Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/BI0MwgmDm4-zdbaBmOROCua8C74.roa
File:                     BI0MwgmDm4-zdbaBmOROCua8C74.roa (raw, json)
Hash identifier:          jGIiDsu7BwmjPKapI0f6FzOicdBprItjAtQ/lYa2qAs=
Subject key identifier:   04:8D:0C:C2:09:83:9B:8F:B3:75:B6:81:98:E4:4E:0A:E6:BC:0B:BE
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       01995D489BEF32FD40D232BCE55547E6407C
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/BI0MwgmDm4-zdbaBmOROCua8C74.roa
Signing time:             Thu 18 Sep 2025 14:44:23 +0000
ROA not before:           Thu 18 Sep 2025 14:44:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215685
IP address blocks:        2a14:c380:330::/44 maxlen: 44
                          2a14:c380:600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 22:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:5d:48:9b:ef:32:fd:40:d2:32:bc:e5:55:47:e6:40:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Sep 18 14:44:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=048d0cc209839b8fb375b68198e44e0ae6bc0bbe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:7c:a1:81:13:ab:db:ee:66:30:00:f0:18:96:
                    e8:26:7a:0c:ae:73:52:92:98:07:95:79:d5:02:e1:
                    4d:cb:56:fe:94:ed:7f:8d:99:1a:44:cb:eb:93:3f:
                    04:89:d8:3d:6a:c0:0c:19:18:e9:67:9a:f3:9f:96:
                    08:d5:9d:9a:d4:fc:4b:58:a9:2f:73:1f:1c:af:d5:
                    b4:25:46:4a:86:6a:54:14:cd:77:fc:c8:e8:19:0d:
                    74:39:ed:30:1a:d1:c4:4b:d6:8d:79:13:23:b5:92:
                    85:eb:59:14:1a:36:6b:fe:85:0e:10:cd:1d:a2:ea:
                    ff:c1:81:28:72:fa:e9:ab:93:6b:03:bd:47:df:28:
                    b9:1d:1c:1a:60:c4:47:63:4f:0d:b1:8d:40:44:b3:
                    7d:38:1c:ee:50:32:ea:af:e0:7f:57:86:4e:b7:af:
                    7e:33:f4:8c:8e:55:eb:1f:a0:5b:3d:77:df:81:76:
                    0e:93:79:37:1e:76:b9:bd:38:98:02:30:82:a9:f1:
                    18:20:48:ba:16:6c:ac:67:02:93:dd:da:55:80:17:
                    68:61:25:18:7e:15:69:72:5a:ce:c2:c6:62:0d:ae:
                    be:de:fa:39:fe:1c:e4:f8:ce:fb:ab:9e:f6:7d:88:
                    fe:89:78:8f:db:26:c3:8c:e5:04:50:d1:3e:80:21:
                    d0:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:8D:0C:C2:09:83:9B:8F:B3:75:B6:81:98:E4:4E:0A:E6:BC:0B:BE
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/BI0MwgmDm4-zdbaBmOROCua8C74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:330::/44
                  2a14:c380:600::/40

    Signature Algorithm: sha256WithRSAEncryption
         24:de:50:0c:a0:a5:26:e5:09:19:37:b3:58:d3:47:9c:a7:06:
         4a:e6:d9:6d:3c:df:6c:cb:30:97:aa:31:b4:00:73:29:f6:36:
         44:15:9b:8c:b6:93:02:d4:55:e3:2c:44:24:38:98:88:60:28:
         bf:b8:1c:45:01:1d:58:1a:f4:9e:c1:fb:7b:37:ec:7a:b1:e0:
         94:98:59:62:20:b1:80:1a:3e:cc:5a:d0:7e:69:90:9d:8b:ea:
         ac:ed:12:e4:7c:7f:ee:98:09:3e:87:97:2c:14:9c:c9:a9:01:
         80:c3:60:fd:4c:c8:3b:a2:ef:89:fa:27:ae:7b:60:f3:14:bd:
         be:aa:61:cb:3a:93:bd:b2:e9:c3:83:37:cf:47:38:ec:45:20:
         8c:64:ee:a5:48:31:3f:9a:66:f9:8b:b5:9f:cb:b0:ba:d9:d1:
         7f:14:c0:df:12:d6:74:a6:9d:77:a0:64:f3:c4:fd:fa:94:c4:
         ad:0a:ea:76:3f:86:d6:36:13:b6:4a:bd:8a:db:09:3f:a1:cd:
         3c:99:a1:a4:45:81:c2:07:46:6c:09:bf:6e:11:81:1c:a5:a4:
         51:96:a9:b5:5d:d0:1d:80:27:4a:c6:a9:26:14:a7:a7:0b:e9:
         4b:a3:65:b0:e6:cc:cb:83:e0:a7:29:55:43:b2:a7:57:39:fa:
         be:1c:40:a4
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZldSJvvMv1A0jK85VVH5kB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjUwOTE4MTQ0NDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDhkMGNjMjA5ODM5YjhmYjM3NWI2ODE5OGU0NGUwYWU2YmMwYmJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl3yhgROr2+5mMADwGJboJnoMrnNS
kpgHlXnVAuFNy1b+lO1/jZkaRMvrkz8Eidg9asAMGRjpZ5rzn5YI1Z2a1PxLWKkv
cx8cr9W0JUZKhmpUFM13/MjoGQ10Oe0wGtHES9aNeRMjtZKF61kUGjZr/oUOEM0d
our/wYEocvrpq5NrA71H3yi5HRwaYMRHY08NsY1ARLN9OBzuUDLqr+B/V4ZOt69+
M/SMjlXrH6BbPXffgXYOk3k3Hna5vTiYAjCCqfEYIEi6FmysZwKT3dpVgBdoYSUY
fhVpclrOwsZiDa6+3vo5/hzk+M77q572fYj+iXiP2ybDjOUEUNE+gCHQlQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFASNDMIJg5uPs3W2gZjkTgrmvAu+MB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvQkkwTXdnbURtNC16ZGJhQm1PUk9DdWE4Qzc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcEKhTDgAMw
AwYAKhTDgAYwDQYJKoZIhvcNAQELBQADggEBACTeUAygpSblCRk3s1jTR5ynBkrm
2W0832zLMJeqMbQAcyn2NkQVm4y2kwLUVeMsRCQ4mIhgKL+4HEUBHVga9J7B+3s3
7Hqx4JSYWWIgsYAaPsxa0H5pkJ2L6qztEuR8f+6YCT6HlywUnMmpAYDDYP1MyDui
74n6J657YPMUvb6qYcs6k72y6cODN89HOOxFIIxk7qVIMT+aZvmLtZ/LsLrZ0X8U
wN8S1nSmnXegZPPE/fqUxK0K6nY/htY2E7ZKvYrbCT+hzTyZoaRFgcIHRmwJv24R
gRylpFGWqbVd0B2AJ0rGqSYUp6cL6UujZbDmzMuD4KcpVUOyp1c5+r4cQKQ=
-----END CERTIFICATE-----