Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/DEoPflUoAx_lO5YKFW5dVL1SfPQ.roa
File:                     DEoPflUoAx_lO5YKFW5dVL1SfPQ.roa (raw, json)
Hash identifier:          rfcs2xrkG2JeTMEhi4yqRfg2JquqX/xyYexgoyJb2bI=
Subject key identifier:   0C:4A:0F:7E:55:28:03:1F:E5:3B:96:0A:15:6E:5D:54:BD:52:7C:F4
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       0199AB2B874145F112DF13EA7E71F01276F3
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/DEoPflUoAx_lO5YKFW5dVL1SfPQ.roa
Signing time:             Fri 03 Oct 2025 17:43:00 +0000
ROA not before:           Fri 03 Oct 2025 17:43:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213501
IP address blocks:        2a14:c380:14::/48 maxlen: 48
                          2a14:c380:15::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 20:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ab:2b:87:41:45:f1:12:df:13:ea:7e:71:f0:12:76:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Oct  3 17:43:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c4a0f7e5528031fe53b960a156e5d54bd527cf4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:3a:3e:bf:05:36:45:82:03:b5:69:17:73:13:
                    c0:e3:f2:01:06:58:73:e0:26:82:ee:cd:f6:96:01:
                    7d:8d:21:2a:b8:af:c0:46:62:ff:8f:f1:6a:c5:70:
                    28:3c:5f:a1:4c:14:6e:80:cc:80:fc:f6:0c:1d:a2:
                    7d:4a:e6:58:f5:b1:1e:14:0a:4f:a1:6e:75:de:53:
                    a6:e7:37:10:54:d9:12:90:f0:ef:6b:0b:ab:13:c9:
                    7d:56:99:54:89:7e:0b:fc:be:eb:84:85:fe:62:a5:
                    a9:31:15:83:46:dc:9d:45:a6:24:b5:96:44:13:92:
                    3d:7a:ed:ff:ba:69:41:2b:db:41:77:4a:c0:e8:21:
                    0c:48:e6:da:a2:1e:e7:b1:1b:33:6b:d9:54:45:07:
                    6f:e6:15:36:4e:5f:b2:ed:32:7e:30:77:7c:21:97:
                    7a:1a:0f:b6:76:92:05:de:ce:5c:0c:90:88:91:66:
                    2a:b6:d7:22:34:1b:92:b1:68:4f:21:3e:a9:99:4f:
                    1c:6e:e7:df:bd:78:9e:bd:d0:7d:9f:c8:d7:a8:a6:
                    e0:91:eb:bc:18:5b:2f:29:dd:b0:0d:a4:86:e7:2f:
                    33:8d:38:e9:ce:34:28:3c:63:49:9f:bf:39:df:07:
                    20:10:b4:e8:e9:09:de:ec:c0:7a:40:df:fe:49:ca:
                    8e:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:4A:0F:7E:55:28:03:1F:E5:3B:96:0A:15:6E:5D:54:BD:52:7C:F4
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/DEoPflUoAx_lO5YKFW5dVL1SfPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:14::/47

    Signature Algorithm: sha256WithRSAEncryption
         8f:09:62:0e:a5:87:88:1d:17:ba:52:89:31:53:00:a2:ad:9e:
         62:af:a5:63:cd:aa:4f:2c:a2:17:70:e0:8c:12:6f:5d:cd:97:
         17:13:36:46:b6:80:66:80:77:9a:43:f5:8e:30:ba:04:df:b6:
         3b:95:5b:c4:08:7a:c8:d6:5c:be:d0:ea:98:0e:a1:f3:4c:7b:
         c3:c7:af:e1:a0:2b:19:47:2d:0c:20:5d:24:91:d4:b4:01:dc:
         1d:fb:b5:c4:3b:c8:1b:05:46:4f:73:f1:99:12:fe:f8:b6:e8:
         e6:7d:1a:8f:29:11:ff:fe:86:15:4b:b3:0c:4a:8d:5b:f1:46:
         24:79:bf:3d:3a:00:22:3c:72:b6:70:32:cc:48:6d:6e:0e:b3:
         7d:12:df:1f:b7:d7:a0:29:1b:f7:54:f6:50:b6:81:ba:94:21:
         07:60:1e:f3:d6:5d:e2:dd:9b:ca:9a:ba:7c:6e:00:34:cb:54:
         85:68:68:a7:de:4f:d8:ad:d3:15:9d:12:87:85:86:4a:b9:25:
         1e:21:fa:41:12:ac:1f:22:be:8b:b3:c2:8d:2b:10:7e:87:68:
         ba:35:76:9e:79:60:ce:22:39:eb:b8:88:8e:11:22:02:3b:a3:
         9d:f8:19:87:00:17:d4:a4:70:7f:36:8c:4b:d3:be:a0:e7:48:
         db:9a:c1:70
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmrK4dBRfES3xPqfnHwEnbzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjUxMDAzMTc0MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzRhMGY3ZTU1MjgwMzFmZTUzYjk2MGExNTZlNWQ1NGJkNTI3Y2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTo+vwU2RYIDtWkXcxPA4/IBBlhz
4CaC7s32lgF9jSEquK/ARmL/j/FqxXAoPF+hTBRugMyA/PYMHaJ9SuZY9bEeFApP
oW513lOm5zcQVNkSkPDvawurE8l9VplUiX4L/L7rhIX+YqWpMRWDRtydRaYktZZE
E5I9eu3/umlBK9tBd0rA6CEMSObaoh7nsRsza9lURQdv5hU2Tl+y7TJ+MHd8IZd6
Gg+2dpIF3s5cDJCIkWYqttciNBuSsWhPIT6pmU8cbuffvXievdB9n8jXqKbgkeu8
GFsvKd2wDaSG5y8zjTjpzjQoPGNJn7853wcgELTo6Qne7MB6QN/+ScqORQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFAxKD35VKAMf5TuWChVuXVS9Unz0MB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvREVvUGZsVW9BeF9sTzVZS0ZXNWRWTDFTZlBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcBKhTDgAAU
MA0GCSqGSIb3DQEBCwUAA4IBAQCPCWIOpYeIHRe6UokxUwCirZ5ir6VjzapPLKIX
cOCMEm9dzZcXEzZGtoBmgHeaQ/WOMLoE37Y7lVvECHrI1ly+0OqYDqHzTHvDx6/h
oCsZRy0MIF0kkdS0Adwd+7XEO8gbBUZPc/GZEv74tujmfRqPKRH//oYVS7MMSo1b
8UYkeb89OgAiPHK2cDLMSG1uDrN9Et8ft9egKRv3VPZQtoG6lCEHYB7z1l3i3ZvK
mrp8bgA0y1SFaGin3k/YrdMVnRKHhYZKuSUeIfpBEqwfIr6Ls8KNKxB+h2i6NXae
eWDOIjnruIiOESICO6Od+BmHABfUpHB/NoxL076g50jbmsFw
-----END CERTIFICATE-----