Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/f51d2e-d174-4ef5-80c1-97f91bc97a42/1/aVR1DGlOpMImv1P3m-JsR94bIGc.roa
File:                     aVR1DGlOpMImv1P3m-JsR94bIGc.roa (raw, json)
Hash identifier:          tbwolDJwQ7h6KJzx4qAPP8SgaZe4LSSKXZP0YAxibg8=
Subject key identifier:   69:54:75:0C:69:4E:A4:C2:26:BF:53:F7:9B:E2:6C:47:DE:1B:20:67
Certificate issuer:       /CN=58a681c71beb464e01d5b68e19ca566da9930e23
Certificate serial:       019D95641FEA980746BF22615484641EBF0D
Authority key identifier: 58:A6:81:C7:1B:EB:46:4E:01:D5:B6:8E:19:CA:56:6D:A9:93:0E:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WKaBxxvrRk4B1baOGcpWbamTDiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/f51d2e-d174-4ef5-80c1-97f91bc97a42/1/aVR1DGlOpMImv1P3m-JsR94bIGc.roa
Signing time:             Thu 16 Apr 2026 08:24:20 +0000
ROA not before:           Thu 16 Apr 2026 08:24:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     26548
IP address blocks:        2a14:dc81:5000::/36 maxlen: 36
                          2a14:dc81:6000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/f51d2e-d174-4ef5-80c1-97f91bc97a42/1/WKaBxxvrRk4B1baOGcpWbamTDiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/f51d2e-d174-4ef5-80c1-97f91bc97a42/1/WKaBxxvrRk4B1baOGcpWbamTDiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WKaBxxvrRk4B1baOGcpWbamTDiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 22:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:95:64:1f:ea:98:07:46:bf:22:61:54:84:64:1e:bf:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58a681c71beb464e01d5b68e19ca566da9930e23
        Validity
            Not Before: Apr 16 08:24:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6954750c694ea4c226bf53f79be26c47de1b2067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f9:41:07:5c:8e:db:81:99:a3:31:b1:d6:af:
                    62:a7:b7:ab:d6:92:c9:d1:93:be:ab:ad:36:fb:5c:
                    fc:a5:45:b9:8a:27:52:5a:37:08:be:c2:3a:ef:36:
                    69:1c:ed:6f:7d:7f:e4:0a:83:7d:c4:8a:77:99:ad:
                    61:15:88:32:a2:eb:8a:a6:93:d1:f2:17:c4:99:e1:
                    4f:71:3d:28:1f:50:54:88:c0:45:5f:04:d1:0f:f0:
                    fb:27:21:52:98:91:93:06:32:21:39:bf:f4:95:55:
                    20:e0:b6:06:4b:f6:83:9a:17:12:bb:2b:8e:8c:4b:
                    d3:7f:5e:52:14:68:49:e9:e2:02:2a:f6:12:a4:53:
                    50:29:6a:90:f7:ed:34:68:0f:c6:fb:d3:70:ab:51:
                    53:16:a6:63:76:bf:36:f9:3b:16:de:a6:93:e4:c4:
                    3f:b8:cf:e2:bf:ac:6a:23:e6:41:8d:18:fb:59:39:
                    a8:a8:ca:b8:3d:45:2f:20:70:78:b1:6a:77:ab:d3:
                    8e:d4:76:cc:0d:cf:2f:9a:6d:b2:f4:aa:5b:a5:2a:
                    3b:51:13:1e:b3:9e:42:c1:57:72:22:89:58:f6:ec:
                    82:ba:e2:75:27:01:eb:96:ab:1e:8b:dc:b0:86:01:
                    5a:73:48:c2:e9:15:d2:13:bd:40:85:e0:d3:64:ff:
                    f2:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:54:75:0C:69:4E:A4:C2:26:BF:53:F7:9B:E2:6C:47:DE:1B:20:67
            X509v3 Authority Key Identifier:
