Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/kZsXR7fR0Ou_RuvSVexqd7WF5Zw.roa
File:                     kZsXR7fR0Ou_RuvSVexqd7WF5Zw.roa (raw, json)
Hash identifier:          VeB6BvnRbCRLPDDkoYsxbMM4NdMeIicaUa0njjeL7mg=
Subject key identifier:   91:9B:17:47:B7:D1:D0:EB:BF:46:EB:D2:55:EC:6A:77:B5:85:E5:9C
Certificate issuer:       /CN=d90482763070955e7ea87e2ca37b891b864b2577
Certificate serial:       01987E89126913C1293BBA9E3A2112043A90
Authority key identifier: D9:04:82:76:30:70:95:5E:7E:A8:7E:2C:A3:7B:89:1B:86:4B:25:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2QSCdjBwlV5-qH4so3uJG4ZLJXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/kZsXR7fR0Ou_RuvSVexqd7WF5Zw.roa
Signing time:             Wed 06 Aug 2025 08:39:29 +0000
ROA not before:           Wed 06 Aug 2025 08:39:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209642
IP address blocks:        2a14:7540::/40 maxlen: 48
                          2a14:7540:100::/40 maxlen: 40
                          2a14:7540:200::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/2QSCdjBwlV5-qH4so3uJG4ZLJXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/2QSCdjBwlV5-qH4so3uJG4ZLJXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2QSCdjBwlV5-qH4so3uJG4ZLJXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7e:89:12:69:13:c1:29:3b:ba:9e:3a:21:12:04:3a:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d90482763070955e7ea87e2ca37b891b864b2577
        Validity
            Not Before: Aug  6 08:39:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=919b1747b7d1d0ebbf46ebd255ec6a77b585e59c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:7e:3c:b8:d9:39:32:5d:42:85:66:58:92:55:
                    34:51:ac:15:95:9d:97:db:f1:73:a6:b7:7d:35:c9:
                    19:f2:05:93:71:24:31:be:e8:56:42:2c:1e:0d:d5:
                    5f:a0:a2:3f:0f:de:71:bd:f7:3f:bd:9f:43:00:87:
                    af:e8:cc:1e:1f:d2:9f:b8:16:f3:d9:29:69:05:a7:
                    76:b6:fc:4d:fa:53:9e:5c:06:2c:0f:26:e6:4d:29:
                    51:7c:d1:d0:6c:41:45:ad:ae:c1:01:06:c8:67:b6:
                    9c:7c:0c:68:2e:3c:89:b1:f5:1c:2f:00:d2:8d:b7:
                    e8:cd:21:4f:db:12:b2:d8:9d:9c:05:f5:7a:18:06:
                    c2:50:89:05:5e:5f:3a:22:87:26:21:5e:7a:d0:dd:
                    8e:66:fa:25:3a:84:af:2d:c8:22:40:ef:17:6d:fa:
                    d7:d9:12:b5:f5:4c:3e:f3:36:22:d1:b0:b9:bb:93:
                    5c:e1:cd:3d:59:12:d8:d5:1c:ad:b3:81:ba:69:c2:
                    7b:b3:2e:87:03:37:46:24:2d:6f:35:c3:9c:1d:43:
                    3f:b8:14:db:64:79:f0:4d:3a:b0:ed:21:60:5c:f7:
                    2b:97:e1:0e:c8:ec:01:f6:fd:a1:1b:b0:c7:7e:20:
                    ea:e4:b4:11:5e:4c:ec:3c:3c:b8:2a:02:f0:c8:ab:
                    b8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:9B:17:47:B7:D1:D0:EB:BF:46:EB:D2:55:EC:6A:77:B5:85:E5:9C
            X509v3 Authority Key Identifier:
