Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/Wj4dRbtzO0FomXjmSIGw8e3ZSYU.roa
File:                     Wj4dRbtzO0FomXjmSIGw8e3ZSYU.roa (raw, json)
Hash identifier:          3cfxIE4dxm5SmhYU62I65aLiHDGrAJs6wA78mKjlrXM=
Subject key identifier:   5A:3E:1D:45:BB:73:3B:41:68:99:78:E6:48:81:B0:F1:ED:D9:49:85
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       01995173EDB8D639351B908AF9FEA3B9E26F
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/Wj4dRbtzO0FomXjmSIGw8e3ZSYU.roa
Signing time:             Tue 16 Sep 2025 07:36:15 +0000
ROA not before:           Tue 16 Sep 2025 07:36:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400328
IP address blocks:        2a14:c380:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 19 Sep 2025 00:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:51:73:ed:b8:d6:39:35:1b:90:8a:f9:fe:a3:b9:e2:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Sep 16 07:36:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5a3e1d45bb733b41689978e64881b0f1edd94985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:7e:61:d5:76:25:9f:66:a7:e2:da:b1:e9:8e:
                    4d:14:7d:f6:83:a1:16:14:78:7f:46:96:e8:14:37:
                    ce:07:3f:49:b5:b6:99:4c:98:a0:30:9d:c6:73:00:
                    48:1b:e6:c8:b8:48:3d:d6:43:6e:2d:40:2e:8d:c8:
                    43:4b:71:79:56:9c:92:27:5c:25:4a:0c:6d:5a:f9:
                    5c:9c:c3:66:5a:ce:78:5f:c7:92:db:e3:3e:2f:22:
                    67:bf:23:a3:e4:a5:a4:a0:b6:e0:d7:5f:7e:f5:ea:
                    9e:df:41:d5:1d:54:ea:f1:c1:23:f3:73:ce:19:d5:
                    20:e6:5b:85:d2:a6:5a:70:86:f4:c9:c2:97:fb:86:
                    67:c2:db:06:54:ba:44:cf:80:7a:7b:bb:70:28:ba:
                    1b:48:ac:2f:a4:d6:4b:c3:fc:29:3b:49:c0:ba:96:
                    12:04:74:e8:ed:9f:c3:a2:4e:ce:0e:dd:08:b3:c5:
                    fe:51:2a:d6:76:00:fb:1f:05:8d:55:3a:cb:b0:72:
                    f9:c0:7f:51:37:48:a5:25:bf:d6:83:11:39:c8:10:
                    2f:6d:75:22:9c:d4:80:d8:f6:e5:a1:fa:ea:1c:6a:
                    c9:c5:af:6e:c4:ee:da:a9:be:c2:3d:b4:63:5e:9b:
                    04:58:a4:4f:03:ad:43:a8:1b:ef:f8:b9:18:aa:58:
                    ac:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:3E:1D:45:BB:73:3B:41:68:99:78:E6:48:81:B0:F1:ED:D9:49:85
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/Wj4dRbtzO0FomXjmSIGw8e3ZSYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:12::/48

    Signature Algorithm: sha256WithRSAEncryption
         33:ee:a5:66:36:f5:1b:bb:5e:30:07:ac:d3:4a:44:81:71:dc:
         92:e0:58:9a:89:12:c2:72:7f:16:c6:e0:43:08:57:e9:25:10:
         a6:21:f4:bc:1a:ce:86:eb:b2:cf:5a:5a:6c:f9:d8:42:60:a5:
         46:c6:d0:32:a4:2e:62:1e:be:0b:7d:e1:e3:4d:e0:e4:2e:51:
         cd:c7:5c:28:f8:09:87:9f:4e:69:7b:95:2e:ea:e2:12:86:2e:
         3e:53:4f:8f:3f:25:84:91:e0:99:3f:79:b1:68:4f:0d:a3:bc:
         2a:b2:38:49:f3:71:01:a7:27:ff:c1:03:2a:a7:39:1b:fc:2b:
         7e:4d:a8:64:9a:ea:3d:29:77:e9:a6:18:6b:0a:ae:06:e0:54:
         b8:4f:d3:ac:05:63:ef:21:f9:4c:8c:27:02:5f:61:14:a5:c6:
         55:ae:d9:35:30:fb:6a:4d:a5:c9:ba:12:49:c9:f7:cd:d9:f5:
         80:6c:35:11:45:4e:5b:8d:0c:c0:2c:cc:de:e4:2c:b7:5d:53:
         1d:35:e5:7e:f5:56:94:34:1d:68:a6:92:bd:5e:22:cc:cf:56:
         3c:c8:78:c6:34:2a:a6:48:bd:5d:5c:14:fc:d6:27:2e:6e:4c:
         85:4f:34:d6:33:7f:33:b3:0f:b4:3d:9b:e2:a1:9f:38:83:12:
         5f:f8:ed:0c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlRc+241jk1G5CK+f6jueJvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjUwOTE2MDczNjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTNlMWQ0NWJiNzMzYjQxNjg5OTc4ZTY0ODgxYjBmMWVkZDk0OTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsH5h1XYln2an4tqx6Y5NFH32g6EW
FHh/RpboFDfOBz9JtbaZTJigMJ3GcwBIG+bIuEg91kNuLUAujchDS3F5VpySJ1wl
SgxtWvlcnMNmWs54X8eS2+M+LyJnvyOj5KWkoLbg119+9eqe30HVHVTq8cEj83PO
GdUg5luF0qZacIb0ycKX+4ZnwtsGVLpEz4B6e7twKLobSKwvpNZLw/wpO0nAupYS
BHTo7Z/Dok7ODt0Is8X+USrWdgD7HwWNVTrLsHL5wH9RN0ilJb/WgxE5yBAvbXUi
nNSA2PblofrqHGrJxa9uxO7aqb7CPbRjXpsEWKRPA61DqBvv+LkYqlis+QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFo+HUW7cztBaJl45kiBsPHt2UmFMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvV2o0ZFJidHpPMEZvbVhqbVNJR3c4ZTNaU1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhTDgAAS
MA0GCSqGSIb3DQEBCwUAA4IBAQAz7qVmNvUbu14wB6zTSkSBcdyS4FiaiRLCcn8W
xuBDCFfpJRCmIfS8Gs6G67LPWlps+dhCYKVGxtAypC5iHr4LfeHjTeDkLlHNx1wo
+AmHn05pe5Uu6uIShi4+U0+PPyWEkeCZP3mxaE8No7wqsjhJ83EBpyf/wQMqpzkb
/Ct+Tahkmuo9KXfpphhrCq4G4FS4T9OsBWPvIflMjCcCX2EUpcZVrtk1MPtqTaXJ
uhJJyffN2fWAbDURRU5bjQzALMze5Cy3XVMdNeV+9VaUNB1oppK9XiLMz1Y8yHjG
NCqmSL1dXBT81icubkyFTzTWM38zsw+0PZvioZ84gxJf+O0M
-----END CERTIFICATE-----