Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/ejSJacKQiysv1_tnDshMvRxDcX0.roa
File:                     ejSJacKQiysv1_tnDshMvRxDcX0.roa (raw, json)
Hash identifier:          yX7qCTwBuP1nYbPQZ3wgqaFDzEyiylvtK9ccBT91kXw=
Subject key identifier:   7A:34:89:69:C2:90:8B:2B:2F:D7:FB:67:0E:C8:4C:BD:1C:43:71:7D
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019DA01B0DB7EE141EEECB6974DCC8963051
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/ejSJacKQiysv1_tnDshMvRxDcX0.roa
Signing time:             Sat 18 Apr 2026 10:20:20 +0000
ROA not before:           Sat 18 Apr 2026 10:20:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209874
IP address blocks:        2a14:c380:700::/40 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a0:1b:0d:b7:ee:14:1e:ee:cb:69:74:dc:c8:96:30:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Apr 18 10:20:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7a348969c2908b2b2fd7fb670ec84cbd1c43717d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:45:17:51:90:0f:71:68:35:c3:b0:94:3b:03:
                    14:1c:ad:84:3d:c5:06:b4:cf:dc:1c:e7:07:96:83:
                    25:eb:d8:f2:a3:e9:ff:93:65:7c:d5:c2:e7:46:05:
                    73:66:78:12:b0:99:0b:0b:2f:a3:5d:5f:2e:af:61:
                    71:33:e7:46:40:82:9e:b4:40:f8:52:b8:16:97:33:
                    d2:a3:61:ca:9f:43:ba:99:f3:62:f7:14:c2:67:b6:
                    dc:c3:7c:18:68:7b:5e:d5:c3:c4:7c:f2:60:87:d9:
                    32:54:7d:d1:a8:9a:34:86:f6:72:64:d4:3d:21:8a:
                    4b:e9:18:c9:3a:9d:90:f0:c6:8a:2f:e9:4e:dd:92:
                    74:a8:d6:58:92:b2:fc:96:54:c0:b8:61:ae:8d:a6:
                    76:d3:21:28:dd:b3:2a:84:62:f4:ff:b7:cb:80:06:
                    a1:e7:89:6c:54:b4:a4:24:4b:93:a9:6f:71:56:ae:
                    36:15:2d:d1:88:de:04:c2:61:57:04:c5:34:06:07:
                    dc:8d:57:ec:d6:87:0f:e2:2d:a2:23:a6:2d:80:a8:
                    81:be:21:1c:20:33:40:0f:b2:d4:9e:6b:4f:6f:5f:
                    8c:1f:93:04:fe:bc:b2:7f:8f:b4:49:8a:fb:8d:c9:
                    17:06:0a:6f:fe:1e:e1:5b:1c:fe:e3:a7:42:f9:c5:
                    ef:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:34:89:69:C2:90:8B:2B:2F:D7:FB:67:0E:C8:4C:BD:1C:43:71:7D
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/ejSJacKQiysv1_tnDshMvRxDcX0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:700::/40

    Signature Algorithm: sha256WithRSAEncryption
         68:33:49:65:5e:ec:d0:ea:60:87:68:14:3c:76:52:51:5e:1a:
         9b:bf:35:28:98:c1:2c:1f:fc:03:bd:7b:9f:72:c4:1e:3b:11:
         aa:01:c6:5a:c5:9f:a1:42:84:c6:d5:1a:f3:23:ff:8b:30:9a:
         42:4f:a5:47:22:e2:63:92:c6:a3:23:f5:b8:cd:7a:d5:9f:51:
         2b:99:fc:f6:09:0f:8f:18:c4:5b:de:bf:bb:00:95:33:f7:4f:
         73:a8:25:d2:64:76:d6:34:4f:4e:d4:38:d3:ee:87:66:98:e6:
         3c:f7:36:8f:9a:67:8e:61:64:a1:53:95:48:b4:ad:e6:d8:3a:
         0d:c9:6d:4f:44:d7:c6:ca:1c:86:b7:ac:69:a0:9e:56:e8:aa:
         88:64:2c:eb:0a:ea:5e:04:cb:47:20:5c:17:1f:bd:d4:4f:f4:
         89:5c:a1:9f:85:0e:9e:2e:5b:54:ca:d3:6e:16:5a:31:b1:ed:
         bf:cd:4a:5c:59:6f:cb:53:bc:a3:42:43:12:1d:65:51:fd:3c:
         18:19:de:dc:0c:c8:4f:2a:d6:4c:db:45:e0:a0:f1:86:d6:cb:
         97:9c:ad:4e:b3:b2:17:5e:9e:9c:f8:2b:79:04:a0:30:52:44:
         b6:53:9e:25:50:2d:85:7f:f8:e1:6a:fa:05:99:e8:75:5c:c0:
         b5:bd:4a:4c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ2gGw237hQe7stpdNzIljBRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNDE4MTAyMDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTM0ODk2OWMyOTA4YjJiMmZkN2ZiNjcwZWM4NGNiZDFjNDM3MTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kUXUZAPcWg1w7CUOwMUHK2EPcUG
tM/cHOcHloMl69jyo+n/k2V81cLnRgVzZngSsJkLCy+jXV8ur2FxM+dGQIKetED4
UrgWlzPSo2HKn0O6mfNi9xTCZ7bcw3wYaHte1cPEfPJgh9kyVH3RqJo0hvZyZNQ9
IYpL6RjJOp2Q8MaKL+lO3ZJ0qNZYkrL8llTAuGGujaZ20yEo3bMqhGL0/7fLgAah
54lsVLSkJEuTqW9xVq42FS3RiN4EwmFXBMU0BgfcjVfs1ocP4i2iI6YtgKiBviEc
IDNAD7LUnmtPb1+MH5ME/ryyf4+0SYr7jckXBgpv/h7hWxz+46dC+cXv7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHo0iWnCkIsrL9f7Zw7ITL0cQ3F9MB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvZWpTSmFjS1FpeXN2MV90bkRzaE12UnhEY1gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKhTDgAcw
DQYJKoZIhvcNAQELBQADggEBAGgzSWVe7NDqYIdoFDx2UlFeGpu/NSiYwSwf/AO9
e59yxB47EaoBxlrFn6FChMbVGvMj/4swmkJPpUci4mOSxqMj9bjNetWfUSuZ/PYJ
D48YxFvev7sAlTP3T3OoJdJkdtY0T07UONPuh2aY5jz3No+aZ45hZKFTlUi0rebY
Og3JbU9E18bKHIa3rGmgnlboqohkLOsK6l4Ey0cgXBcfvdRP9IlcoZ+FDp4uW1TK
024WWjGx7b/NSlxZb8tTvKNCQxIdZVH9PBgZ3twMyE8q1kzbReCg8YbWy5ecrU6z
shdenpz4K3kEoDBSRLZTniVQLYV/+OFq+gWZ6HVcwLW9Skw=
-----END CERTIFICATE-----