Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/VHON0UPXUmDCRotYlV87Iz0_BQA.roa
File:                     VHON0UPXUmDCRotYlV87Iz0_BQA.roa (raw, json)
Hash identifier:          GIyQ67eHu/aoLix8N514mxryUkStZ2+ADYIfzZPnFM0=
Subject key identifier:   54:73:8D:D1:43:D7:52:60:C2:46:8B:58:95:5F:3B:23:3D:3F:05:00
Certificate issuer:       /CN=b0570845c239e9991c89bc5c50431e9087860c4d
Certificate serial:       019B7910DA8B1CB8FD31B175EBCFF127CFF5
Authority key identifier: B0:57:08:45:C2:39:E9:99:1C:89:BC:5C:50:43:1E:90:87:86:0C:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/VHON0UPXUmDCRotYlV87Iz0_BQA.roa
Signing time:             Thu 01 Jan 2026 10:18:26 +0000
ROA not before:           Thu 01 Jan 2026 10:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213680
IP address blocks:        2a14:c600::/32 maxlen: 32
                          2a14:c600::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:79:10:da:8b:1c:b8:fd:31:b1:75:eb:cf:f1:27:cf:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0570845c239e9991c89bc5c50431e9087860c4d
        Validity
            Not Before: Jan  1 10:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=54738dd143d75260c2468b58955f3b233d3f0500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:61:4f:60:30:a9:07:b1:f6:71:ca:c4:6e:87:
                    74:f7:fe:bc:47:68:bf:37:56:9d:dd:89:1e:3a:50:
                    1b:9a:93:fd:42:c2:8c:17:a4:5c:32:6f:a3:7c:51:
                    f9:98:0d:a9:2e:a5:24:25:13:c7:46:a9:7e:12:13:
                    72:ba:0c:6c:71:21:a7:2e:84:8e:6d:43:e4:79:89:
                    55:cf:e6:27:56:24:02:67:da:b1:e9:e7:93:c9:1c:
                    16:d7:50:0b:df:a2:8e:46:d0:08:6c:8f:54:3d:fd:
                    10:7b:c3:62:be:9f:a3:f4:ef:06:3d:31:69:d9:f5:
                    36:26:a3:71:80:da:71:74:06:73:5f:1d:74:30:d3:
                    af:98:7e:97:bc:86:9b:24:f0:2c:e4:cf:8b:36:90:
                    6f:a4:d9:0f:75:dc:02:67:68:90:93:b1:a9:ca:66:
                    00:10:73:cd:7d:85:80:da:74:e8:4c:7a:55:ec:f0:
                    a5:25:8e:5e:fd:40:02:53:c0:71:16:7e:79:65:d9:
                    80:3e:8a:56:88:46:3b:1d:b0:98:18:49:c1:fc:8f:
                    5d:48:6c:ff:8d:6c:b1:dd:b1:56:bc:5d:99:bc:23:
                    63:8c:71:96:62:69:9d:79:50:71:e4:0e:c6:08:e9:
                    d4:95:fd:11:86:3e:ac:4c:df:6c:d0:2b:34:0f:fb:
                    e9:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:73:8D:D1:43:D7:52:60:C2:46:8B:58:95:5F:3B:23:3D:3F:05:00
            X509v3 Authority Key Identifier:
                keyid:B0:57:08:45:C2:39:E9:99:1C:89:BC:5C:50:43:1E:90:87:86:0C:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sFcIRcI56ZkcibxcUEMekIeGDE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/VHON0UPXUmDCRotYlV87Iz0_BQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/1e7c48-f8c2-4679-b771-46ca26aff545/1/sFcIRcI56ZkcibxcUEMekIeGDE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c600::/32

