Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/b2wzhjS_AtnJdsLkhxbnpkExm3c.roa
File:                     b2wzhjS_AtnJdsLkhxbnpkExm3c.roa (raw, json)
Hash identifier:          +Ob01FmXZM8S+UNoQE07pmYymgwSkoGoiICUnOXvspA=
Subject key identifier:   6F:6C:33:86:34:BF:02:D9:C9:76:C2:E4:87:16:E7:A6:41:31:9B:77
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019EDC4DD7A54FB8D2C8CC32C06FF8B6E52E
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/b2wzhjS_AtnJdsLkhxbnpkExm3c.roa
Signing time:             Thu 18 Jun 2026 19:55:49 +0000
ROA not before:           Thu 18 Jun 2026 19:55:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213641
IP address blocks:        2a14:c380:220::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:dc:4d:d7:a5:4f:b8:d2:c8:cc:32:c0:6f:f8:b6:e5:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Jun 18 19:55:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6f6c338634bf02d9c976c2e48716e7a641319b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:94:67:23:84:89:bd:56:49:80:4c:bf:18:c7:
                    7c:4b:f5:e9:03:1b:f0:de:80:70:ab:05:fa:71:95:
                    56:8d:b0:94:d7:5e:1b:71:41:c1:44:a7:84:21:7c:
                    cf:79:0b:97:28:b1:8c:fd:7b:42:27:a3:8d:a3:32:
                    32:3d:74:9d:ad:58:3f:84:2a:62:14:a2:e9:ad:99:
                    da:34:20:6a:4f:39:1e:ac:f5:73:28:b3:b7:aa:3a:
                    c4:4f:95:2a:70:24:f3:c8:b3:14:01:a7:bd:78:d7:
                    2d:c0:6e:e0:a6:51:5a:81:51:94:75:6e:03:19:dd:
                    f6:c3:fb:bb:7b:71:e5:74:80:07:83:5f:39:f5:46:
                    3a:4b:90:0b:8e:a7:19:a7:1b:52:02:19:34:c9:20:
                    10:e1:ec:d0:05:90:bc:d2:fe:4e:a1:54:0b:4c:ed:
                    02:e2:3f:8b:6c:2a:2b:d0:6e:b1:14:b0:bc:90:a6:
                    bd:30:1a:d1:f7:69:4b:5c:38:2e:a6:67:62:ba:cf:
                    72:63:18:17:26:b3:eb:4f:b8:69:2f:76:8f:35:49:
                    54:fb:b0:07:a8:83:86:4a:39:54:26:bc:80:9f:28:
                    a6:f0:8e:99:82:dd:34:a8:8c:e9:8f:16:01:07:f8:
                    f6:58:92:d3:44:39:a9:04:f9:68:83:cd:f2:f9:82:
                    69:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6C:33:86:34:BF:02:D9:C9:76:C2:E4:87:16:E7:A6:41:31:9B:77
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/b2wzhjS_AtnJdsLkhxbnpkExm3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:220::/48

    Signature Algorithm: sha256WithRSAEncryption
         85:b9:99:b3:a1:76:30:a4:94:89:27:fd:f4:53:28:fa:34:f8:
         63:7c:e6:9a:34:0b:b2:70:fa:19:ac:9d:42:ed:60:e8:66:9b:
         f3:e6:ab:7c:42:6f:cd:59:6e:39:6b:23:78:7a:c6:77:4a:bc:
         5f:3f:36:35:85:5f:16:ab:d3:8d:94:e4:fb:7f:56:48:58:f5:
         a5:62:d2:c8:96:4f:3e:83:2f:cb:4e:66:c2:5f:91:eb:4c:2c:
         83:9e:d1:6a:15:6e:78:1e:ef:7e:43:09:42:36:25:ed:2a:9e:
         7a:27:f8:8a:0d:09:9f:67:12:a7:7e:8a:0a:14:f6:73:57:d1:
         8d:1d:bd:f7:24:5a:3b:81:d0:b4:5b:f6:0a:bf:07:3e:e1:3f:
         58:1c:49:ab:f1:e8:04:a2:ad:19:2e:ad:ba:d0:cf:26:88:e0:
         5d:ef:5f:bc:24:66:de:a2:b8:4b:b5:ca:63:ea:36:d8:ed:02:
         2d:90:11:03:7f:79:9a:8d:8f:1f:a3:1e:51:50:2d:7d:a4:b1:
         d8:36:cc:3c:e1:b1:46:10:7d:53:cd:7d:4e:95:30:9f:ef:0b:
         15:d9:3f:63:6b:cb:b5:26:3f:88:68:6c:cd:4d:f4:32:5f:80:
         33:0d:6e:92:1c:fd:5a:6c:7c:c0:42:28:00:43:78:52:9b:38:
         6b:b4:f3:b7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7cTdelT7jSyMwywG/4tuUuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNjE4MTk1NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZjMzM4NjM0YmYwMmQ5Yzk3NmMyZTQ4NzE2ZTdhNjQxMzE5Yjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpRnI4SJvVZJgEy/GMd8S/XpAxvw
3oBwqwX6cZVWjbCU114bcUHBRKeEIXzPeQuXKLGM/XtCJ6ONozIyPXSdrVg/hCpi
FKLprZnaNCBqTzkerPVzKLO3qjrET5UqcCTzyLMUAae9eNctwG7gplFagVGUdW4D
Gd32w/u7e3HldIAHg1859UY6S5ALjqcZpxtSAhk0ySAQ4ezQBZC80v5OoVQLTO0C
4j+LbCor0G6xFLC8kKa9MBrR92lLXDgupmdius9yYxgXJrPrT7hpL3aPNUlU+7AH
qIOGSjlUJryAnyim8I6Zgt00qIzpjxYBB/j2WJLTRDmpBPlog83y+YJpEQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFG9sM4Y0vwLZyXbC5IcW56ZBMZt3MB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvYjJ3emhqU19BdG5KZHNMa2h4Ym5wa0V4bTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhTDgAIg
MA0GCSqGSIb3DQEBCwUAA4IBAQCFuZmzoXYwpJSJJ/30Uyj6NPhjfOaaNAuycPoZ
rJ1C7WDoZpvz5qt8Qm/NWW45ayN4esZ3SrxfPzY1hV8Wq9ONlOT7f1ZIWPWlYtLI
lk8+gy/LTmbCX5HrTCyDntFqFW54Hu9+QwlCNiXtKp56J/iKDQmfZxKnfooKFPZz
V9GNHb33JFo7gdC0W/YKvwc+4T9YHEmr8egEoq0ZLq260M8miOBd71+8JGbeorhL
tcpj6jbY7QItkBEDf3majY8fox5RUC19pLHYNsw84bFGEH1TzX1OlTCf7wsV2T9j
a8u1Jj+IaGzNTfQyX4AzDW6SHP1abHzAQigAQ3hSmzhrtPO3
-----END CERTIFICATE-----