Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/lOlqt8T-Bshq0LWgEoV7e4uhxBA.roa
File:                     lOlqt8T-Bshq0LWgEoV7e4uhxBA.roa (raw, json)
Hash identifier:          L6/A9bxvTBVhTOt222l8aug+9r5ASBjmq1vJb4ffmmg=
Subject key identifier:   94:E9:6A:B7:C4:FE:06:C8:6A:D0:B5:A0:12:85:7B:7B:8B:A1:C4:10
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019EC0D170C1FCE3AE1E3B5035BB87682807
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/lOlqt8T-Bshq0LWgEoV7e4uhxBA.roa
Signing time:             Sat 13 Jun 2026 11:50:11 +0000
ROA not before:           Sat 13 Jun 2026 11:50:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6517
IP address blocks:        2a14:c380:1b0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:c0:d1:70:c1:fc:e3:ae:1e:3b:50:35:bb:87:68:28:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Jun 13 11:50:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94e96ab7c4fe06c86ad0b5a012857b7b8ba1c410
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:ff:ce:4f:c8:0f:bd:21:31:78:a5:15:ab:d7:
                    30:f7:be:b4:fc:bd:4b:6e:d2:e4:d3:cc:e1:25:f4:
                    01:2d:25:bc:f4:e6:7b:3b:ad:db:6e:31:55:19:88:
                    d1:3f:1f:3d:63:e6:cc:1a:ca:91:6d:e3:9d:e1:c6:
                    57:aa:37:b9:d9:52:c5:56:ca:15:f1:4e:4d:9f:14:
                    42:c7:94:c0:08:c5:ea:15:d9:92:64:fe:a6:d7:68:
                    26:ab:ff:0a:4b:07:f4:16:7f:2f:be:cc:ed:ab:32:
                    79:14:ad:b5:db:93:bc:4a:c5:d5:8a:65:6b:2f:bb:
                    f3:9b:fc:2d:48:2c:a6:30:dc:2c:7e:df:e8:1f:ca:
                    57:90:5d:77:ac:09:f8:79:d9:5e:f4:b1:f3:94:8c:
                    20:5d:2b:b5:1f:e2:3c:82:3a:fb:96:9b:45:27:fd:
                    3f:35:d0:d0:84:e7:5e:56:53:15:a0:27:3a:02:c5:
                    62:2b:1e:4b:14:75:24:87:ae:8d:ff:72:50:17:3f:
                    14:07:e3:5f:27:81:8b:02:f1:62:db:6a:d7:46:a3:
                    3d:3b:7b:de:38:17:a2:b1:c5:8b:64:ef:cf:18:b7:
                    99:c2:3c:b0:08:2e:13:9a:60:0b:af:75:09:98:30:
                    ed:ba:4f:9a:30:c0:94:b7:d7:be:67:94:37:97:c5:
                    21:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:E9:6A:B7:C4:FE:06:C8:6A:D0:B5:A0:12:85:7B:7B:8B:A1:C4:10
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/lOlqt8T-Bshq0LWgEoV7e4uhxBA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:1b0::/44

    Signature Algorithm: sha256WithRSAEncryption
         6c:38:5e:0d:ed:b8:12:bb:72:d6:a0:09:41:68:8a:e4:6f:18:
         cd:3f:9d:cc:ce:93:76:33:5c:e0:97:13:08:a3:b7:45:74:a2:
         3d:9b:81:f1:20:2e:ef:bc:5e:ae:31:0f:10:1c:4c:57:d3:0e:
         f3:82:29:96:77:1e:84:3a:69:46:0d:40:c6:d3:85:5b:6a:c1:
         ab:50:8f:b1:d8:d4:99:62:e7:6e:da:31:c3:d4:61:67:16:c0:
         15:b7:1f:25:d6:dc:01:3b:8f:95:31:a8:d1:d5:f9:2c:3c:a2:
         a6:75:62:d1:e2:f5:fa:d0:bd:43:b9:fc:aa:ab:a0:9f:f6:d5:
         c8:79:a8:6a:31:23:fe:d9:1e:36:c7:fa:48:78:a3:3f:2e:4b:
         60:10:c2:42:f1:d8:44:8b:8d:81:04:08:3e:e9:30:45:27:0d:
         4a:3e:9e:1f:7e:33:74:2c:54:89:70:60:25:24:00:92:db:25:
         b3:c5:9a:6c:28:56:c2:9a:7e:3f:2a:7f:5c:40:e1:a5:dd:32:
         72:b6:1c:f4:04:50:13:06:54:cc:be:98:76:7e:9a:f9:31:20:
         c9:d6:31:4c:6e:f0:7d:71:4c:72:e8:5e:c9:07:f0:a0:de:e1:
         a3:e3:60:d1:66:03:b6:47:8b:e0:cf:24:a4:bf:4c:dd:25:f9:
         c5:a1:ed:6b
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7A0XDB/OOuHjtQNbuHaCgHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNjEzMTE1MDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGU5NmFiN2M0ZmUwNmM4NmFkMGI1YTAxMjg1N2I3YjhiYTFjNDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxv/OT8gPvSExeKUVq9cw9760/L1L
btLk08zhJfQBLSW89OZ7O63bbjFVGYjRPx89Y+bMGsqRbeOd4cZXqje52VLFVsoV
8U5NnxRCx5TACMXqFdmSZP6m12gmq/8KSwf0Fn8vvsztqzJ5FK2125O8SsXVimVr
L7vzm/wtSCymMNwsft/oH8pXkF13rAn4edle9LHzlIwgXSu1H+I8gjr7lptFJ/0/
NdDQhOdeVlMVoCc6AsViKx5LFHUkh66N/3JQFz8UB+NfJ4GLAvFi22rXRqM9O3ve
OBeiscWLZO/PGLeZwjywCC4TmmALr3UJmDDtuk+aMMCUt9e+Z5Q3l8UhJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJTparfE/gbIatC1oBKFe3uLocQQMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvbE9scXQ4VC1Cc2hxMExXZ0VvVjdlNHVoeEJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAGw
MA0GCSqGSIb3DQEBCwUAA4IBAQBsOF4N7bgSu3LWoAlBaIrkbxjNP53MzpN2M1zg
lxMIo7dFdKI9m4HxIC7vvF6uMQ8QHExX0w7zgimWdx6EOmlGDUDG04VbasGrUI+x
2NSZYudu2jHD1GFnFsAVtx8l1twBO4+VMajR1fksPKKmdWLR4vX60L1Dufyqq6Cf
9tXIeahqMSP+2R42x/pIeKM/LktgEMJC8dhEi42BBAg+6TBFJw1KPp4ffjN0LFSJ
cGAlJACS2yWzxZpsKFbCmn4/Kn9cQOGl3TJythz0BFATBlTMvph2fpr5MSDJ1jFM
bvB9cUxy6F7JB/Cg3uGj42DRZgO2R4vgzySkv0zdJfnFoe1r
-----END CERTIFICATE-----