Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/W1ow_DjhrwDI3Tg3pSC46UA7ytw.roa
File:                     W1ow_DjhrwDI3Tg3pSC46UA7ytw.roa (raw, json)
Hash identifier:          N8D98ImQalciC8sRQEeAn5RZaKSw4sp974uz4g/NRpg=
Subject key identifier:   5B:5A:30:FC:38:E1:AF:00:C8:DD:38:37:A5:20:B8:E9:40:3B:CA:DC
Certificate issuer:       /CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
Certificate serial:       019D4EF97A8AA4CC9559FF40FF0B7BDB9B59
Authority key identifier: 58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/W1ow_DjhrwDI3Tg3pSC46UA7ytw.roa
Signing time:             Thu 02 Apr 2026 16:14:25 +0000
ROA not before:           Thu 02 Apr 2026 16:14:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199428
IP address blocks:        2a14:c380:d60::/44 maxlen: 44
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4e:f9:7a:8a:a4:cc:95:59:ff:40:ff:0b:7b:db:9b:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58b3de5f9adb50fe41f6dc78ffd0a2c9086d2512
        Validity
            Not Before: Apr  2 16:14:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5b5a30fc38e1af00c8dd3837a520b8e9403bcadc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:64:a8:b5:1d:5e:3e:13:11:01:cf:41:41:08:
                    da:8c:14:69:70:02:bd:97:81:89:0c:a0:65:48:84:
                    5c:80:c5:92:44:d5:df:b7:56:3c:60:f2:64:ea:72:
                    e1:7e:da:ee:56:f0:e7:97:c5:5e:8d:f9:68:7a:b3:
                    a6:09:d4:4d:1f:57:c5:87:87:86:15:20:6d:67:a3:
                    fc:d7:e5:34:bf:62:2f:9c:f1:40:62:8c:0a:30:f8:
                    b4:74:ff:4b:1a:49:9a:b9:cc:a0:9c:91:27:e6:ab:
                    be:81:66:86:a0:1f:ef:d2:14:c2:51:4f:f0:5b:d7:
                    52:49:25:f8:c6:ef:82:70:17:93:9e:74:4a:c6:d6:
                    80:25:9a:a0:c9:b0:2a:11:2e:ab:40:32:a0:2a:a7:
                    b8:54:fd:9d:e6:50:94:ae:6e:a7:c4:c1:e4:97:fa:
                    f4:e1:56:b8:ce:28:a1:8c:c3:55:68:6e:51:02:6f:
                    c5:53:67:57:c8:90:1c:70:3f:10:c8:7d:30:54:f5:
                    c6:3d:7d:a3:18:71:16:66:49:92:c2:4d:4a:06:06:
                    a5:76:3f:c7:b4:d5:a6:a2:58:b3:32:b2:5a:4e:69:
                    13:ec:f9:c5:4d:db:07:0a:19:ef:e6:32:18:3b:0c:
                    7d:43:e9:7a:ab:3e:81:5f:7a:b2:dc:05:21:23:21:
                    ba:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:5A:30:FC:38:E1:AF:00:C8:DD:38:37:A5:20:B8:E9:40:3B:CA:DC
            X509v3 Authority Key Identifier:
                keyid:58:B3:DE:5F:9A:DB:50:FE:41:F6:DC:78:FF:D0:A2:C9:08:6D:25:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WLPeX5rbUP5B9tx4_9CiyQhtJRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/W1ow_DjhrwDI3Tg3pSC46UA7ytw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/6b7490-e10a-42e0-9e2e-5321d69d979d/1/WLPeX5rbUP5B9tx4_9CiyQhtJRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:c380:d60::/44

