Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/2vA5C2DuLftwctiVG7SESttnFyM.roa
File:                     2vA5C2DuLftwctiVG7SESttnFyM.roa (raw, json)
Hash identifier:          Ixom7oC1kYbYfIrDkbEoKOpsN6KZbX+MKZ7BrLgtB34=
Subject key identifier:   DA:F0:39:0B:60:EE:2D:FB:70:72:D8:95:1B:B4:84:4A:DB:67:17:23
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019E30CBB52F863CC9335F791F0C718F22A1
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/2vA5C2DuLftwctiVG7SESttnFyM.roa
Signing time:             Sat 16 May 2026 12:38:37 +0000
ROA not before:           Sat 16 May 2026 12:38:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152900
IP address blocks:        2a14:c380:190::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 15:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:30:cb:b5:2f:86:3c:c9:33:5f:79:1f:0c:71:8f:22:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: May 16 12:38:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=daf0390b60ee2dfb7072d8951bb4844adb671723
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3c:e6:9a:db:24:c4:0b:85:65:bb:8c:de:8b:
                    67:bc:ff:07:cf:11:c1:fa:57:41:fe:f9:4b:a4:81:
                    01:93:19:80:b1:f4:04:03:f6:df:a8:ba:ca:f3:ea:
                    7e:9d:0b:84:bd:1e:53:4a:97:24:ad:d1:66:9c:e4:
                    e8:d3:4f:9b:39:78:5e:f0:38:5f:e0:24:82:27:34:
                    d2:68:1c:64:8d:a1:a8:cf:98:2b:f0:19:cd:2f:27:
                    82:d7:6a:eb:1a:c3:5f:68:64:4d:d1:01:33:1d:f6:
                    31:08:af:f7:60:81:a6:1f:3e:09:fe:58:d2:f4:65:
                    70:ea:a2:6d:a4:f5:d8:28:75:72:fb:cc:fc:ce:f3:
                    89:11:18:74:d2:92:e9:69:bd:7d:fa:a8:af:82:71:
                    4a:5c:5e:9c:44:aa:fb:6d:83:7b:0c:2a:24:0a:a5:
                    1f:9c:16:af:a8:ab:63:40:51:12:f8:a2:89:4a:f9:
                    f1:4c:5f:a4:55:8e:54:19:b1:71:5e:66:ef:16:ee:
                    0d:9c:f2:b9:1d:6e:84:56:66:15:4f:21:6e:03:38:
                    b2:99:13:e4:94:ef:91:41:33:c3:71:b1:49:ce:0f:
                    ef:a3:9a:64:e9:3a:44:0a:de:e3:8e:a6:79:f1:f4:
                    62:b6:a6:c9:f3:34:9f:c9:5a:b5:71:3c:1c:ca:1d:
                    89:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:F0:39:0B:60:EE:2D:FB:70:72:D8:95:1B:B4:84:4A:DB:67:17:23
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/2vA5C2DuLftwctiVG7SESttnFyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:190::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:3f:45:dc:a2:c0:48:60:29:01:e0:f9:2d:0b:56:65:18:86:
         a5:87:c6:e6:3e:60:ce:7e:a5:b7:f7:ed:bd:60:de:70:2d:17:
         ab:b3:95:12:27:8c:0d:31:58:fa:2a:a4:68:02:74:84:84:0e:
         27:35:44:bf:75:68:d6:8b:cc:c0:40:21:a8:38:98:28:60:fc:
         79:ae:6b:df:e6:8d:db:50:b7:4b:85:07:02:09:07:6a:bf:8b:
         fb:c5:ad:77:34:8f:84:98:56:39:44:27:fc:41:71:31:1b:de:
         a3:37:7d:74:88:75:c0:51:43:79:c8:d6:4a:a5:7c:36:54:b5:
         50:f8:83:7d:bd:39:91:2e:b9:9f:bd:47:0c:5c:9b:1c:69:6c:
         54:17:98:a2:53:2f:94:07:13:b1:8e:46:53:06:a1:14:62:7d:
         8c:2c:8b:e3:aa:71:9d:5f:df:fa:b0:e9:6e:8f:d7:5f:20:2b:
         b0:07:89:c1:94:5e:07:7e:94:2e:37:10:0b:98:79:38:f5:a8:
         98:d3:92:db:35:a8:4e:52:33:a1:27:c7:67:fd:10:e6:d6:32:
         9b:54:15:43:5e:b3:34:12:7b:0f:57:86:ca:05:82:2b:2d:33:
         97:b3:5d:e9:e7:68:db:b9:af:85:c7:df:c3:b8:f5:99:36:e8:
         f2:72:d9:1b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ4wy7UvhjzJM195HwxxjyKhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNTE2MTIzODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWYwMzkwYjYwZWUyZGZiNzA3MmQ4OTUxYmI0ODQ0YWRiNjcxNzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jzmmtskxAuFZbuM3otnvP8HzxHB
+ldB/vlLpIEBkxmAsfQEA/bfqLrK8+p+nQuEvR5TSpckrdFmnOTo00+bOXhe8Dhf
4CSCJzTSaBxkjaGoz5gr8BnNLyeC12rrGsNfaGRN0QEzHfYxCK/3YIGmHz4J/ljS
9GVw6qJtpPXYKHVy+8z8zvOJERh00pLpab19+qivgnFKXF6cRKr7bYN7DCokCqUf
nBavqKtjQFES+KKJSvnxTF+kVY5UGbFxXmbvFu4NnPK5HW6EVmYVTyFuAziymRPk
lO+RQTPDcbFJzg/vo5pk6TpECt7jjqZ58fRitqbJ8zSfyVq1cTwcyh2JawIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNrwOQtg7i37cHLYlRu0hErbZxcjMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvMnZBNUMyRHVMZnR3Y3RpVkc3U0VTdHRuRnlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAGQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBvP0XcosBIYCkB4PktC1ZlGIalh8bmPmDOfqW3
9+29YN5wLRers5USJ4wNMVj6KqRoAnSEhA4nNUS/dWjWi8zAQCGoOJgoYPx5rmvf
5o3bULdLhQcCCQdqv4v7xa13NI+EmFY5RCf8QXExG96jN310iHXAUUN5yNZKpXw2
VLVQ+IN9vTmRLrmfvUcMXJscaWxUF5iiUy+UBxOxjkZTBqEUYn2MLIvjqnGdX9/6
sOluj9dfICuwB4nBlF4HfpQuNxALmHk49aiY05LbNahOUjOhJ8dn/RDm1jKbVBVD
XrM0EnsPV4bKBYIrLTOXs13p52jbua+Fx9/DuPWZNujyctkb
-----END CERTIFICATE-----