Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/S-wG2gXYzlfyyCnKFtYjHixCgOI.roa
File:                     S-wG2gXYzlfyyCnKFtYjHixCgOI.roa (raw, json)
Hash identifier:          ww8aAkrw5SsMaFszJydavW3emQm+RT4/tZruMVxX+Z0=
Subject key identifier:   4B:EC:06:DA:05:D8:CE:57:F2:C8:29:CA:16:D6:23:1E:2C:42:80:E2
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019CC938C5B735EB6CB2CF0F5F10EEC634F6
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/S-wG2gXYzlfyyCnKFtYjHixCgOI.roa
Signing time:             Sat 07 Mar 2026 16:54:26 +0000
ROA not before:           Sat 07 Mar 2026 16:54:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204330
IP address blocks:        2a14:c380:100::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c9:38:c5:b7:35:eb:6c:b2:cf:0f:5f:10:ee:c6:34:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Mar  7 16:54:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4bec06da05d8ce57f2c829ca16d6231e2c4280e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:29:b0:a8:d8:0f:c0:6c:27:ce:ec:e7:11:dc:
                    e5:62:ac:5e:05:0a:59:0c:e8:28:e7:29:36:eb:5e:
                    b9:14:1c:1d:5a:d9:a6:83:12:d9:4f:20:2b:47:61:
                    85:7f:65:8a:bb:b3:34:74:7e:dd:52:4f:8e:d8:05:
                    5b:c8:c8:24:eb:65:78:ca:6b:f0:0c:28:cc:5c:b0:
                    01:55:28:4b:d0:1c:82:40:92:2d:24:28:a3:28:47:
                    73:81:87:67:87:5c:77:b8:5c:d6:aa:af:0a:36:33:
                    ef:79:98:82:32:f0:a6:fc:6a:b6:e7:04:12:a2:42:
                    d6:9c:d5:67:f5:36:94:f6:40:68:65:11:76:98:15:
                    9a:4c:40:da:ee:1f:cc:0a:b1:ce:6d:fd:0c:09:4b:
                    78:6b:4e:7b:9b:59:8c:81:3a:17:92:4b:be:39:0e:
                    c8:cb:bc:09:23:dd:ac:11:f8:a5:4f:4c:c5:5b:08:
                    b5:d2:2c:d0:4f:3a:16:05:51:ea:6d:87:d1:02:5e:
                    d8:5c:c9:2a:4c:af:a7:e0:46:5d:69:e4:9c:ef:69:
                    fb:03:2c:94:26:1d:31:db:09:af:17:bf:f6:c6:40:
                    3a:8b:3c:80:b5:20:75:a0:65:ed:1a:d7:3a:23:21:
                    6c:01:ce:a9:84:ce:1e:89:ed:e6:d2:25:7d:a4:5a:
                    9b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:EC:06:DA:05:D8:CE:57:F2:C8:29:CA:16:D6:23:1E:2C:42:80:E2
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/S-wG2gXYzlfyyCnKFtYjHixCgOI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:100::/44

    Signature Algorithm: sha256WithRSAEncryption
         2e:03:ee:98:5d:ea:4e:eb:31:17:7a:fd:24:7e:8c:d9:d7:a3:
         95:69:bf:f9:fb:48:98:c5:b7:9c:c4:4f:3f:0d:1e:87:b8:1b:
         54:b5:0d:ad:28:a9:67:52:2d:f3:ce:f0:19:76:39:ef:7b:76:
         c0:6c:67:95:89:c4:a7:16:f3:f6:61:27:8b:c5:67:27:bc:ef:
         bd:2c:ee:a5:a3:1f:0c:9a:00:09:67:bb:82:e4:4b:78:cc:ee:
         1a:fa:3b:8a:18:d9:07:33:7d:56:a6:f8:93:8b:07:6d:d9:cd:
         9f:04:3b:67:99:49:be:cf:14:31:a4:71:4e:8f:e1:43:24:d0:
         43:5d:46:da:c6:30:22:5d:f6:c6:42:7d:bb:09:b7:e6:be:be:
         6c:9d:4b:13:52:54:15:cd:03:15:f0:0c:f7:75:9e:5a:03:de:
         e5:b4:48:de:da:5b:25:0f:c7:fe:47:ef:b8:76:ae:d4:32:86:
         0b:58:91:93:60:b5:99:5e:c4:33:1f:2e:4d:35:ec:dd:95:a8:
         67:3e:71:f1:e9:e1:12:fe:0c:d0:4d:cc:3d:e1:73:20:dc:68:
         88:2a:47:67:93:d3:5c:2b:c6:1d:6d:41:3b:1e:5e:4d:78:66:
         4e:19:12:14:0e:7d:52:11:f4:02:9c:a8:a4:65:96:83:27:38:
         2c:25:52:7a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZzJOMW3Netsss8PXxDuxjT2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwMzA3MTY1NDI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmVjMDZkYTA1ZDhjZTU3ZjJjODI5Y2ExNmQ2MjMxZTJjNDI4MGUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjymwqNgPwGwnzuznEdzlYqxeBQpZ
DOgo5yk26165FBwdWtmmgxLZTyArR2GFf2WKu7M0dH7dUk+O2AVbyMgk62V4ymvw
DCjMXLABVShL0ByCQJItJCijKEdzgYdnh1x3uFzWqq8KNjPveZiCMvCm/Gq25wQS
okLWnNVn9TaU9kBoZRF2mBWaTEDa7h/MCrHObf0MCUt4a057m1mMgToXkku+OQ7I
y7wJI92sEfilT0zFWwi10izQTzoWBVHqbYfRAl7YXMkqTK+n4EZdaeSc72n7AyyU
Jh0x2wmvF7/2xkA6izyAtSB1oGXtGtc6IyFsAc6phM4eie3m0iV9pFqbywIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEvsBtoF2M5X8sgpyhbWIx4sQoDiMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvUy13RzJnWFl6bGZ5eUNuS0Z0WWpIaXhDZ09JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAEA
MA0GCSqGSIb3DQEBCwUAA4IBAQAuA+6YXepO6zEXev0kfozZ16OVab/5+0iYxbec
xE8/DR6HuBtUtQ2tKKlnUi3zzvAZdjnve3bAbGeVicSnFvP2YSeLxWcnvO+9LO6l
ox8MmgAJZ7uC5Et4zO4a+juKGNkHM31WpviTiwdt2c2fBDtnmUm+zxQxpHFOj+FD
JNBDXUbaxjAiXfbGQn27Cbfmvr5snUsTUlQVzQMV8Az3dZ5aA97ltEje2lslD8f+
R++4dq7UMoYLWJGTYLWZXsQzHy5NNezdlahnPnHx6eES/gzQTcw94XMg3GiIKkdn
k9NcK8YdbUE7Hl5NeGZOGRIUDn1SEfQCnKikZZaDJzgsJVJ6
-----END CERTIFICATE-----