Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/NHbznQNj-gkCEVXc2T7uREuJOh0.roa
File:                     NHbznQNj-gkCEVXc2T7uREuJOh0.roa (raw, json)
Hash identifier:          DXmzUU6GDfXBhFSe4HHX3wJmR+KYcXq6fCJFra1lGzc=
Subject key identifier:   34:76:F3:9D:03:63:FA:09:02:11:55:DC:D9:3E:EE:44:4B:89:3A:1D
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019A30972576C4C579E0C558688B8E79CAC1
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/NHbznQNj-gkCEVXc2T7uREuJOh0.roa
Signing time:             Wed 29 Oct 2025 15:30:03 +0000
ROA not before:           Wed 29 Oct 2025 15:30:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41457
IP address blocks:        2a14:c380:120::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 22:37:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:30:97:25:76:c4:c5:79:e0:c5:58:68:8b:8e:79:ca:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Oct 29 15:30:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3476f39d0363fa09021155dcd93eee444b893a1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:70:c0:38:98:d5:81:09:48:2b:77:58:6d:d6:
                    1f:ea:02:01:c3:2f:34:6f:79:f7:25:d0:59:0f:2e:
                    70:df:e9:36:5b:ce:5a:aa:fc:b6:40:8b:dd:f9:71:
                    ce:da:55:3a:a7:38:1c:d8:bc:13:4b:f3:ee:38:26:
                    98:f7:d0:7a:dc:4c:cd:97:79:94:83:1b:57:03:cb:
                    e3:d2:a5:d7:8f:4b:6e:0c:6b:2c:8b:1a:bd:b3:66:
                    a3:69:aa:e7:b0:4b:e2:0a:85:b0:8d:30:9c:8c:20:
                    40:6b:b3:05:f9:9d:2c:90:a0:0e:bf:62:41:15:9a:
                    6c:a0:f2:f5:b8:5b:9e:ae:42:2b:54:d8:c7:00:d3:
                    a7:2c:7e:e0:12:18:fa:e1:e9:ba:f1:76:2b:6d:6a:
                    13:27:cb:82:75:8d:f1:b1:0f:e1:60:c2:1f:3d:1a:
                    c1:57:e7:59:22:56:87:52:d1:9d:a3:0d:6e:0e:29:
                    1a:99:f9:a1:3b:e9:d5:07:37:4b:34:4e:de:9b:94:
                    61:37:14:73:ef:0a:42:fe:8c:41:c5:10:71:a1:08:
                    23:3c:06:b4:b5:22:b9:9c:d1:b4:30:41:50:89:d3:
                    ba:75:19:e7:3e:96:99:a6:e6:70:cc:f9:7f:44:15:
                    9f:4c:89:76:99:32:8e:88:26:44:99:e2:39:f4:1c:
                    a8:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:76:F3:9D:03:63:FA:09:02:11:55:DC:D9:3E:EE:44:4B:89:3A:1D
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/NHbznQNj-gkCEVXc2T7uREuJOh0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:120::/44

    Signature Algorithm: sha256WithRSAEncryption
         2a:dd:a7:d3:a3:a8:1a:92:a3:df:64:e6:49:bd:0f:b0:5b:8d:
         4d:f8:c1:26:f8:38:ef:1f:d6:b7:f0:7b:22:ab:06:a7:d3:c0:
         86:09:7a:df:32:41:32:bc:34:ac:db:f3:1d:79:c9:4b:8a:aa:
         a6:b9:48:8c:cb:10:d3:a1:17:21:c4:e5:6c:1c:f8:93:2f:b3:
         46:85:d0:5b:b7:77:0a:d9:ab:7a:2c:1d:3b:fd:54:f3:93:7d:
         5c:ab:8d:1b:53:ab:41:59:ed:4a:aa:f8:de:3b:03:89:a9:1f:
         8a:59:97:f5:47:dd:ce:5a:9d:7c:17:a4:c2:fd:66:e3:ac:42:
         71:1c:13:1d:05:7c:1e:78:46:5b:6c:bb:ec:64:be:0b:df:88:
         c1:d0:a2:6d:c4:4d:97:7b:48:1f:02:07:2a:3b:7f:7a:1b:1e:
         36:06:c3:fe:37:c0:92:b6:8e:ac:07:ff:c0:2f:bf:f9:2f:60:
         9d:c2:11:34:55:48:a2:ff:b6:9c:82:4a:a5:04:cf:4c:d6:69:
         5e:db:4e:f1:81:1a:e0:9e:7b:c2:f2:12:e2:c7:aa:b3:c4:19:
         71:47:30:c9:93:f1:32:89:ae:3b:6c:9d:f0:db:0d:5b:97:fc:
         c4:ca:67:04:a8:62:54:57:65:8c:56:6c:58:33:50:f6:73:f8:
         4b:d7:b6:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZowlyV2xMV54MVYaIuOecrBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjUxMDI5MTUzMDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDc2ZjM5ZDAzNjNmYTA5MDIxMTU1ZGNkOTNlZWU0NDRiODkzYTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXDAOJjVgQlIK3dYbdYf6gIBwy80
b3n3JdBZDy5w3+k2W85aqvy2QIvd+XHO2lU6pzgc2LwTS/PuOCaY99B63EzNl3mU
gxtXA8vj0qXXj0tuDGssixq9s2ajaarnsEviCoWwjTCcjCBAa7MF+Z0skKAOv2JB
FZpsoPL1uFuerkIrVNjHANOnLH7gEhj64em68XYrbWoTJ8uCdY3xsQ/hYMIfPRrB
V+dZIlaHUtGdow1uDikamfmhO+nVBzdLNE7em5RhNxRz7wpC/oxBxRBxoQgjPAa0
tSK5nNG0MEFQidO6dRnnPpaZpuZwzPl/RBWfTIl2mTKOiCZEmeI59ByokwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFDR2850DY/oJAhFV3Nk+7kRLiTodMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvTkhiem5RTmotZ2tDRVZYYzJUN3VSRXVKT2gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgAEg
MA0GCSqGSIb3DQEBCwUAA4IBAQAq3afTo6gakqPfZOZJvQ+wW41N+MEm+DjvH9a3
8Hsiqwan08CGCXrfMkEyvDSs2/MdeclLiqqmuUiMyxDToRchxOVsHPiTL7NGhdBb
t3cK2at6LB07/VTzk31cq40bU6tBWe1KqvjeOwOJqR+KWZf1R93OWp18F6TC/Wbj
rEJxHBMdBXweeEZbbLvsZL4L34jB0KJtxE2Xe0gfAgcqO396Gx42BsP+N8CSto6s
B//AL7/5L2CdwhE0VUii/7acgkqlBM9M1mle207xgRrgnnvC8hLix6qzxBlxRzDJ
k/Eyia47bJ3w2w1bl/zEymcEqGJUV2WMVmxYM1D2c/hL17aZ
-----END CERTIFICATE-----