    Signature Algorithm: sha256WithRSAEncryption
         40:69:87:1f:2b:1b:05:6a:e5:c9:2b:10:d1:f7:2c:f8:d3:8d:
         87:f6:45:15:7f:ee:a9:b3:05:40:ac:dc:5a:2e:95:5c:05:29:
         7d:87:59:34:20:a4:1e:15:69:6a:56:e4:c7:5b:1f:79:a4:14:
         2d:b6:bf:23:2f:bc:42:62:bd:94:4a:4c:c5:67:ae:f8:0f:9a:
         6a:1d:a4:bf:e6:07:82:9f:79:94:9e:8b:0d:c0:08:03:f3:23:
         86:14:c9:64:7a:14:b5:dc:02:c8:0d:21:9f:0a:87:8c:09:94:
         7f:55:91:73:ab:85:5c:e2:b3:92:a9:ce:ca:e7:2f:cc:07:db:
         14:61:84:2f:a7:50:f5:aa:71:5e:66:6c:57:1b:90:9c:f8:22:
         a5:07:ca:cc:99:ac:e7:9e:c4:df:a9:71:f2:c1:c5:19:45:a4:
         91:35:7a:00:04:02:bc:9e:18:ab:83:9a:09:44:7d:99:79:b5:
         75:21:41:08:8e:84:21:40:46:84:57:73:69:90:81:2a:21:5d:
         da:47:47:66:5f:c8:e5:98:e1:9b:7d:5b:4e:bd:37:9f:5c:17:
         ed:cf:e5:3d:a1:58:ec:78:49:8a:53:2b:9e:df:92:ac:6f:d9:
         33:b3:5b:35:85:f5:a8:79:0d:cc:3b:32:7b:b0:36:ab:3c:ee:
         65:0d:9f:76
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ1O+XqKpMyVWf9A/wt725tZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YjNkZTVmOWFkYjUwZmU0MWY2ZGM3OGZmZDBhMmM5MDg2
ZDI1MTIwHhcNMjYwNDAyMTYxNDI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjVhMzBmYzM4ZTFhZjAwYzhkZDM4MzdhNTIwYjhlOTQwM2JjYWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmWSotR1ePhMRAc9BQQjajBRpcAK9
l4GJDKBlSIRcgMWSRNXft1Y8YPJk6nLhftruVvDnl8VejfloerOmCdRNH1fFh4eG
FSBtZ6P81+U0v2IvnPFAYowKMPi0dP9LGkmaucygnJEn5qu+gWaGoB/v0hTCUU/w
W9dSSSX4xu+CcBeTnnRKxtaAJZqgybAqES6rQDKgKqe4VP2d5lCUrm6nxMHkl/r0
4Va4ziihjMNVaG5RAm/FU2dXyJAccD8QyH0wVPXGPX2jGHEWZkmSwk1KBgaldj/H
tNWmolizMrJaTmkT7PnFTdsHChnv5jIYOwx9Q+l6qz6BX3qy3AUhIyG6cQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFtaMPw44a8AyN04N6UguOlAO8rcMB8GA1UdIwQY
MBaAFFiz3l+a21D+QfbceP/QoskIbSUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUt
NTMyMWQ2OWQ5NzlkLzEvVzFvd19Eamhyd0RJM1RnM3BTQzQ2VUE3eXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC82Yjc0OTAtZTEwYS00MmUwLTllMmUtNTMyMWQ2OWQ5Nzlk
LzEvV0xQZVg1cmJVUDVCOXR4NF85Q2l5UWh0SlJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcEKhTDgA1g
MA0GCSqGSIb3DQEBCwUAA4IBAQBAaYcfKxsFauXJKxDR9yz4042H9kUVf+6pswVA
rNxaLpVcBSl9h1k0IKQeFWlqVuTHWx95pBQttr8jL7xCYr2USkzFZ674D5pqHaS/
5geCn3mUnosNwAgD8yOGFMlkehS13ALIDSGfCoeMCZR/VZFzq4Vc4rOSqc7K5y/M
B9sUYYQvp1D1qnFeZmxXG5Cc+CKlB8rMmaznnsTfqXHywcUZRaSRNXoABAK8nhir
g5oJRH2ZebV1IUEIjoQhQEaEV3NpkIEqIV3aR0dmX8jlmOGbfVtOvTefXBftz+U9
oVjseEmKUyue35Ksb9kzs1s1hfWoeQ3MOzJ7sDarPO5lDZ92
-----END CERTIFICATE-----