Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/B177TXCjYq9LAn-C0rZIHgwo_Cw.roa
File:                     B177TXCjYq9LAn-C0rZIHgwo_Cw.roa (raw, json)
Hash identifier:          hzx/dYutgrUSdFCSwXOcXrzH5D2J7g8zHnWJG1zg3qU=
Subject key identifier:   07:5E:FB:4D:70:A3:62:AF:4B:02:7F:82:D2:B6:48:1E:0C:28:FC:2C
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019DB6DBBB4327F7B9A4812B45DCA0D75A4D
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/B177TXCjYq9LAn-C0rZIHgwo_Cw.roa
Signing time:             Wed 22 Apr 2026 20:22:26 +0000
ROA not before:           Wed 22 Apr 2026 20:22:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200912
IP address blocks:        2a14:c380:26::/48 maxlen: 48
                          2a14:c380:140::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:db:bb:43:27:f7:b9:a4:81:2b:45:dc:a0:d7:5a:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Apr 22 20:22:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=075efb4d70a362af4b027f82d2b6481e0c28fc2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:8c:63:96:6e:83:64:23:61:4c:78:a8:00:af:
                    28:19:01:ea:a9:5d:fb:12:3f:33:ea:0f:32:42:05:
                    41:7b:18:00:ab:d9:4b:35:df:82:f3:ba:25:d0:69:
                    b8:75:5d:83:5b:b5:a5:cc:82:d0:95:0c:15:61:2f:
                    b3:62:f7:ce:7d:20:f0:01:07:a9:f9:05:64:16:05:
                    d5:48:eb:bc:05:45:98:14:f3:4d:01:46:f5:f4:08:
                    0f:a7:1c:fb:1c:65:8e:e1:1c:9e:72:ee:f3:47:9d:
                    c2:25:02:e8:75:b2:6f:63:d1:ce:b9:8e:73:f8:19:
                    b8:26:db:b7:26:b8:8f:77:6f:7f:b4:98:40:3a:be:
                    59:26:72:80:52:67:8e:a7:47:d2:63:82:70:e5:10:
                    5a:94:12:2d:46:06:9c:39:68:9b:65:44:02:ec:6a:
                    03:55:27:ba:5a:01:e5:85:1c:4f:9d:ac:89:1a:24:
                    e5:85:ee:bb:1b:2c:80:fb:d6:e7:5d:6b:2e:4f:ed:
                    ef:36:b7:61:a4:a0:f6:0b:65:de:d3:6a:c0:59:f9:
                    a7:30:98:6c:07:66:26:b5:d1:15:d2:b9:9c:17:d2:
                    a0:fb:95:cf:be:2a:a0:cb:86:5f:de:f6:79:50:ec:
                    57:b0:e2:cd:31:30:91:44:91:d3:28:60:64:f0:9a:
                    98:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:5E:FB:4D:70:A3:62:AF:4B:02:7F:82:D2:B6:48:1E:0C:28:FC:2C
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/B177TXCjYq9LAn-C0rZIHgwo_Cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:26::/48
                  2a14:c380:140::/44

    Signature Algorithm: sha256WithRSAEncryption
         49:fa:d1:e4:bc:86:38:dd:b5:60:34:24:23:27:8e:d3:ce:bd:
         74:12:75:ea:65:4f:03:19:55:37:a9:b3:4e:4c:3b:ba:dc:fa:
         4f:8c:17:6d:73:03:c8:68:c9:8a:4a:42:db:37:21:42:64:db:
         b3:c0:d0:76:06:5d:25:89:c0:f1:7b:b5:56:ea:7c:ac:90:4e:
         5b:40:40:3a:91:f4:b8:11:5b:68:63:f4:d1:72:48:8c:a0:d1:
         f7:18:65:01:c2:ad:b2:d0:a6:cf:4f:72:0a:d7:d1:f6:d1:a7:
         27:ab:ad:cb:4f:df:36:3a:6e:8d:47:b3:cd:ba:50:9c:8d:fc:
         0b:14:86:d1:36:af:f3:ff:16:fd:06:33:89:a9:31:24:25:66:
         94:04:1d:fb:4d:6d:94:0b:0d:bc:6e:49:ed:7c:ab:ca:40:bd:
         e5:1d:25:e3:1f:9d:dd:83:a7:47:75:6b:16:97:45:88:5b:2e:
         33:7a:01:dc:ec:8d:50:72:1a:16:3f:24:a6:e0:45:7e:45:ea:
         89:cc:8a:5b:92:c8:26:57:13:5a:64:d9:d5:7d:da:43:96:ca:
         e6:9c:8c:92:01:93:5d:dd:87:c6:61:e9:e3:20:5b:30:5f:72:
         cf:4e:ee:2e:54:d9:62:65:2c:fe:cf:83:24:7a:5f:be:41:aa:
         ba:a9:fc:d2
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2227tDJ/e5pIErRdyg11pNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNDIyMjAyMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzVlZmI0ZDcwYTM2MmFmNGIwMjdmODJkMmI2NDgxZTBjMjhmYzJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoxjlm6DZCNhTHioAK8oGQHqqV37
Ej8z6g8yQgVBexgAq9lLNd+C87ol0Gm4dV2DW7WlzILQlQwVYS+zYvfOfSDwAQep
+QVkFgXVSOu8BUWYFPNNAUb19AgPpxz7HGWO4Ryecu7zR53CJQLodbJvY9HOuY5z
+Bm4Jtu3JriPd29/tJhAOr5ZJnKAUmeOp0fSY4Jw5RBalBItRgacOWibZUQC7GoD
VSe6WgHlhRxPnayJGiTlhe67GyyA+9bnXWsuT+3vNrdhpKD2C2Xe02rAWfmnMJhs
B2YmtdEV0rmcF9Kg+5XPviqgy4Zf3vZ5UOxXsOLNMTCRRJHTKGBk8JqYxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFAde+01wo2KvSwJ/gtK2SB4MKPwsMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvQjE3N1RYQ2pZcTlMQW4tQzByWklIZ3dvX0N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKhTDgAAm
AwcEKhTDgAFAMA0GCSqGSIb3DQEBCwUAA4IBAQBJ+tHkvIY43bVgNCQjJ47Tzr10
EnXqZU8DGVU3qbNOTDu63PpPjBdtcwPIaMmKSkLbNyFCZNuzwNB2Bl0licDxe7VW
6nyskE5bQEA6kfS4EVtoY/TRckiMoNH3GGUBwq2y0KbPT3IK19H20acnq63LT982
Om6NR7PNulCcjfwLFIbRNq/z/xb9BjOJqTEkJWaUBB37TW2UCw28bkntfKvKQL3l
HSXjH53dg6dHdWsWl0WIWy4zegHc7I1QchoWPySm4EV+ReqJzIpbksgmVxNaZNnV
fdpDlsrmnIySAZNd3YfGYenjIFswX3LPTu4uVNliZSz+z4Mkel++Qaq6qfzS
-----END CERTIFICATE-----