Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/z32rSILro6H6lM-SUnMtOdOVa1Y.roa
File:                     z32rSILro6H6lM-SUnMtOdOVa1Y.roa (raw, json)
Hash identifier:          tt+vTYimw/uAS7+V+2w+GGp8A1VdmFMsjcOgNEc2QA4=
Subject key identifier:   CF:7D:AB:48:82:EB:A3:A1:FA:94:CF:92:52:73:2D:39:D3:95:6B:56
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019EDC4DD884E3262FF06E27768C7DF73D0F
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/z32rSILro6H6lM-SUnMtOdOVa1Y.roa
Signing time:             Thu 18 Jun 2026 19:55:49 +0000
ROA not before:           Thu 18 Jun 2026 19:55:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     401835
IP address blocks:        2a14:c380:328::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:dc:4d:d8:84:e3:26:2f:f0:6e:27:76:8c:7d:f7:3d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Jun 18 19:55:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cf7dab4882eba3a1fa94cf9252732d39d3956b56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7e:14:cb:ac:cb:0a:e8:ad:93:ca:ea:b3:8e:
                    28:7e:c5:ba:c9:66:fe:75:33:d5:7d:3f:5b:50:be:
                    d3:c6:90:fa:16:e0:06:df:fe:07:8f:21:a9:32:9f:
                    38:ae:53:7c:cf:fc:6b:2f:c6:e2:11:08:c4:37:a8:
                    6c:1f:bf:1e:34:f1:ef:bd:65:c4:73:db:de:03:1e:
                    7b:3f:77:b7:8c:37:9a:f2:a3:a2:2c:07:4d:30:c7:
                    89:09:3b:4b:dc:21:7e:36:1d:3e:18:81:20:75:d5:
                    a7:70:b6:8b:48:2d:93:0e:aa:90:33:56:ed:42:8a:
                    fb:d1:ee:78:0c:b4:5f:0b:a7:51:9e:f2:aa:1a:15:
                    32:4f:1f:ce:95:b0:03:fa:80:2c:38:05:27:f7:9d:
                    bd:39:0e:c2:3e:d6:16:70:42:88:59:d6:6f:0e:ca:
                    6d:d6:ec:f1:c2:17:8e:de:fb:0b:62:f7:4a:ce:3d:
                    ff:2f:c7:62:f6:01:b6:13:35:e8:3c:78:21:e2:ff:
                    98:87:7e:cc:a5:1d:5a:ff:63:d3:d5:56:a8:77:96:
                    5a:9a:95:ee:b2:a3:b4:1d:74:c3:c1:1d:db:27:35:
                    bf:55:c8:59:fe:13:65:4f:56:2f:d5:8f:22:13:79:
                    17:50:2b:50:67:10:9d:c2:08:8c:78:bd:5a:85:cb:
                    54:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:7D:AB:48:82:EB:A3:A1:FA:94:CF:92:52:73:2D:39:D3:95:6B:56
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/z32rSILro6H6lM-SUnMtOdOVa1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:328::/48

    Signature Algorithm: sha256WithRSAEncryption
         6c:79:a8:9a:db:4a:a8:53:2c:90:87:a2:b5:10:67:f9:62:92:
         43:c1:be:12:59:83:0a:77:d3:7d:6b:5a:3e:82:ad:e7:33:da:
         b7:52:7a:10:6f:95:30:96:bb:ac:d5:70:00:42:2b:41:a9:a4:
         60:c8:07:03:74:f4:6f:5d:5a:0d:df:d4:87:fd:af:0e:b2:aa:
         3b:73:b4:87:0b:1e:ea:65:c0:58:45:e3:b6:eb:f5:78:a7:d4:
         17:d4:1d:1c:a5:2e:c0:6f:aa:db:f2:3e:c9:8a:4a:68:84:ea:
         e6:b5:d9:2f:b1:38:86:72:ef:23:a3:5a:5f:9b:07:ee:b4:59:
         ef:ad:74:5b:a7:4c:81:b1:c5:c3:ec:07:a3:46:36:ea:3e:f6:
         40:87:54:38:8b:8e:ec:66:a5:df:b9:1c:c0:6f:ca:cd:2e:ac:
         6f:2a:9a:d3:a6:05:e1:70:96:20:1e:33:27:f2:2a:78:fb:37:
         9e:64:65:64:33:80:83:6a:52:28:c4:fe:33:7b:51:96:47:3c:
         bb:08:fa:94:29:46:88:1a:8e:7a:65:cd:ad:6b:a6:95:2f:0f:
         74:cb:5e:b9:c1:2f:27:f6:dd:91:6e:1b:5b:30:6e:23:5e:2b:
         90:16:09:6f:d6:25:36:6f:f8:38:5d:57:eb:93:06:4c:cd:5f:
         51:d0:cb:57
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7cTdiE4yYv8G4ndox99z0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNjE4MTk1NTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjdkYWI0ODgyZWJhM2ExZmE5NGNmOTI1MjczMmQzOWQzOTU2YjU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3n4Uy6zLCuitk8rqs44ofsW6yWb+
dTPVfT9bUL7TxpD6FuAG3/4HjyGpMp84rlN8z/xrL8biEQjEN6hsH78eNPHvvWXE
c9veAx57P3e3jDea8qOiLAdNMMeJCTtL3CF+Nh0+GIEgddWncLaLSC2TDqqQM1bt
Qor70e54DLRfC6dRnvKqGhUyTx/OlbAD+oAsOAUn9529OQ7CPtYWcEKIWdZvDspt
1uzxwheO3vsLYvdKzj3/L8di9gG2EzXoPHgh4v+Yh37MpR1a/2PT1Vaod5ZampXu
sqO0HXTDwR3bJzW/VchZ/hNlT1Yv1Y8iE3kXUCtQZxCdwgiMeL1ahctUjwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFM99q0iC66Oh+pTPklJzLTnTlWtWMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvejMyclNJTHJvNkg2bE0tU1VuTXRPZE9WYTFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhTDgAMo
MA0GCSqGSIb3DQEBCwUAA4IBAQBseaia20qoUyyQh6K1EGf5YpJDwb4SWYMKd9N9
a1o+gq3nM9q3UnoQb5Uwlrus1XAAQitBqaRgyAcDdPRvXVoN39SH/a8Osqo7c7SH
Cx7qZcBYReO26/V4p9QX1B0cpS7Ab6rb8j7JikpohOrmtdkvsTiGcu8jo1pfmwfu
tFnvrXRbp0yBscXD7AejRjbqPvZAh1Q4i47sZqXfuRzAb8rNLqxvKprTpgXhcJYg
HjMn8ip4+zeeZGVkM4CDalIoxP4ze1GWRzy7CPqUKUaIGo56Zc2ta6aVLw90y165
wS8n9t2RbhtbMG4jXiuQFglv1iU2b/g4XVfrkwZMzV9R0MtX
-----END CERTIFICATE-----