Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/X8crN-fFHE5iKmtf_hAo_VNfgNA.roa
File:                     X8crN-fFHE5iKmtf_hAo_VNfgNA.roa (raw, json)
Hash identifier:          rMxv+q2BBhf6aGPH7A3sfsASKof+0O6bvfOUllQtD6Q=
Subject key identifier:   5F:C7:2B:37:E7:C5:1C:4E:62:2A:6B:5F:FE:10:28:FD:53:5F:80:D0
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019EDC4EBE0995C12AB67DE2A53511DA704C
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/X8crN-fFHE5iKmtf_hAo_VNfgNA.roa
Signing time:             Thu 18 Jun 2026 19:56:48 +0000
ROA not before:           Thu 18 Jun 2026 19:56:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209874
IP address blocks:        2a14:c380:500::/40 maxlen: 48
                          2a14:c380:500::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:dc:4e:be:09:95:c1:2a:b6:7d:e2:a5:35:11:da:70:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Jun 18 19:56:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5fc72b37e7c51c4e622a6b5ffe1028fd535f80d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:d1:c8:c4:e8:6e:ad:35:f0:e2:7d:f3:a2:63:
                    0c:bc:c2:64:93:05:35:14:8c:9a:f5:dd:53:0a:2f:
                    ef:1f:bf:f9:26:94:b4:fc:d1:c0:22:b9:b9:d8:6f:
                    85:dd:f3:58:ce:2e:0a:23:ac:62:33:ce:91:d1:65:
                    f4:19:bc:f2:b3:2b:d8:5c:40:65:c4:5a:68:52:b0:
                    ec:45:70:00:23:49:9b:d6:92:be:99:36:78:e3:e1:
                    94:ca:d7:5d:0d:7e:7f:ca:66:d0:b8:95:69:04:8e:
                    8e:b3:b5:79:28:8c:ea:aa:85:61:fa:7c:a8:e6:73:
                    db:42:1f:d9:9d:b1:a8:7a:de:65:40:fe:74:3e:34:
                    84:cc:31:3c:82:1b:9b:b2:9e:c7:0a:1c:91:c6:55:
                    c3:58:c5:81:b5:6e:3f:1f:cc:33:56:e8:6c:75:2b:
                    e5:f1:57:01:9d:fa:64:30:e1:44:17:57:4a:bc:12:
                    b4:3d:ad:c2:4c:a0:31:68:80:46:a2:40:53:d3:ac:
                    c5:2c:a1:62:82:30:72:30:3d:e5:1c:71:3b:9a:f2:
                    4f:17:2f:c6:28:d9:1c:1a:2d:d0:9f:bb:db:3c:2b:
                    54:20:12:92:a2:87:d9:82:49:e6:4e:ae:e8:bc:18:
                    42:84:ed:c8:66:b6:33:0a:6d:07:a3:86:89:2d:e9:
                    2b:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:C7:2B:37:E7:C5:1C:4E:62:2A:6B:5F:FE:10:28:FD:53:5F:80:D0
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/X8crN-fFHE5iKmtf_hAo_VNfgNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:500::/40

    Signature Algorithm: sha256WithRSAEncryption
         07:d4:a7:1b:77:12:ce:b6:6d:f7:48:29:7d:e7:d6:d4:67:d0:
         79:82:0d:48:45:a8:61:b6:71:38:8d:92:30:7c:62:d1:8a:1e:
         fa:d9:dc:b2:5d:84:43:7a:aa:40:fa:a7:6a:b0:b8:ed:7d:c6:
         16:67:60:f1:50:18:75:3b:a9:a1:d1:97:29:3b:b9:b0:2a:60:
         80:9c:0d:33:95:3e:e5:cf:84:0c:49:ed:6b:53:45:f2:54:cb:
         d7:b7:d7:39:df:06:48:97:b6:4b:dc:a7:30:dc:f8:df:aa:71:
         7f:cb:7f:50:8a:de:f4:89:8d:02:11:d0:0b:72:fd:28:95:79:
         64:4a:41:db:30:ce:fc:62:d2:b6:58:9b:f7:ae:c5:b3:bb:e9:
         71:9b:98:0c:d1:8d:e1:f3:04:5f:bf:93:b1:96:f5:c1:7b:b8:
         8c:2b:10:d3:a2:1a:bb:5b:a8:7f:42:04:34:46:93:99:8c:12:
         09:d1:84:a1:7a:73:56:87:14:8c:21:f2:0b:4c:8f:12:1b:6b:
         9c:4c:ef:f0:da:20:7a:2b:de:36:06:5c:f4:13:1b:05:05:8f:
         5a:17:76:3b:53:52:42:e2:f2:52:87:9c:db:49:73:57:bd:b0:
         99:67:c0:98:d7:be:52:77:f5:4e:95:29:ee:c2:b8:53:be:e1:
         60:8b:d3:d2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ7cTr4JlcEqtn3ipTUR2nBMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNjE4MTk1NjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmM3MmIzN2U3YzUxYzRlNjIyYTZiNWZmZTEwMjhmZDUzNWY4MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2tHIxOhurTXw4n3zomMMvMJkkwU1
FIya9d1TCi/vH7/5JpS0/NHAIrm52G+F3fNYzi4KI6xiM86R0WX0GbzysyvYXEBl
xFpoUrDsRXAAI0mb1pK+mTZ44+GUytddDX5/ymbQuJVpBI6Os7V5KIzqqoVh+nyo
5nPbQh/ZnbGoet5lQP50PjSEzDE8ghubsp7HChyRxlXDWMWBtW4/H8wzVuhsdSvl
8VcBnfpkMOFEF1dKvBK0Pa3CTKAxaIBGokBT06zFLKFigjByMD3lHHE7mvJPFy/G
KNkcGi3Qn7vbPCtUIBKSoofZgknmTq7ovBhChO3IZrYzCm0Ho4aJLekrOQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFF/HKzfnxRxOYiprX/4QKP1TX4DQMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvWDhjck4tZkZIRTVpS210Zl9oQW9fVk5mZ05BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhTDgAUw
DQYJKoZIhvcNAQELBQADggEBAAfUpxt3Es62bfdIKX3n1tRn0HmCDUhFqGG2cTiN
kjB8YtGKHvrZ3LJdhEN6qkD6p2qwuO19xhZnYPFQGHU7qaHRlyk7ubAqYICcDTOV
PuXPhAxJ7WtTRfJUy9e31znfBkiXtkvcpzDc+N+qcX/Lf1CK3vSJjQIR0Aty/SiV
eWRKQdswzvxi0rZYm/euxbO76XGbmAzRjeHzBF+/k7GW9cF7uIwrENOiGrtbqH9C
BDRGk5mMEgnRhKF6c1aHFIwh8gtMjxIba5xM7/DaIHor3jYGXPQTGwUFj1oXdjtT
UkLi8lKHnNtJc1e9sJlnwJjXvlJ39U6VKe7CuFO+4WCL09I=
-----END CERTIFICATE-----