Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/hYJs6_MYCp3glSZeIryrHc_1ke0.roa
File:                     hYJs6_MYCp3glSZeIryrHc_1ke0.roa (raw, json)
Hash identifier:          fYq7D7LjA9n2Svvnpjoxbhtc0+PmUCQWW9MG+lO2RHg=
Subject key identifier:   85:82:6C:EB:F3:18:0A:9D:E0:95:26:5E:22:BC:AB:1D:CF:F5:91:ED
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019CFB962FF7FB71A33E9E9640E2D6DD0B16
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/hYJs6_MYCp3glSZeIryrHc_1ke0.roa
Signing time:             Tue 17 Mar 2026 11:37:29 +0000
ROA not before:           Tue 17 Mar 2026 11:37:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20473
IP address blocks:        2a14:c380:27::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fb:96:2f:f7:fb:71:a3:3e:9e:96:40:e2:d6:dd:0b:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Mar 17 11:37:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=85826cebf3180a9de095265e22bcab1dcff591ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:a7:b1:35:3d:b3:08:dc:fe:c2:e3:6d:f0:f9:
                    b8:a4:2e:67:7e:52:ae:cf:d3:91:f9:4c:05:b0:0b:
                    84:d3:46:7f:e2:35:2e:dd:9b:cd:9a:b7:5f:d1:0c:
                    3a:88:90:a7:64:34:d5:8f:47:3e:9a:fb:bf:8e:a1:
                    95:a4:c1:b3:b5:9c:75:ff:91:d7:82:d6:0f:dc:72:
                    72:4f:b9:ca:33:1c:c2:a3:af:3f:7c:8f:b4:58:a5:
                    60:9a:33:cd:eb:f5:36:f9:97:e2:85:45:6c:78:4c:
                    4f:a1:2b:94:a5:bb:bd:56:f4:b7:db:cb:7d:2e:a8:
                    1c:5d:9e:d0:0a:44:b7:a2:ca:d2:2b:f8:4c:75:ec:
                    33:e0:3a:a1:90:d0:0f:36:7b:78:57:bd:36:22:f4:
                    23:46:16:33:22:95:20:11:cb:f0:1b:18:a5:5e:19:
                    2e:57:04:5f:5e:6e:36:af:ed:09:35:f3:66:d2:2b:
                    a4:3e:32:f7:8d:17:2d:b1:7d:c1:ad:92:a7:fc:8a:
                    8d:48:79:99:4a:b7:ff:a2:c0:15:af:55:0e:e2:b5:
                    0f:e0:8f:4d:c8:a4:29:14:ea:34:23:c7:29:09:4b:
                    ea:61:9e:b7:d1:76:3a:ec:07:2f:b3:c8:11:bb:31:
                    96:4a:1d:bb:40:3d:84:fb:ee:c7:57:8d:9f:1a:92:
                    cc:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:82:6C:EB:F3:18:0A:9D:E0:95:26:5E:22:BC:AB:1D:CF:F5:91:ED
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/hYJs6_MYCp3glSZeIryrHc_1ke0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:27::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:2a:4c:c6:ac:d7:68:6c:09:11:ac:21:c9:45:df:32:66:97:
         e7:cf:1d:46:a6:80:99:bd:4d:c5:db:be:e4:a9:85:d2:0c:c3:
         fa:57:5c:cd:1b:74:dd:fd:70:af:b2:d0:90:cd:28:df:a1:ba:
         a6:fc:ee:4e:5a:c8:60:ad:d2:d3:64:dd:4f:f0:75:06:cf:76:
         1b:d2:bf:d7:07:4b:d7:d3:09:3d:9a:4c:37:e0:fb:7f:77:06:
         1b:1e:ac:2f:4b:17:b0:d9:de:43:ef:74:f4:8f:ca:35:e3:fd:
         e0:06:6c:1d:ff:cc:7b:26:6e:03:32:2d:8a:96:68:cb:d4:6a:
         d2:f6:26:c6:1f:fe:b9:eb:c5:44:29:68:da:dc:18:db:83:d9:
         4d:2b:0e:82:ec:f5:3f:80:9c:f5:a6:72:96:23:ae:b4:db:21:
         9f:37:7f:c3:3c:db:b9:85:b9:4a:bf:6c:b3:33:dd:c7:ec:a9:
         60:94:a6:0e:62:c9:be:9e:3c:dc:ac:5a:32:85:61:64:b7:71:
         ff:cb:4d:4c:4e:3f:36:43:b2:fe:cf:f1:1a:7b:74:5d:89:27:
         c5:c6:76:77:38:bc:c5:25:0b:cc:06:ae:8b:db:0a:57:58:92:
         45:c8:7b:65:f9:15:c5:93:c0:56:82:f2:85:5b:7c:46:3a:c9:
         22:95:4c:7f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZz7li/3+3GjPp6WQOLW3QsWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwMzE3MTEzNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTgyNmNlYmYzMTgwYTlkZTA5NTI2NWUyMmJjYWIxZGNmZjU5MWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aexNT2zCNz+wuNt8Pm4pC5nflKu
z9OR+UwFsAuE00Z/4jUu3ZvNmrdf0Qw6iJCnZDTVj0c+mvu/jqGVpMGztZx1/5HX
gtYP3HJyT7nKMxzCo68/fI+0WKVgmjPN6/U2+ZfihUVseExPoSuUpbu9VvS328t9
LqgcXZ7QCkS3osrSK/hMdewz4DqhkNAPNnt4V702IvQjRhYzIpUgEcvwGxilXhku
VwRfXm42r+0JNfNm0iukPjL3jRctsX3BrZKn/IqNSHmZSrf/osAVr1UO4rUP4I9N
yKQpFOo0I8cpCUvqYZ630XY67Acvs8gRuzGWSh27QD2E++7HV42fGpLMawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIWCbOvzGAqd4JUmXiK8qx3P9ZHtMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvaFlKczZfTVlDcDNnbFNaZUlyeXJIY18xa2UwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhTDgAAn
MA0GCSqGSIb3DQEBCwUAA4IBAQCTKkzGrNdobAkRrCHJRd8yZpfnzx1GpoCZvU3F
277kqYXSDMP6V1zNG3Td/XCvstCQzSjfobqm/O5OWshgrdLTZN1P8HUGz3Yb0r/X
B0vX0wk9mkw34Pt/dwYbHqwvSxew2d5D73T0j8o14/3gBmwd/8x7Jm4DMi2KlmjL
1GrS9ibGH/6568VEKWja3Bjbg9lNKw6C7PU/gJz1pnKWI6602yGfN3/DPNu5hblK
v2yzM93H7KlglKYOYsm+njzcrFoyhWFkt3H/y01MTj82Q7L+z/Eae3RdiSfFxnZ3
OLzFJQvMBq6L2wpXWJJFyHtl+RXFk8BWgvKFW3xGOskilUx/
-----END CERTIFICATE-----