                keyid:D9:04:82:76:30:70:95:5E:7E:A8:7E:2C:A3:7B:89:1B:86:4B:25:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2QSCdjBwlV5-qH4so3uJG4ZLJXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/kZsXR7fR0Ou_RuvSVexqd7WF5Zw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/94c2bb-e80a-4f2c-8208-a9b2766773aa/1/2QSCdjBwlV5-qH4so3uJG4ZLJXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:7540::-2a14:7540:2ff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         78:7b:d8:1e:83:5b:1a:14:25:84:c4:48:f1:39:1c:76:9c:95:
         51:77:25:16:85:32:e1:9c:f8:ac:56:3d:df:29:76:9e:4d:0b:
         1b:b5:7d:25:aa:b7:b5:d8:1f:c1:5a:87:ab:44:66:b7:03:a9:
         0e:e2:bc:1a:1f:8a:32:6c:2d:98:d2:81:93:79:36:f7:fc:7c:
         23:cf:59:aa:db:18:97:90:f7:e4:c5:c8:61:6e:8b:0a:08:82:
         2c:e8:58:54:e6:ed:a2:39:ef:09:b5:d3:d4:d3:88:a4:14:65:
         1f:ca:03:ec:2a:94:36:49:07:e4:66:ac:db:27:5e:80:93:09:
         41:9d:f9:d2:29:b2:32:d7:22:91:ca:75:4a:0b:e9:6c:13:bc:
         91:aa:fe:07:ca:e9:4d:5b:e3:0a:e0:17:ab:bb:12:51:89:f3:
         e4:a7:81:94:95:3f:82:2f:6b:5d:31:86:8e:d6:e5:af:62:2d:
         6c:e8:43:2a:44:f0:ab:1b:62:4e:4b:51:10:62:6b:ae:90:75:
         ec:e3:d6:41:28:c2:9b:d5:aa:f1:a2:5a:90:d8:41:7a:f7:ca:
         3a:6a:e6:28:f9:14:c5:58:cf:2e:9a:6c:db:21:08:da:b9:63:
         59:f1:cc:a7:f8:7c:23:98:9b:f8:7a:cd:5d:8a:4f:3c:a7:73:
         f2:e0:2d:31
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZh+iRJpE8EpO7qeOiESBDqQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ5MDQ4Mjc2MzA3MDk1NWU3ZWE4N2UyY2EzN2I4OTFiODY0
YjI1NzcwHhcNMjUwODA2MDgzOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTliMTc0N2I3ZDFkMGViYmY0NmViZDI1NWVjNmE3N2I1ODVlNTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnH48uNk5Ml1ChWZYklU0UawVlZ2X
2/Fzprd9NckZ8gWTcSQxvuhWQiweDdVfoKI/D95xvfc/vZ9DAIev6MweH9KfuBbz
2SlpBad2tvxN+lOeXAYsDybmTSlRfNHQbEFFra7BAQbIZ7acfAxoLjyJsfUcLwDS
jbfozSFP2xKy2J2cBfV6GAbCUIkFXl86IocmIV560N2OZvolOoSvLcgiQO8XbfrX
2RK19Uw+8zYi0bC5u5Nc4c09WRLY1Ryts4G6acJ7sy6HAzdGJC1vNcOcHUM/uBTb
ZHnwTTqw7SFgXPcrl+EOyOwB9v2hG7DHfiDq5LQRXkzsPDy4KgLwyKu4CQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFJGbF0e30dDrv0br0lXsane1heWcMB8GA1UdIwQY
MBaAFNkEgnYwcJVefqh+LKN7iRuGSyV3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMlFTQ2RqQndsVjUtcUg0c28zdUpHNFpMSlhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC85NGMyYmItZTgwYS00ZjJjLTgyMDgt
YTliMjc2Njc3M2FhLzEva1pzWFI3ZlIwT3VfUnV2U1ZleHFkN1dGNVp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC85NGMyYmItZTgwYS00ZjJjLTgyMDgtYTliMjc2Njc3M2Fh
LzEvMlFTQ2RqQndsVjUtcUg0c28zdUpHNFpMSlhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARMA8DBQYqFHVA
AwYAKhR1QAIwDQYJKoZIhvcNAQELBQADggEBAHh72B6DWxoUJYTESPE5HHaclVF3
JRaFMuGc+KxWPd8pdp5NCxu1fSWqt7XYH8Fah6tEZrcDqQ7ivBofijJsLZjSgZN5
Nvf8fCPPWarbGJeQ9+TFyGFuiwoIgizoWFTm7aI57wm109TTiKQUZR/KA+wqlDZJ
B+RmrNsnXoCTCUGd+dIpsjLXIpHKdUoL6WwTvJGq/gfK6U1b4wrgF6u7ElGJ8+Sn
gZSVP4Iva10xho7W5a9iLWzoQypE8KsbYk5LURBia66Qdezj1kEowpvVqvGiWpDY
QXr3yjpq5ij5FMVYzy6abNshCNq5Y1nxzKf4fCOYm/h6zV2KTzync/LgLTE=
-----END CERTIFICATE-----