaPBqMRBwOXe350Az97uuhAxt
/82ae+B+7CMvoctaNSbdE2mSIueVNc7jlSW4BMD2D+MKs2hXz98qPoudaQAcxIEm
a7ryAVT9c+yTo8vyWmULICZC3665iJfVvI3vJl7Vokjlb0+MXJv4pJ+25IyIkFCp
X6Wol195G3J2NwNnW1ReLpxEu6WUW80B1UZgukJWaCqqchFwj4f4OGCPJ152tQ7h
h2RvEnfp+/siuLqWCkHxH6/K3vJpVoYhJ9KyJtuOVsk2TQ==
-----END CERTIFICATE-----