Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/Myp-I2CJHMRKY6tAuErZsDxUAmc.roa
File:                     Myp-I2CJHMRKY6tAuErZsDxUAmc.roa (raw, json)
Hash identifier:          JJ8QCEyOU/Mk/IzwyrK9dON+iuNed4UeudTVuAe9NlI=
Subject key identifier:   33:2A:7E:23:60:89:1C:C4:4A:63:AB:40:B8:4A:D9:B0:3C:54:02:67
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019E46A4A9642397977B971467197EAD2CA0
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/Myp-I2CJHMRKY6tAuErZsDxUAmc.roa
Signing time:             Wed 20 May 2026 18:27:36 +0000
ROA not before:           Wed 20 May 2026 18:27:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208191
IP address blocks:        2a14:c380:170::/44 maxlen: 44
                          2a14:c380:180::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:46:a4:a9:64:23:97:97:7b:97:14:67:19:7e:ad:2c:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: May 20 18:27:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=332a7e2360891cc44a63ab40b84ad9b03c540267
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ce:28:53:13:7d:ca:c1:7b:35:c2:ed:dc:bd:
                    4b:d0:47:e0:0e:47:07:39:a2:df:60:b4:7f:b8:68:
                    ae:7e:bb:bf:dd:b7:1d:d1:eb:12:78:e2:6d:c4:28:
                    42:55:8e:a5:a9:de:ca:5f:75:30:52:5c:f2:ee:bb:
                    91:af:73:bd:f1:34:50:e6:0a:f3:a6:d8:2b:9f:be:
                    da:21:74:1e:84:33:f8:59:40:36:85:de:bb:20:cf:
                    c7:95:ed:ce:01:d3:fd:ad:09:56:ca:aa:2c:cd:38:
                    82:31:a6:ef:d7:34:5b:93:cb:80:3e:06:84:97:d0:
                    66:5e:df:2d:cd:25:bc:ea:07:1e:6b:57:0c:f5:3f:
                    c9:c2:d0:24:05:04:26:be:00:b2:24:f8:cf:e2:f9:
                    13:05:c2:9a:67:e4:c9:15:0f:76:c6:db:71:1d:71:
                    55:d8:87:39:84:b1:9c:80:ef:be:aa:d6:95:87:c9:
                    29:0a:cf:f1:3d:8e:3e:51:ce:8e:93:bd:3e:b3:3a:
                    03:3d:40:2b:d1:2f:03:49:25:a0:31:65:c1:04:55:
                    0e:5c:64:64:e9:8e:8d:f3:0b:5c:89:87:3f:67:2b:
                    ca:27:e2:7b:2b:8d:27:ea:74:45:a4:13:83:4e:3d:
                    af:09:56:81:fe:7d:d4:f0:07:6f:e0:66:85:11:2a:
                    8b:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:2A:7E:23:60:89:1C:C4:4A:63:AB:40:B8:4A:D9:B0:3C:54:02:67
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/Myp-I2CJHMRKY6tAuErZsDxUAmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:170::-2a14:c380:18f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         67:36:3a:06:d1:0c:9a:82:ca:b8:45:a1:f8:d2:b3:9f:e5:73:
         c3:7f:3c:4d:ac:fa:8c:7b:02:05:d7:81:80:3d:f4:2c:af:53:
         0e:87:5a:bd:17:c0:c8:2b:c9:a5:36:c4:98:d6:94:7f:97:11:
         6f:3e:98:2f:b4:24:ae:00:14:3d:8c:3b:3c:6c:6d:78:d2:f1:
         ee:8c:21:92:06:f2:e4:55:8d:78:34:05:48:a8:ac:2a:7b:02:
         3b:7b:31:f0:97:fe:29:0c:c2:da:6e:f8:bb:55:12:cc:d4:91:
         e1:64:81:ba:ec:83:a5:16:09:cc:21:76:02:a8:1d:b3:6f:24:
         c2:74:50:c0:64:82:1d:1d:fd:e1:04:d3:02:33:8d:97:ee:50:
         c4:7c:8d:94:5e:d1:be:44:2c:11:30:59:ad:08:89:44:69:40:
         f6:6d:b7:ac:3b:4a:74:f2:8d:ae:1e:95:0d:a5:8f:d7:d7:5e:
         06:bc:6b:2f:32:c5:37:04:65:8a:28:aa:8d:0f:11:22:4c:45:
         14:33:cf:e7:b7:38:6a:bf:32:55:bf:b6:a1:50:19:6e:ec:eb:
         c8:37:e8:05:d9:19:a1:fe:3d:3b:84:30:c7:bb:81:41:78:2b:
         9b:23:3b:7b:7f:66:e4:df:4c:92:aa:8d:c6:9b:14:e5:b7:99:
         bd:5f:5a:b5
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ5GpKlkI5eXe5cUZxl+rSygMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNTIwMTgyNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzJhN2UyMzYwODkxY2M0NGE2M2FiNDBiODRhZDliMDNjNTQwMjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAws4oUxN9ysF7NcLt3L1L0EfgDkcH
OaLfYLR/uGiufru/3bcd0esSeOJtxChCVY6lqd7KX3UwUlzy7ruRr3O98TRQ5grz
ptgrn77aIXQehDP4WUA2hd67IM/Hle3OAdP9rQlWyqoszTiCMabv1zRbk8uAPgaE
l9BmXt8tzSW86gcea1cM9T/JwtAkBQQmvgCyJPjP4vkTBcKaZ+TJFQ92xttxHXFV
2Ic5hLGcgO++qtaVh8kpCs/xPY4+Uc6Ok70+szoDPUAr0S8DSSWgMWXBBFUOXGRk
6Y6N8wtciYc/ZyvKJ+J7K40n6nRFpBODTj2vCVaB/n3U8Adv4GaFESqLzwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFDMqfiNgiRzESmOrQLhK2bA8VAJnMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvTXlwLUkyQ0pITVJLWTZ0QXVFclpzRHhVQW1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqFMOA
AXADBwQqFMOAAYAwDQYJKoZIhvcNAQELBQADggEBAGc2OgbRDJqCyrhFofjSs5/l
c8N/PE2s+ox7AgXXgYA99CyvUw6HWr0XwMgryaU2xJjWlH+XEW8+mC+0JK4AFD2M
OzxsbXjS8e6MIZIG8uRVjXg0BUiorCp7Ajt7MfCX/ikMwtpu+LtVEszUkeFkgbrs
g6UWCcwhdgKoHbNvJMJ0UMBkgh0d/eEE0wIzjZfuUMR8jZRe0b5ELBEwWa0IiURp
QPZtt6w7SnTyja4elQ2lj9fXXga8ay8yxTcEZYooqo0PESJMRRQzz+e3OGq/MlW/
tqFQGW7s68g36AXZGaH+PTuEMMe7gUF4K5sjO3t/ZuTfTJKqjcabFOW3mb1fWrU=
-----END CERTIFICATE-----