Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/x9NL8_t4Sb9orGS5GpN8EDwsXCY.roa
File:                     x9NL8_t4Sb9orGS5GpN8EDwsXCY.roa (raw, json)
Hash identifier:          eTQB7QzQYFuU3vGQvFy7YncrFGiRo7xQgjdzpNjkBpo=
Subject key identifier:   C7:D3:4B:F3:FB:78:49:BF:68:AC:64:B9:1A:93:7C:10:3C:2C:5C:26
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019EDC4EBD605F43058FEE800D343977FBEE
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/x9NL8_t4Sb9orGS5GpN8EDwsXCY.roa
Signing time:             Thu 18 Jun 2026 19:56:48 +0000
ROA not before:           Thu 18 Jun 2026 19:56:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197363
IP address blocks:        2a14:c380:170::/44 maxlen: 48
                          2a14:c380:170::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:dc:4e:bd:60:5f:43:05:8f:ee:80:0d:34:39:77:fb:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Jun 18 19:56:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c7d34bf3fb7849bf68ac64b91a937c103c2c5c26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:fb:cf:88:f4:ac:76:c7:63:42:31:ac:5a:88:
                    b2:bc:a9:78:a0:a7:8f:c3:26:e3:5b:fc:5b:5b:a4:
                    2f:c7:a9:b7:6a:1b:b9:a4:40:86:51:4f:ad:33:e5:
                    74:08:70:c1:59:47:18:22:93:a2:17:7b:dd:3d:09:
                    b6:b3:93:82:f4:ea:c7:1a:92:c4:ea:70:15:cd:5a:
                    97:72:fd:c2:d6:79:a1:21:5f:4e:1a:22:22:6f:a4:
                    90:ce:2f:a9:a1:5f:ad:76:bb:c3:e3:be:98:62:89:
                    7c:12:8c:62:20:1f:ec:49:79:e9:f1:15:b4:fb:47:
                    93:a2:6e:97:00:b4:0b:46:b2:a4:e2:ea:f4:10:2b:
                    dd:d4:d2:7f:b5:77:da:b5:bb:f3:29:36:93:a9:8a:
                    b0:ef:60:0b:64:52:da:b5:bc:b5:c5:ba:fd:13:b1:
                    2b:bb:0c:2e:c7:3f:7b:fd:1f:37:80:fa:42:85:e5:
                    ef:fc:58:1c:89:af:38:01:92:40:28:ed:c1:8e:51:
                    8e:dc:48:b8:3e:77:cc:86:dd:36:7c:0e:34:ca:bc:
                    e3:6d:7f:0b:51:2e:84:a9:1b:b2:1e:f5:53:e0:b9:
                    76:18:af:89:57:b3:e4:b7:0b:4b:f9:8f:47:65:ad:
                    9c:9f:ea:4c:f1:9f:0c:a8:e5:91:70:de:25:d5:60:
                    b0:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:D3:4B:F3:FB:78:49:BF:68:AC:64:B9:1A:93:7C:10:3C:2C:5C:26
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/x9NL8_t4Sb9orGS5GpN8EDwsXCY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:170::/44

    Signature Algorithm: sha256WithRSAEncryption
         42:db:a3:6e:c6:b1:ad:f1:dd:ed:38:f5:00:42:fe:5a:8e:d1:
         3b:e0:59:4d:e5:27:22:45:1d:cd:b0:25:f8:fe:90:e4:64:02:
         cb:58:72:db:91:d0:73:e2:79:9c:db:e7:4b:dc:bf:61:80:d1:
         23:af:ac:c4:91:e3:a0:be:b4:22:74:38:93:40:ba:7b:d1:d9:
         38:4c:5c:63:33:c4:96:91:78:1c:2a:d9:cb:e1:08:79:e4:e3:
         94:26:86:4a:7e:d3:d5:db:e0:13:07:eb:cc:53:50:31:69:0e:
         5d:b6:ee:0b:f8:e5:50:a5:64:67:8c:d0:f9:da:85:5d:10:1f:
         0a:60:c4:67:91:15:57:48:cc:02:c6:98:1c:ff:ee:f7:d9:3f:
         85:ad:5d:1f:6e:e2:1a:c0:ea:db:1a:b3:2f:fd:ba:3a:a9:61:
         eb:45:70:19:cb:e0:53:09:05:f6:b3:67:21:d3:e1:b9:b9:05:
         37:ad:1b:59:93:36:14:22:4c:3f:4e:c6:a7:e5:6b:ec:9a:30:
         64:c0:ef:ac:78:08:39:22:d7:1c:bb:0f:cb:a2:dc:aa:2f:a6:
         9c:0f:9b:1c:1c:39:b0:31:40:2e:f8:af:c5:63:f4:f4:13:37:
         e2:93:82:93:3a:54:60:73:fb:11:64:fe:ed:c9:ca:02:90:b5:
         fe:9e:82:c2
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7cTr1gX0MFj+6ADTQ5d/vuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNjE4MTk1NjQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2QzNGJmM2ZiNzg0OWJmNjhhYzY0YjkxYTkzN2MxMDNjMmM1YzI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PvPiPSsdsdjQjGsWoiyvKl4oKeP
wybjW/xbW6Qvx6m3ahu5pECGUU+tM+V0CHDBWUcYIpOiF3vdPQm2s5OC9OrHGpLE
6nAVzVqXcv3C1nmhIV9OGiIib6SQzi+poV+tdrvD476YYol8EoxiIB/sSXnp8RW0
+0eTom6XALQLRrKk4ur0ECvd1NJ/tXfatbvzKTaTqYqw72ALZFLatby1xbr9E7Er
uwwuxz97/R83gPpCheXv/Fgcia84AZJAKO3BjlGO3Ei4PnfMht02fA40yrzjbX8L
US6EqRuyHvVT4Ll2GK+JV7PktwtL+Y9HZa2cn+pM8Z8MqOWRcN4l1WCwwQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFMfTS/P7eEm/aKxkuRqTfBA8LFwmMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEveDlOTDhfdDRTYjlvckdTNUdwTjhFRHdzWENZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAFw
MA0GCSqGSIb3DQEBCwUAA4IBAQBC26NuxrGt8d3tOPUAQv5ajtE74FlN5SciRR3N
sCX4/pDkZALLWHLbkdBz4nmc2+dL3L9hgNEjr6zEkeOgvrQidDiTQLp70dk4TFxj
M8SWkXgcKtnL4Qh55OOUJoZKftPV2+ATB+vMU1AxaQ5dtu4L+OVQpWRnjND52oVd
EB8KYMRnkRVXSMwCxpgc/+732T+FrV0fbuIawOrbGrMv/bo6qWHrRXAZy+BTCQX2
s2ch0+G5uQU3rRtZkzYUIkw/Tsan5WvsmjBkwO+seAg5Itccuw/LotyqL6acD5sc
HDmwMUAu+K/FY/T0Ezfik4KTOlRgc/sRZP7tycoCkLX+noLC
-----END CERTIFICATE-----