Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/GJYa7RX5DtAJJ1ht7ptXvb85fBI.roa
File:                     GJYa7RX5DtAJJ1ht7ptXvb85fBI.roa (raw, json)
Hash identifier:          3FZHHqn/QqmUm3ctRSoes7knmX2OTGAJ77KpSfAFK9o=
Subject key identifier:   18:96:1A:ED:15:F9:0E:D0:09:27:58:6D:EE:9B:57:BD:BF:39:7C:12
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019910C5FABFBDB9122889DDE274CDC04112
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/GJYa7RX5DtAJJ1ht7ptXvb85fBI.roa
Signing time:             Wed 03 Sep 2025 18:10:34 +0000
ROA not before:           Wed 03 Sep 2025 18:10:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209874
IP address blocks:        2a14:c380:500::/48 maxlen: 48
                          2a14:c380:700::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 23:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:10:c5:fa:bf:bd:b9:12:28:89:dd:e2:74:cd:c0:41:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Sep  3 18:10:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=18961aed15f90ed00927586dee9b57bdbf397c12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:8d:2a:e4:e2:25:0c:c7:e8:0f:c9:e2:06:ee:
                    bb:7c:66:d2:b8:78:1f:93:bf:d7:59:fb:04:67:6d:
                    e9:65:2c:cf:cb:e3:18:da:21:84:9c:41:ac:6c:b2:
                    5d:f9:1b:86:8b:84:56:68:43:8c:96:f4:72:94:06:
                    7d:22:66:b4:8b:70:35:79:48:aa:e3:74:b3:c5:51:
                    51:c6:91:d6:2e:6c:35:ad:fe:4b:fa:99:d5:70:ed:
                    d9:84:60:c5:0d:ff:57:01:c8:00:90:af:57:34:08:
                    83:d8:28:75:70:e7:44:05:e0:b5:23:02:42:c2:76:
                    0d:92:d6:aa:30:3b:0c:0c:8e:ef:b7:c8:59:eb:8e:
                    51:8a:b7:fc:cb:94:5d:86:e6:94:0e:d6:a5:2b:19:
                    5b:ed:b4:be:ab:1a:c6:85:fd:1f:ad:8b:0e:45:3b:
                    c8:8d:3e:c5:f6:88:fe:46:dd:4e:8e:77:f6:ba:69:
                    47:8e:15:4b:06:24:8a:87:e0:2f:24:31:c0:73:1b:
                    de:07:8b:94:5f:e3:5a:62:bd:60:ad:bc:7a:9c:72:
                    2f:0a:d5:93:e0:8b:ae:c8:2a:dd:89:de:b9:80:6b:
                    e0:43:79:60:c8:23:48:0e:35:e3:20:c5:48:b4:9d:
                    5b:7a:be:a4:0e:9c:2f:62:36:92:9b:25:74:96:56:
                    3d:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:96:1A:ED:15:F9:0E:D0:09:27:58:6D:EE:9B:57:BD:BF:39:7C:12
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/GJYa7RX5DtAJJ1ht7ptXvb85fBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:500::/48
                  2a14:c380:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:8e:45:69:d5:e6:1c:39:92:e1:55:39:dd:32:eb:1e:86:e7:
         ec:b1:ab:59:1e:90:da:8a:be:61:e6:43:d9:25:d5:19:8a:10:
         49:6f:e9:73:de:18:01:6c:72:92:f2:4c:a3:11:18:fc:bd:f9:
         34:26:f4:1d:fe:3a:e3:82:79:4c:63:b4:75:e4:dd:e8:2c:a9:
         7f:71:bb:ae:20:1c:86:1c:2f:1a:d0:1b:c6:d5:6d:f4:70:ec:
         95:e7:47:f1:05:1f:62:5c:3c:54:bd:1d:67:88:f0:38:50:ea:
         71:4f:37:e0:9c:6a:ef:78:e0:78:7a:86:77:8e:d0:97:47:3e:
         5f:b4:89:00:3a:0f:b2:27:00:03:44:b2:c7:98:8d:0a:09:e5:
         55:29:2e:d1:79:7f:6f:20:bd:55:25:16:03:ff:5a:1f:ae:c9:
         a9:3d:fc:61:e6:05:a5:c2:d5:a5:f4:60:a5:11:cf:77:cb:13:
         15:b8:d4:1b:dd:f6:88:cb:2f:32:3b:8d:ea:71:5c:23:ee:d0:
         ad:26:05:28:35:6d:32:6f:a4:89:4c:e4:04:b6:c9:64:d6:68:
         5b:a9:67:52:58:c4:96:64:eb:99:2d:de:9a:42:ed:35:ef:9a:
         4c:5a:2f:49:91:68:c3:c6:98:5b:bb:e7:03:04:3c:eb:69:a9:
         59:ce:13:1d
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZkQxfq/vbkSKInd4nTNwEESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjUwOTAzMTgxMDM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODk2MWFlZDE1ZjkwZWQwMDkyNzU4NmRlZTliNTdiZGJmMzk3YzEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4o0q5OIlDMfoD8niBu67fGbSuHgf
k7/XWfsEZ23pZSzPy+MY2iGEnEGsbLJd+RuGi4RWaEOMlvRylAZ9Ima0i3A1eUiq
43SzxVFRxpHWLmw1rf5L+pnVcO3ZhGDFDf9XAcgAkK9XNAiD2Ch1cOdEBeC1IwJC
wnYNktaqMDsMDI7vt8hZ645Rirf8y5RdhuaUDtalKxlb7bS+qxrGhf0frYsORTvI
jT7F9oj+Rt1Ojnf2umlHjhVLBiSKh+AvJDHAcxveB4uUX+NaYr1grbx6nHIvCtWT
4IuuyCrdid65gGvgQ3lgyCNIDjXjIMVItJ1ber6kDpwvYjaSmyV0llY9twIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFBiWGu0V+Q7QCSdYbe6bV72/OXwSMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvR0pZYTdSWDVEdEFKSjFodDdwdFh2Yjg1ZkJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwcAKhTDgAUA
AwYAKhTDgAcwDQYJKoZIhvcNAQELBQADggEBACqORWnV5hw5kuFVOd0y6x6G5+yx
q1kekNqKvmHmQ9kl1RmKEElv6XPeGAFscpLyTKMRGPy9+TQm9B3+OuOCeUxjtHXk
3egsqX9xu64gHIYcLxrQG8bVbfRw7JXnR/EFH2JcPFS9HWeI8DhQ6nFPN+Ccau94
4Hh6hneO0JdHPl+0iQA6D7InAANEsseYjQoJ5VUpLtF5f28gvVUlFgP/Wh+uyak9
/GHmBaXC1aX0YKURz3fLExW41Bvd9ojLLzI7jepxXCPu0K0mBSg1bTJvpIlM5AS2
yWTWaFupZ1JYxJZk65kt3ppC7TXvmkxaL0mRaMPGmFu75wMEPOtpqVnOEx0=
-----END CERTIFICATE-----