Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/hConJuDtxTw1uz56Df5PkgL271g.roa
File:                     hConJuDtxTw1uz56Df5PkgL271g.roa (raw, json)
Hash identifier:          W/nEa/WqZ9JadoBklJLPDZS38k4h8pCYf/NoZ6SiMVQ=
Subject key identifier:   84:2A:27:26:E0:ED:C5:3C:35:BB:3E:7A:0D:FE:4F:92:02:F6:EF:58
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019E8225F8ECA96281A9B6F636FBB4035831
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/hConJuDtxTw1uz56Df5PkgL271g.roa
Signing time:             Mon 01 Jun 2026 07:46:27 +0000
ROA not before:           Mon 01 Jun 2026 07:46:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58212
IP address blocks:        2a14:c380:140::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:25:f8:ec:a9:62:81:a9:b6:f6:36:fb:b4:03:58:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Jun  1 07:46:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=842a2726e0edc53c35bb3e7a0dfe4f9202f6ef58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:07:8a:33:12:02:63:1c:3b:1b:5a:48:5f:ee:
                    44:99:a3:cc:18:2a:40:96:d3:8a:5b:e5:ec:b6:76:
                    dd:65:1f:84:f8:94:d6:cd:6f:d0:14:8f:bc:ce:07:
                    3a:51:d9:42:d3:f8:0e:58:b8:48:29:cf:63:5d:e0:
                    4a:4c:65:7b:94:32:e7:cb:82:0e:09:be:8e:99:8c:
                    eb:cc:b4:ed:51:e2:9c:e9:30:d9:2b:ba:84:dc:a5:
                    03:f1:6f:f3:14:84:c9:19:d9:e1:51:5e:26:4f:c2:
                    81:de:6d:83:4d:74:96:15:91:ac:56:e1:9d:de:d4:
                    bc:7d:94:88:c5:2f:91:45:0d:90:25:98:8c:52:58:
                    04:0a:3b:eb:bb:79:25:e8:15:ec:1f:4e:9d:9b:a0:
                    b3:49:ea:47:b9:a3:d3:0f:1d:f1:8b:b9:08:a6:ba:
                    3c:a1:9b:32:d3:b7:77:c8:db:a9:a8:1f:05:c5:0e:
                    a7:ef:44:99:6d:70:59:4f:b0:ea:18:52:6e:70:c4:
                    b0:b7:e2:a4:22:e5:8f:3e:94:af:16:2e:fc:20:a1:
                    86:25:83:26:12:fb:8c:2f:5b:7e:6b:d4:4c:92:d2:
                    6a:85:c3:ce:fd:ec:7b:6d:49:db:2d:88:55:69:1a:
                    f4:01:7a:40:ca:61:5e:1e:ce:c5:31:49:4f:47:75:
                    92:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:2A:27:26:E0:ED:C5:3C:35:BB:3E:7A:0D:FE:4F:92:02:F6:EF:58
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/hConJuDtxTw1uz56Df5PkgL271g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:140::/44

    Signature Algorithm: sha256WithRSAEncryption
         42:0b:c2:2e:da:3e:c3:b9:d2:ed:9e:98:d8:9d:f3:f9:04:ab:
         78:52:6d:ed:bd:e9:ea:98:b4:73:d0:f9:5f:b7:b5:f9:24:60:
         4c:2d:b7:f1:0d:90:f3:ee:1f:3b:43:88:8a:7a:2b:c5:21:b5:
         f8:3e:dd:06:07:75:a4:dc:80:4f:61:65:c7:c6:4c:ba:d6:b6:
         35:e4:8e:2e:02:66:0a:53:77:f8:09:a3:5b:f4:a6:ae:aa:62:
         68:4e:f3:c2:04:2a:b3:4a:36:d5:a9:fc:d5:a3:4b:0f:a6:e2:
         4a:e0:e4:62:1f:5e:68:db:01:7c:df:bb:a3:04:00:ef:81:96:
         bf:bc:90:4a:2d:d9:25:13:b1:ba:b9:b8:f3:2a:a9:84:48:c0:
         8d:c5:12:ee:6d:e2:a8:d3:77:82:37:9b:9f:31:16:32:ca:07:
         ca:96:0f:94:52:12:8a:fa:ed:82:a2:d5:1e:84:a5:18:75:e5:
         85:cb:31:bf:44:8f:40:dd:1a:8b:c8:ad:d5:7f:c5:60:ef:a6:
         d6:39:db:87:e2:b3:ad:9f:e5:a8:88:5b:07:9b:d9:99:11:19:
         1c:14:ec:4c:d3:b5:2a:4d:7b:9b:e8:b0:93:a5:b4:74:a1:9a:
         26:25:a4:c3:69:d8:c5:2b:18:3c:aa:ce:da:f4:e0:36:6f:df:
         b6:a0:4b:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ6CJfjsqWKBqbb2Nvu0A1gxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNjAxMDc0NjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDJhMjcyNmUwZWRjNTNjMzViYjNlN2EwZGZlNGY5MjAyZjZlZjU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAeKMxICYxw7G1pIX+5EmaPMGCpA
ltOKW+XstnbdZR+E+JTWzW/QFI+8zgc6UdlC0/gOWLhIKc9jXeBKTGV7lDLny4IO
Cb6OmYzrzLTtUeKc6TDZK7qE3KUD8W/zFITJGdnhUV4mT8KB3m2DTXSWFZGsVuGd
3tS8fZSIxS+RRQ2QJZiMUlgECjvru3kl6BXsH06dm6CzSepHuaPTDx3xi7kIpro8
oZsy07d3yNupqB8FxQ6n70SZbXBZT7DqGFJucMSwt+KkIuWPPpSvFi78IKGGJYMm
EvuML1t+a9RMktJqhcPO/ex7bUnbLYhVaRr0AXpAymFeHs7FMUlPR3WSgwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIQqJybg7cU8Nbs+eg3+T5IC9u9YMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvaENvbkp1RHR4VHcxdXo1NkRmNVBrZ0wyNzFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAFA
MA0GCSqGSIb3DQEBCwUAA4IBAQBCC8Iu2j7DudLtnpjYnfP5BKt4Um3tvenqmLRz
0Plft7X5JGBMLbfxDZDz7h87Q4iKeivFIbX4Pt0GB3Wk3IBPYWXHxky61rY15I4u
AmYKU3f4CaNb9KauqmJoTvPCBCqzSjbVqfzVo0sPpuJK4ORiH15o2wF837ujBADv
gZa/vJBKLdklE7G6ubjzKqmESMCNxRLubeKo03eCN5ufMRYyygfKlg+UUhKK+u2C
otUehKUYdeWFyzG/RI9A3RqLyK3Vf8Vg76bWOduH4rOtn+WoiFsHm9mZERkcFOxM
07UqTXub6LCTpbR0oZomJaTDadjFKxg8qs7a9OA2b9+2oEsv
-----END CERTIFICATE-----