Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/uVRnWX2LPkQTrJRus0s4BT1bJYs.roa
File:                     uVRnWX2LPkQTrJRus0s4BT1bJYs.roa (raw, json)
Hash identifier:          OPWt9xaVAOYnqRDxhp2iM9jVzmehwLscgNMmws22ZBU=
Subject key identifier:   B9:54:67:59:7D:8B:3E:44:13:AC:94:6E:B3:4B:38:05:3D:5B:25:8B
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019CC938C651AA167F8376907E989FA7FA2F
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/uVRnWX2LPkQTrJRus0s4BT1bJYs.roa
Signing time:             Sat 07 Mar 2026 16:54:27 +0000
ROA not before:           Sat 07 Mar 2026 16:54:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216078
IP address blocks:        2a14:c380:16::/48 maxlen: 48
                          2a14:c380:600::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c9:38:c6:51:aa:16:7f:83:76:90:7e:98:9f:a7:fa:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Mar  7 16:54:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b95467597d8b3e4413ac946eb34b38053d5b258b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:76:7b:4a:a2:95:25:43:24:69:c0:bb:4b:70:
                    ac:d0:0a:6e:67:28:d3:a5:84:ab:dd:b2:3e:25:7a:
                    49:b7:9a:3f:62:9e:20:88:6c:68:75:16:49:5e:17:
                    d7:81:d7:b8:15:91:af:6a:56:0a:5b:c0:fd:bf:d7:
                    68:a9:cb:cb:b6:df:eb:6e:32:db:8c:ab:c4:1f:57:
                    5e:03:4d:1c:4f:4b:8e:59:52:4c:fc:22:b5:a9:57:
                    34:67:4f:7b:25:b6:0c:a5:d6:96:a9:f7:a0:89:b5:
                    3d:5c:57:79:2b:cd:22:d6:d1:e7:f7:bf:18:f3:c8:
                    97:ef:68:fa:70:e0:e1:86:5b:44:51:16:ed:92:d9:
                    b8:80:c1:c8:96:72:1f:e8:c1:50:61:c1:5d:27:96:
                    59:90:aa:20:86:de:84:9e:81:02:92:ea:e8:bd:0a:
                    fe:51:e7:63:8b:af:05:1f:ec:f1:a1:22:b7:90:2c:
                    48:16:8c:c5:0a:30:cb:6a:2a:b0:34:ed:fb:7e:84:
                    a5:fe:66:df:41:1e:f7:8b:11:e6:24:3c:a5:23:6d:
                    02:01:ca:00:95:a8:64:1d:c8:3a:a7:83:5f:f1:1a:
                    57:1d:44:d1:c4:7d:25:b6:a2:f9:cb:34:af:6c:46:
                    ed:86:22:e4:77:97:6e:6b:56:b4:05:0a:c5:4f:eb:
                    41:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:54:67:59:7D:8B:3E:44:13:AC:94:6E:B3:4B:38:05:3D:5B:25:8B
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/uVRnWX2LPkQTrJRus0s4BT1bJYs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:16::/48
                  2a14:c380:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         4e:7a:ab:2a:55:08:10:ed:4f:16:63:23:b4:ce:69:2d:c1:f6:
         b2:6f:93:31:d5:93:db:2b:5f:3f:d1:90:70:78:42:74:3d:cb:
         0c:a7:45:39:8e:a7:c4:42:20:1f:69:63:4a:0c:b7:56:df:55:
         e6:2c:58:68:24:7d:a0:d0:46:b3:b4:41:10:db:f6:4c:de:bb:
         ef:9d:37:46:51:c9:dc:30:b6:2f:4e:33:a9:80:87:db:e5:83:
         d2:b9:ee:0d:8a:6c:7d:0b:bb:e7:31:95:5c:26:67:e2:59:ea:
         99:ce:34:52:96:10:89:75:75:a7:cb:24:a1:97:4d:25:4b:9d:
         63:fb:7e:20:cd:7d:96:8c:b5:d9:4a:fe:05:be:05:d3:0b:1b:
         2e:06:07:88:fd:c3:ee:7e:76:3a:ff:a0:ad:37:4b:47:1f:10:
         f8:b9:6b:05:ca:3a:58:8e:75:03:84:e1:13:60:1d:e2:e7:e5:
         1e:c7:b6:21:0a:a8:85:af:34:a4:46:86:fe:17:21:21:5f:b7:
         b7:be:7f:e5:0d:5d:08:e6:69:5c:13:58:b5:3f:26:49:9c:c7:
         48:49:9f:7e:84:4b:e9:18:43:b4:ef:fc:d6:39:da:81:f8:af:
         9c:4c:2d:49:57:d3:cd:02:6c:bf:ac:ba:5c:12:34:39:fb:74:
         16:33:88:80
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZzJOMZRqhZ/g3aQfpifp/ovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwMzA3MTY1NDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOTU0Njc1OTdkOGIzZTQ0MTNhYzk0NmViMzRiMzgwNTNkNWIyNThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw3Z7SqKVJUMkacC7S3Cs0ApuZyjT
pYSr3bI+JXpJt5o/Yp4giGxodRZJXhfXgde4FZGvalYKW8D9v9doqcvLtt/rbjLb
jKvEH1deA00cT0uOWVJM/CK1qVc0Z097JbYMpdaWqfegibU9XFd5K80i1tHn978Y
88iX72j6cODhhltEURbtktm4gMHIlnIf6MFQYcFdJ5ZZkKoght6EnoECkurovQr+
Uedji68FH+zxoSK3kCxIFozFCjDLaiqwNO37foSl/mbfQR73ixHmJDylI20CAcoA
lahkHcg6p4Nf8RpXHUTRxH0ltqL5yzSvbEbthiLkd5dua1a0BQrFT+tBdwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFLlUZ1l9iz5EE6yUbrNLOAU9WyWLMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvdVZSbldYMkxQa1FUckpSdXMwczRCVDFiSllzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhTDgAAW
AwYAKhTDgAYwDQYJKoZIhvcNAQELBQADggEBAE56qypVCBDtTxZjI7TOaS3B9rJv
kzHVk9srXz/RkHB4QnQ9ywynRTmOp8RCIB9pY0oMt1bfVeYsWGgkfaDQRrO0QRDb
9kzeu++dN0ZRydwwti9OM6mAh9vlg9K57g2KbH0Lu+cxlVwmZ+JZ6pnONFKWEIl1
dafLJKGXTSVLnWP7fiDNfZaMtdlK/gW+BdMLGy4GB4j9w+5+djr/oK03S0cfEPi5
awXKOliOdQOE4RNgHeLn5R7HtiEKqIWvNKRGhv4XISFft7e+f+UNXQjmaVwTWLU/
Jkmcx0hJn36ES+kYQ7Tv/NY52oH4r5xMLUlX080CbL+sulwSNDn7dBYziIA=
-----END CERTIFICATE-----