Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/YPaSIKmAUp79VyGMznTS29uGECg.roa
File:                     YPaSIKmAUp79VyGMznTS29uGECg.roa (raw, json)
Hash identifier:          HLr7KOpmxRYWhz5PHowHJTLpaWSFe9YzGMi5qlAHhsI=
Subject key identifier:   60:F6:92:20:A9:80:52:9E:FD:57:21:8C:CE:74:D2:DB:DB:86:10:28
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019E14C8615A336BB77D5EA2781480519B97
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/YPaSIKmAUp79VyGMznTS29uGECg.roa
Signing time:             Mon 11 May 2026 02:05:36 +0000
ROA not before:           Mon 11 May 2026 02:05:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209734
IP address blocks:        2a14:c380:f00::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:14:c8:61:5a:33:6b:b7:7d:5e:a2:78:14:80:51:9b:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: May 11 02:05:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60f69220a980529efd57218cce74d2dbdb861028
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:6a:4b:88:27:c1:c4:51:60:5b:03:4c:8d:91:
                    94:51:40:20:ee:cd:f6:11:74:eb:f6:e5:e2:79:fe:
                    c1:ce:f2:81:44:32:77:ef:a4:b3:c8:06:85:6f:da:
                    b0:17:29:d0:48:38:fe:a4:4c:a1:5e:f6:29:b4:64:
                    ef:17:62:ef:7d:bc:bd:05:68:d7:94:55:1c:e4:5d:
                    7b:f9:41:35:fa:49:61:61:be:e0:7a:7f:dd:17:69:
                    05:3e:2a:84:a5:9f:07:b4:c6:97:8d:2c:82:3a:17:
                    57:73:53:1d:38:9e:76:a2:18:01:25:2e:ef:00:6f:
                    4b:09:e3:b2:9b:58:f4:01:0e:fc:f8:8c:7f:49:9f:
                    81:d6:e4:08:ba:6d:d6:bb:c1:28:dc:47:a2:46:af:
                    44:f1:ba:eb:50:50:c1:a2:ae:96:ac:1f:9d:e2:d6:
                    d7:97:18:af:13:74:23:2e:a0:34:06:b3:fa:73:65:
                    7a:84:3e:67:0c:76:cf:5e:67:1a:aa:65:83:5f:14:
                    ac:1c:e8:03:6e:59:84:8b:b5:eb:60:6d:95:2f:1b:
                    56:d4:12:af:1d:80:91:bb:98:a0:8a:35:b0:cf:02:
                    7f:d0:18:9e:b0:3d:55:d5:b7:11:03:ac:f1:c9:57:
                    1f:da:6e:b0:00:a0:b7:ed:9d:2c:f3:1b:1e:d6:ea:
                    9d:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:F6:92:20:A9:80:52:9E:FD:57:21:8C:CE:74:D2:DB:DB:86:10:28
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/YPaSIKmAUp79VyGMznTS29uGECg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         46:1e:6f:50:76:1b:b3:b9:78:22:1d:07:2d:c1:34:13:a3:6f:
         33:f8:a5:1d:90:d3:78:cc:07:b7:8b:63:62:92:ce:e0:62:38:
         0a:92:76:54:8e:43:39:28:73:e0:e1:c5:fe:ad:3f:fa:e0:9f:
         7e:d0:86:3d:11:13:1d:f7:fd:41:d9:30:e9:e0:d2:e8:6e:9f:
         bc:b6:97:24:34:41:43:8a:1d:dc:1c:dc:b1:df:66:60:6d:1c:
         4a:ab:67:e1:f4:b8:aa:c6:20:42:98:91:53:90:04:20:e8:26:
         38:7a:b6:5d:b9:7a:9f:20:1d:c7:c9:05:72:3d:a6:98:f4:86:
         98:57:bc:ee:3b:ac:6c:3a:fc:86:6c:4d:01:13:44:be:48:59:
         33:55:76:94:3e:c0:f0:ef:2e:b3:35:b4:b8:fd:5f:c4:db:ea:
         2b:c1:8c:e1:02:99:fb:18:9c:72:8e:6c:ce:87:32:6f:9c:e4:
         8e:5d:79:1e:bd:a8:ac:94:67:7c:9f:32:2a:ce:f5:2b:97:5b:
         42:87:a1:f2:0b:97:25:6d:7f:d2:eb:d7:ea:39:75:5a:5c:fc:
         ed:bc:75:51:d6:51:f2:4e:7c:ec:84:4f:e2:68:2b:ee:98:3a:
         0b:a9:a8:b1:4b:5f:a4:b9:c9:67:dd:c6:ab:04:c3:a0:8c:84:
         e7:63:04:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ4UyGFaM2u3fV6ieBSAUZuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNTExMDIwNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGY2OTIyMGE5ODA1MjllZmQ1NzIxOGNjZTc0ZDJkYmRiODYxMDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GpLiCfBxFFgWwNMjZGUUUAg7s32
EXTr9uXief7BzvKBRDJ376SzyAaFb9qwFynQSDj+pEyhXvYptGTvF2Lvfby9BWjX
lFUc5F17+UE1+klhYb7gen/dF2kFPiqEpZ8HtMaXjSyCOhdXc1MdOJ52ohgBJS7v
AG9LCeOym1j0AQ78+Ix/SZ+B1uQIum3Wu8Eo3EeiRq9E8brrUFDBoq6WrB+d4tbX
lxivE3QjLqA0BrP6c2V6hD5nDHbPXmcaqmWDXxSsHOgDblmEi7XrYG2VLxtW1BKv
HYCRu5igijWwzwJ/0BiesD1V1bcRA6zxyVcf2m6wAKC37Z0s8xse1uqdlwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFGD2kiCpgFKe/VchjM500tvbhhAoMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvWVBhU0lLbUFVcDc5VnlHTXpuVFMyOXVHRUNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhTDgA8w
DQYJKoZIhvcNAQELBQADggEBAEYeb1B2G7O5eCIdBy3BNBOjbzP4pR2Q03jMB7eL
Y2KSzuBiOAqSdlSOQzkoc+Dhxf6tP/rgn37Qhj0REx33/UHZMOng0uhun7y2lyQ0
QUOKHdwc3LHfZmBtHEqrZ+H0uKrGIEKYkVOQBCDoJjh6tl25ep8gHcfJBXI9ppj0
hphXvO47rGw6/IZsTQETRL5IWTNVdpQ+wPDvLrM1tLj9X8Tb6ivBjOECmfsYnHKO
bM6HMm+c5I5deR69qKyUZ3yfMirO9SuXW0KHofILlyVtf9Lr1+o5dVpc/O28dVHW
UfJOfOyET+JoK+6YOgupqLFLX6S5yWfdxqsEw6CMhOdjBAk=
-----END CERTIFICATE-----