    Signature Algorithm: sha256WithRSAEncryption
         1a:fc:c5:ff:8e:6f:6b:09:f8:c3:b5:4d:65:3d:3b:b2:0c:4b:
         d2:d1:de:a7:a2:80:12:34:b4:97:ef:42:a8:17:91:10:97:5c:
         63:e5:f5:bc:a6:62:a2:3f:b5:bc:18:fc:39:b3:29:d9:60:48:
         2a:ab:ca:02:74:b1:1e:8f:3e:fd:93:66:e3:3d:3f:e5:23:54:
         65:e5:99:87:21:f8:80:0b:fb:b5:f0:42:34:59:46:6a:1c:13:
         56:99:31:51:f2:51:4d:ac:eb:5e:56:8f:25:2e:bf:5b:08:17:
         31:6a:11:0e:d0:9f:c2:cb:10:3f:57:a1:24:2e:2a:dd:0b:95:
         ff:63:c2:8a:9f:e8:42:6c:47:f3:32:46:7f:c9:b1:69:2e:63:
         62:6a:27:2f:e3:5d:7b:cb:b7:4e:6b:75:d5:e2:db:a4:0d:b2:
         42:11:8b:47:63:7c:6d:28:20:00:02:ee:6b:a9:73:ea:9a:b2:
         03:bc:50:8c:ea:c2:c5:c0:da:7d:32:ed:55:18:6c:b3:a5:d6:
         c2:33:3b:94:cd:55:ae:03:0b:8e:26:bc:fc:18:2d:9a:4f:c3:
         8d:46:2a:9e:8a:ae:8f:ba:b2:dc:3a:b5:1e:3b:ba:a8:4d:e5:
         f3:4f:be:a6:1f:5b:42:3d:e1:25:d1:00:3b:b4:9c:d9:ac:5b:
         d2:e7:c6:2f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZt5ENqLHLj9MbF168/xJ8/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwNTcwODQ1YzIzOWU5OTkxYzg5YmM1YzUwNDMxZTkwODc4
NjBjNGQwHhcNMjYwMTAxMTAxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDczOGRkMTQzZDc1MjYwYzI0NjhiNTg5NTVmM2IyMzNkM2YwNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtGFPYDCpB7H2ccrEbod09/68R2i/
N1ad3YkeOlAbmpP9QsKMF6RcMm+jfFH5mA2pLqUkJRPHRql+EhNyugxscSGnLoSO
bUPkeYlVz+YnViQCZ9qx6eeTyRwW11AL36KORtAIbI9UPf0Qe8Nivp+j9O8GPTFp
2fU2JqNxgNpxdAZzXx10MNOvmH6XvIabJPAs5M+LNpBvpNkPddwCZ2iQk7GpymYA
EHPNfYWA2nToTHpV7PClJY5e/UACU8BxFn55ZdmAPopWiEY7HbCYGEnB/I9dSGz/
jWyx3bFWvF2ZvCNjjHGWYmmdeVBx5A7GCOnUlf0Rhj6sTN9s0Cs0D/vpFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFRzjdFD11JgwkaLWJVfOyM9PwUAMB8GA1UdIwQY
MBaAFLBXCEXCOemZHIm8XFBDHpCHhgxNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0ZjSVJjSTU2WmtjaWJ4Y1VFTWVrSWVHREUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy8xZTdjNDgtZjhjMi00Njc5LWI3NzEt
NDZjYTI2YWZmNTQ1LzEvVkhPTjBVUFhVbURDUm90WWxWODdJejBfQlFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy8xZTdjNDgtZjhjMi00Njc5LWI3NzEtNDZjYTI2YWZmNTQ1
LzEvc0ZjSVJjSTU2WmtjaWJ4Y1VFTWVrSWVHREUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhTGADAN
BgkqhkiG9w0BAQsFAAOCAQEAGvzF/45vawn4w7VNZT07sgxL0tHep6KAEjS0l+9C
qBeREJdcY+X1vKZioj+1vBj8ObMp2WBIKqvKAnSxHo8+/ZNm4z0/5SNUZeWZhyH4
gAv7tfBCNFlGahwTVpkxUfJRTazrXlaPJS6/WwgXMWoRDtCfwssQP1ehJC4q3QuV
/2PCip/oQmxH8zJGf8mxaS5jYmonL+Nde8u3Tmt11eLbpA2yQhGLR2N8bSggAALu
a6lz6pqyA7xQjOrCxcDafTLtVRhss6XWwjM7lM1VrgMLjia8/Bgtmk/DjUYqnoqu
j7qy3Dq1Hju6qE3l80++ph9bQj3hJdEAO7Sc2axb0ufGLw==
-----END CERTIFICATE-----