Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/K6FmYRzjkXE4ZXIEG57BGtUzI9g.roa
File:                     K6FmYRzjkXE4ZXIEG57BGtUzI9g.roa (raw, json)
Hash identifier:          M9flqdRf1K5aFEzWCLxQdRerUlIgIDppjj7Bq7WHPao=
Subject key identifier:   2B:A1:66:61:1C:E3:91:71:38:65:72:04:1B:9E:C1:1A:D5:33:23:D8
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019CA4FB6E4ED0EC3D46AC6582AD066BC9DA
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/K6FmYRzjkXE4ZXIEG57BGtUzI9g.roa
Signing time:             Sat 28 Feb 2026 16:01:07 +0000
ROA not before:           Sat 28 Feb 2026 16:01:07 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210464
IP address blocks:        2a14:c380:25::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a4:fb:6e:4e:d0:ec:3d:46:ac:65:82:ad:06:6b:c9:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Feb 28 16:01:07 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ba166611ce39171386572041b9ec11ad53323d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:43:2f:5d:bc:09:65:a2:13:cf:9b:7e:5a:ac:
                    8b:16:7a:7d:46:88:cb:0d:81:35:4c:3a:11:c4:4f:
                    5c:fe:2b:e1:a4:ce:01:7e:82:8f:d5:a5:7a:24:f9:
                    32:aa:a1:90:9f:a8:d1:98:b8:c9:f2:74:71:8b:f2:
                    8f:7e:eb:d2:c4:98:05:36:28:d7:d9:dc:cf:0f:6b:
                    4e:1a:f1:e3:e0:92:08:18:6a:9f:9f:16:67:59:1e:
                    2a:46:70:1f:69:08:ef:af:08:c8:01:29:97:9f:f1:
                    d1:d6:e8:9d:2f:4d:76:d3:d8:82:07:6d:de:25:15:
                    56:57:9e:a7:9a:67:c4:94:fc:9f:36:61:da:70:30:
                    dc:32:a1:01:db:86:97:22:c8:ac:e4:e3:fe:56:6b:
                    df:fc:31:3a:08:8d:6a:68:77:6c:60:e9:73:2a:38:
                    51:c6:cf:39:81:f3:d4:f9:ac:2b:ee:e8:2f:ff:08:
                    55:21:27:7e:f8:3a:63:d4:ad:e3:2b:e2:93:70:ec:
                    ff:95:29:1c:bc:27:91:2d:a6:11:2a:77:d5:7d:2a:
                    ae:eb:cc:98:7c:12:f7:30:d7:73:94:71:7f:e0:fa:
                    83:58:c0:fb:05:23:73:bf:b7:d8:e5:fb:31:b1:49:
                    53:0b:5e:5e:f7:c3:87:97:b2:f2:02:df:2f:31:d2:
                    fa:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:A1:66:61:1C:E3:91:71:38:65:72:04:1B:9E:C1:1A:D5:33:23:D8
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/K6FmYRzjkXE4ZXIEG57BGtUzI9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:25::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:05:98:2f:0d:a1:de:7d:85:e7:21:1a:b3:96:03:a8:04:71:
         e5:3d:a5:e8:c2:e1:b2:f2:96:29:c6:53:bb:19:d3:bc:21:36:
         8a:80:39:44:18:b7:0c:87:57:43:c1:ad:76:70:26:b7:79:89:
         08:6b:73:39:47:35:36:64:61:56:1e:e2:f6:dc:4c:77:80:2e:
         dc:83:39:58:9e:cc:23:7b:ad:1b:7c:5d:a8:bc:54:f7:f4:3e:
         3c:ab:d1:18:94:af:07:20:e3:70:52:d1:2c:a5:53:f8:01:83:
         f3:1a:c6:2b:63:75:45:7e:ec:ed:6c:63:11:4c:ba:2f:e5:2e:
         2c:82:5d:27:62:44:2e:7b:db:eb:45:07:93:bc:ab:e0:d9:ef:
         e4:35:40:73:85:e7:63:9e:aa:36:62:8d:1a:3f:58:96:ea:18:
         ba:51:78:86:99:19:c3:4e:5e:87:c5:18:14:a3:25:04:54:2c:
         9c:b9:39:a6:60:38:41:bf:d3:aa:c9:26:d0:79:db:6d:65:40:
         a0:f8:e3:01:5d:17:4c:2b:e1:55:ac:57:b0:49:21:1c:39:1c:
         75:08:33:1b:e7:f2:a8:5b:2c:2a:39:43:60:f7:c7:f6:80:cf:
         91:77:41:b0:6f:73:e8:f3:ac:e8:e0:0d:1d:97:83:83:6f:5c:
         4f:0a:1a:60
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZyk+25O0Ow9Rqxlgq0Ga8naMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwMjI4MTYwMTA3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmExNjY2MTFjZTM5MTcxMzg2NTcyMDQxYjllYzExYWQ1MzMyM2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EMvXbwJZaITz5t+WqyLFnp9RojL
DYE1TDoRxE9c/ivhpM4BfoKP1aV6JPkyqqGQn6jRmLjJ8nRxi/KPfuvSxJgFNijX
2dzPD2tOGvHj4JIIGGqfnxZnWR4qRnAfaQjvrwjIASmXn/HR1uidL01209iCB23e
JRVWV56nmmfElPyfNmHacDDcMqEB24aXIsis5OP+Vmvf/DE6CI1qaHdsYOlzKjhR
xs85gfPU+awr7ugv/whVISd++Dpj1K3jK+KTcOz/lSkcvCeRLaYRKnfVfSqu68yY
fBL3MNdzlHF/4PqDWMD7BSNzv7fY5fsxsUlTC15e98OHl7LyAt8vMdL6hwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCuhZmEc45FxOGVyBBuewRrVMyPYMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvSzZGbVlSemprWEU0WlhJRUc1N0JHdFV6STlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhTDgAAl
MA0GCSqGSIb3DQEBCwUAA4IBAQBABZgvDaHefYXnIRqzlgOoBHHlPaXowuGy8pYp
xlO7GdO8ITaKgDlEGLcMh1dDwa12cCa3eYkIa3M5RzU2ZGFWHuL23Ex3gC7cgzlY
nswje60bfF2ovFT39D48q9EYlK8HIONwUtEspVP4AYPzGsYrY3VFfuztbGMRTLov
5S4sgl0nYkQue9vrRQeTvKvg2e/kNUBzhedjnqo2Yo0aP1iW6hi6UXiGmRnDTl6H
xRgUoyUEVCycuTmmYDhBv9OqySbQedttZUCg+OMBXRdMK+FVrFewSSEcORx1CDMb
5/KoWywqOUNg98f2gM+Rd0Gwb3Po86zo4A0dl4ODb1xPChpg
-----END CERTIFICATE-----