                keyid:58:A6:81:C7:1B:EB:46:4E:01:D5:B6:8E:19:CA:56:6D:A9:93:0E:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WKaBxxvrRk4B1baOGcpWbamTDiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f51d2e-d174-4ef5-80c1-97f91bc97a42/1/aVR1DGlOpMImv1P3m-JsR94bIGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/f51d2e-d174-4ef5-80c1-97f91bc97a42/1/WKaBxxvrRk4B1baOGcpWbamTDiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:dc81:5000::-2a14:dc81:6fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         9d:be:39:35:4e:ac:3f:fa:1b:48:44:d3:5b:42:06:1f:64:88:
         d0:96:36:7f:7b:f9:f7:64:f1:1f:34:3f:7c:de:0a:71:40:7e:
         93:6b:32:d0:92:e6:79:26:a9:c3:e2:b6:d7:aa:68:78:0c:6f:
         23:0c:eb:d7:ad:ae:fd:ac:c6:52:ad:6f:5e:12:45:45:0f:2e:
         e7:2b:9d:63:92:d4:9d:0a:9d:39:4f:bf:6d:89:9b:bf:1d:45:
         81:38:cd:2a:26:bb:70:0b:94:b9:44:71:c8:89:34:9f:0e:7f:
         12:f0:24:07:96:23:b6:99:87:d1:1b:f3:e1:5c:f7:72:f1:c3:
         0b:93:c9:9d:10:67:42:71:d9:38:df:b3:f8:16:c9:4e:c6:dc:
         a8:96:cf:91:43:f8:a7:58:19:ae:ce:b0:40:d2:bb:19:04:9b:
         c9:ef:df:55:56:76:25:48:cc:8b:a1:5f:c5:a5:55:89:ff:7d:
         f5:f8:ac:98:ba:1d:f2:64:fa:06:b1:ca:5a:16:f0:81:bd:06:
         78:c2:57:cd:dc:6e:45:14:42:b4:0f:57:40:54:38:9e:1b:64:
         56:82:78:50:82:8e:19:a9:36:a6:ed:d9:31:4b:0c:88:2b:8d:
         b4:be:4f:70:12:eb:8e:3d:17:2e:61:d1:a0:16:f2:1f:2f:84:
         a7:83:af:cb
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ2VZB/qmAdGvyJhVIRkHr8NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YTY4MWM3MWJlYjQ2NGUwMWQ1YjY4ZTE5Y2E1NjZkYTk5
MzBlMjMwHhcNMjYwNDE2MDgyNDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTU0NzUwYzY5NGVhNGMyMjZiZjUzZjc5YmUyNmM0N2RlMWIyMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PlBB1yO24GZozGx1q9ip7er1pLJ
0ZO+q602+1z8pUW5iidSWjcIvsI67zZpHO1vfX/kCoN9xIp3ma1hFYgyouuKppPR
8hfEmeFPcT0oH1BUiMBFXwTRD/D7JyFSmJGTBjIhOb/0lVUg4LYGS/aDmhcSuyuO
jEvTf15SFGhJ6eICKvYSpFNQKWqQ9+00aA/G+9Nwq1FTFqZjdr82+TsW3qaT5MQ/
uM/iv6xqI+ZBjRj7WTmoqMq4PUUvIHB4sWp3q9OO1HbMDc8vmm2y9KpbpSo7URMe
s55CwVdyIolY9uyCuuJ1JwHrlqsei9ywhgFac0jC6RXSE71AheDTZP/ynQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGlUdQxpTqTCJr9T95vibEfeGyBnMB8GA1UdIwQY
MBaAFFimgccb60ZOAdW2jhnKVm2pkw4jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0thQnh4dnJSazRCMWJhT0djcFdiYW1URGlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9mNTFkMmUtZDE3NC00ZWY1LTgwYzEt
OTdmOTFiYzk3YTQyLzEvYVZSMURHbE9wTUltdjFQM20tSnNSOTRiSUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9mNTFkMmUtZDE3NC00ZWY1LTgwYzEtOTdmOTFiYzk3YTQy
LzEvV0thQnh4dnJSazRCMWJhT0djcFdiYW1URGlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgQqFNyB
UAMGBCoU3IFgMA0GCSqGSIb3DQEBCwUAA4IBAQCdvjk1Tqw/+htIRNNbQgYfZIjQ
ljZ/e/n3ZPEfND983gpxQH6TazLQkuZ5JqnD4rbXqmh4DG8jDOvXra79rMZSrW9e
EkVFDy7nK51jktSdCp05T79tiZu/HUWBOM0qJrtwC5S5RHHIiTSfDn8S8CQHliO2
mYfRG/PhXPdy8cMLk8mdEGdCcdk437P4FslOxtyols+RQ/inWBmuzrBA0rsZBJvJ
799VVnYlSMyLoV/FpVWJ/331+KyYuh3yZPoGscpaFvCBvQZ4wlfN3G5FFEK0D1dA
VDieG2RWgnhQgo4ZqTam7dkxSwyIK420vk9wEuuOPRcuYdGgFvIfL4Sng6/L
-----END CERTIFICATE-----