Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/178ZzgUyw6jGlHTStw0fl7LVjQw.roa
File:                     178ZzgUyw6jGlHTStw0fl7LVjQw.roa (raw, json)
Hash identifier:          JDen17Jb/YcOuABfNHC1cHnWaMCEPY01yLe7KShZSF0=
Subject key identifier:   D7:BF:19:CE:05:32:C3:A8:C6:94:74:D2:B7:0D:1F:97:B2:D5:8D:0C
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019CA155E579E81E06E4FC1B0686E1261519
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/178ZzgUyw6jGlHTStw0fl7LVjQw.roa
Signing time:             Fri 27 Feb 2026 23:01:26 +0000
ROA not before:           Fri 27 Feb 2026 23:01:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215685
IP address blocks:        2a14:c380:330::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a1:55:e5:79:e8:1e:06:e4:fc:1b:06:86:e1:26:15:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Feb 27 23:01:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d7bf19ce0532c3a8c69474d2b70d1f97b2d58d0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3d:6b:b0:e3:fc:78:cf:2c:f3:e4:6a:d9:18:
                    28:96:bf:62:32:22:7d:22:49:da:bf:a3:78:6c:a1:
                    78:fa:79:8f:85:ae:6f:93:64:ef:17:90:b5:82:b1:
                    b2:2e:3d:bd:44:cc:f5:71:57:b8:24:15:32:33:cc:
                    bf:73:87:81:29:1c:97:f0:21:b8:45:2f:b6:1c:17:
                    b5:1d:d7:86:de:75:45:4d:b0:8b:6c:f6:41:56:4c:
                    bf:05:53:58:35:50:5c:f6:7a:1f:48:17:73:f4:56:
                    28:ee:c2:0d:a3:9f:11:e4:7b:5a:a6:7c:09:e6:ee:
                    92:47:01:68:ad:39:ef:be:1c:9a:f2:b2:4a:f7:11:
                    31:49:17:22:df:dc:af:7b:be:25:59:6d:33:ca:78:
                    f8:60:83:24:a3:c7:2d:36:f4:0e:82:a8:bc:61:b8:
                    ac:f0:12:3b:b7:96:b2:ad:72:28:49:29:56:a5:94:
                    ba:27:fe:18:18:68:33:79:cb:05:8a:16:5d:d5:d4:
                    65:06:b8:3c:ad:7c:d0:f3:77:d2:81:37:ef:d6:8a:
                    ba:1d:fd:89:f2:6a:92:fb:fe:11:87:f8:c4:75:08:
                    e2:e5:7a:25:6d:15:3b:fb:1e:99:63:8e:ad:5f:95:
                    6a:1d:f1:3d:19:48:3d:0f:37:cf:57:01:25:f8:58:
                    88:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:BF:19:CE:05:32:C3:A8:C6:94:74:D2:B7:0D:1F:97:B2:D5:8D:0C
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/178ZzgUyw6jGlHTStw0fl7LVjQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:330::/44

    Signature Algorithm: sha256WithRSAEncryption
         84:db:10:04:17:fd:fb:be:43:a4:9c:0e:d6:c8:d8:b9:31:b9:
         60:c7:9c:3d:69:33:34:7f:2f:f0:aa:1d:80:18:eb:45:80:b5:
         b6:06:01:ce:8d:16:75:38:ab:37:97:d7:91:55:03:57:6d:37:
         e4:97:65:40:3b:10:47:9e:0a:d3:2f:b5:9d:a9:e8:55:0e:93:
         61:25:b8:b9:f2:34:db:56:6a:8c:81:73:75:8b:f8:c8:d3:77:
         95:44:a9:58:a7:c0:56:d9:90:38:ba:8d:4a:4d:3c:62:1b:51:
         3d:2d:67:76:39:36:0b:a2:dd:3b:60:0f:01:0b:5a:1e:f4:fa:
         0e:9b:5b:c7:34:77:fb:00:21:2b:03:5e:a0:da:3f:34:82:7f:
         48:72:6c:61:d1:b0:67:3d:e3:fb:5d:8b:b9:a6:d9:21:00:43:
         f2:78:80:b8:75:e2:83:fd:d7:d3:71:9c:56:da:4d:13:62:79:
         77:85:f3:3c:cd:dd:15:15:93:3a:9a:4a:bc:54:7a:a0:e5:0c:
         0a:60:bf:ca:dc:8c:b5:6e:e8:42:f6:69:8c:0f:d3:b3:71:99:
         13:2d:f8:0c:45:e9:d0:75:3c:8f:cf:74:d0:80:9e:ff:17:0f:
         1b:8e:bb:63:75:d5:ec:27:37:96:1b:2a:b7:fd:37:0a:e2:1f:
         0b:33:50:c7
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyhVeV56B4G5PwbBobhJhUZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwMjI3MjMwMTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2JmMTljZTA1MzJjM2E4YzY5NDc0ZDJiNzBkMWY5N2IyZDU4ZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2D1rsOP8eM8s8+Rq2Rgolr9iMiJ9
Iknav6N4bKF4+nmPha5vk2TvF5C1grGyLj29RMz1cVe4JBUyM8y/c4eBKRyX8CG4
RS+2HBe1HdeG3nVFTbCLbPZBVky/BVNYNVBc9nofSBdz9FYo7sINo58R5HtapnwJ
5u6SRwForTnvvhya8rJK9xExSRci39yve74lWW0zynj4YIMko8ctNvQOgqi8Ybis
8BI7t5ayrXIoSSlWpZS6J/4YGGgzecsFihZd1dRlBrg8rXzQ83fSgTfv1oq6Hf2J
8mqS+/4Rh/jEdQji5XolbRU7+x6ZY46tX5VqHfE9GUg9DzfPVwEl+FiIxQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNe/Gc4FMsOoxpR00rcNH5ey1Y0MMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvMTc4WnpnVXl3NmpHbEhUU3R3MGZsN0xWalF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAMw
MA0GCSqGSIb3DQEBCwUAA4IBAQCE2xAEF/37vkOknA7WyNi5Mblgx5w9aTM0fy/w
qh2AGOtFgLW2BgHOjRZ1OKs3l9eRVQNXbTfkl2VAOxBHngrTL7WdqehVDpNhJbi5
8jTbVmqMgXN1i/jI03eVRKlYp8BW2ZA4uo1KTTxiG1E9LWd2OTYLot07YA8BC1oe
9PoOm1vHNHf7ACErA16g2j80gn9Icmxh0bBnPeP7XYu5ptkhAEPyeIC4deKD/dfT
cZxW2k0TYnl3hfM8zd0VFZM6mkq8VHqg5QwKYL/K3Iy1buhC9mmMD9OzcZkTLfgM
RenQdTyPz3TQgJ7/Fw8bjrtjddXsJzeWGyq3/TcK4h8LM1DH
-----END CERTIFICATE-----