Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/WLnNiHQkhlfgINfxpD2br98XvwA.roa
File:                     WLnNiHQkhlfgINfxpD2br98XvwA.roa (raw, json)
Hash identifier:          meEdE8yNwOSarbCrMNr+5gmR/PbuI8v0hmQMO5QzIaA=
Subject key identifier:   58:B9:CD:88:74:24:86:57:E0:20:D7:F1:A4:3D:9B:AF:DF:17:BF:00
Certificate issuer:       /CN=7f6bd1a6b04625c571d830f878b1c0238247408c
Certificate serial:       0197E57D4927CB10A98BB59243C9D67A9535
Authority key identifier: 7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/WLnNiHQkhlfgINfxpD2br98XvwA.roa
Signing time:             Mon 07 Jul 2025 15:24:42 +0000
ROA not before:           Mon 07 Jul 2025 15:24:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     996
IP address blocks:        2a0b:d500::/29 maxlen: 32
                          2a0b:d500::/32 maxlen: 32
                          2a0b:d501::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e5:7d:49:27:cb:10:a9:8b:b5:92:43:c9:d6:7a:95:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f6bd1a6b04625c571d830f878b1c0238247408c
        Validity
            Not Before: Jul  7 15:24:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58b9cd8874248657e020d7f1a43d9bafdf17bf00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:48:6e:84:a9:85:19:38:0b:66:62:e3:da:c7:
                    42:b9:4c:d8:39:c7:ed:51:3a:fa:af:fe:9f:f3:af:
                    3f:bc:60:06:d8:11:c6:4c:43:88:50:6a:d7:1e:e8:
                    08:6a:02:2a:4a:d5:ac:c3:0a:5a:04:09:1a:9f:24:
                    67:eb:af:9b:82:14:bd:3d:4a:46:6d:d2:03:95:12:
                    ef:86:0a:18:9b:7d:62:e9:6a:a6:30:f1:1b:de:2d:
                    06:9b:c2:19:8b:99:aa:d9:e3:32:48:fc:9e:b6:d8:
                    90:d0:45:05:d0:6f:a3:2e:7b:13:d4:5b:2d:89:99:
                    69:b1:e4:a9:83:4d:fd:95:a0:27:0a:d0:c0:80:47:
                    82:ba:bb:2f:d1:1c:d7:b0:fa:f5:46:09:25:e2:73:
                    f3:1a:95:62:98:19:2c:19:ec:cd:7d:f3:2b:ff:95:
                    3b:de:f5:f7:48:21:ea:9b:a5:7b:3d:87:19:9a:f7:
                    dc:99:53:cc:f6:53:eb:ef:89:56:28:87:1a:39:3e:
                    ee:06:fc:0e:75:04:71:19:92:5d:f0:0e:14:32:32:
                    d6:76:d3:2d:2d:a3:b1:c2:f4:62:bb:01:d8:88:da:
                    f0:9a:99:a8:e4:a7:a9:a5:82:cb:e5:3e:c4:f1:c1:
                    3d:54:7a:9f:ce:cd:2c:21:ff:79:72:66:33:7f:84:
                    07:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:B9:CD:88:74:24:86:57:E0:20:D7:F1:A4:3D:9B:AF:DF:17:BF:00
            X509v3 Authority Key Identifier:
                keyid:7F:6B:D1:A6:B0:46:25:C5:71:D8:30:F8:78:B1:C0:23:82:47:40:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2vRprBGJcVx2DD4eLHAI4JHQIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/WLnNiHQkhlfgINfxpD2br98XvwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/bc66d7-57ab-475d-96ba-89b6c32315c2/1/f2vRprBGJcVx2DD4eLHAI4JHQIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:d500::/29

    Signature Algorithm: sha256WithRSAEncryption
         2d:fc:e9:22:45:95:38:17:6a:75:f6:33:1b:c9:e9:57:12:e9:
         bc:d0:26:4b:9b:c9:10:30:5d:b0:fc:59:9b:fe:97:31:b3:03:
         17:60:1d:44:d3:f8:bf:a4:02:7e:21:36:0e:4e:9a:33:bf:3b:
         6e:c2:32:8d:bf:8b:ab:39:78:59:75:09:d1:a6:74:12:8e:ef:
         23:60:04:88:70:46:4c:f8:af:a8:2a:b4:7a:c1:e6:70:88:cc:
         b2:1d:0f:37:be:c6:98:4c:9d:30:2e:b5:67:bd:76:40:16:dc:
         be:d8:80:f4:0b:c6:28:1d:de:42:e9:ec:6c:31:f2:10:d2:fc:
         bf:f0:80:4e:a6:97:72:ed:a8:7b:cf:a3:c0:23:a6:04:86:45:
         75:12:b9:5e:83:a5:72:b7:ee:f3:51:38:71:64:c1:e7:49:8d:
         b8:42:18:2a:0c:ef:d9:ce:02:9a:d3:51:e8:63:67:ee:1c:41:
         e8:89:2a:09:7b:e3:b9:9c:bd:13:9a:f1:c9:3f:f8:c1:f7:43:
         3d:5b:8d:48:b9:2e:f4:08:08:b0:03:2f:c5:13:6e:3d:00:20:
         5c:c0:09:fb:1e:cc:1a:b5:4d:8a:3f:49:fd:0e:5d:73:09:5e:
         92:21:1d:09:c6:88:08:41:47:5b:10:41:66:52:c6:fb:4f:de:
         9a:65:31:71
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZflfUknyxCpi7WSQ8nWepU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmNmJkMWE2YjA0NjI1YzU3MWQ4MzBmODc4YjFjMDIzODI0
NzQwOGMwHhcNMjUwNzA3MTUyNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGI5Y2Q4ODc0MjQ4NjU3ZTAyMGQ3ZjFhNDNkOWJhZmRmMTdiZjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEhuhKmFGTgLZmLj2sdCuUzYOcft
UTr6r/6f868/vGAG2BHGTEOIUGrXHugIagIqStWswwpaBAkanyRn66+bghS9PUpG
bdIDlRLvhgoYm31i6WqmMPEb3i0Gm8IZi5mq2eMySPyettiQ0EUF0G+jLnsT1Fst
iZlpseSpg039laAnCtDAgEeCursv0RzXsPr1Rgkl4nPzGpVimBksGezNffMr/5U7
3vX3SCHqm6V7PYcZmvfcmVPM9lPr74lWKIcaOT7uBvwOdQRxGZJd8A4UMjLWdtMt
LaOxwvRiuwHYiNrwmpmo5KeppYLL5T7E8cE9VHqfzs0sIf95cmYzf4QHbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFi5zYh0JIZX4CDX8aQ9m6/fF78AMB8GA1UdIwQY
MBaAFH9r0aawRiXFcdgw+HixwCOCR0CMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEt
ODliNmMzMjMxNWMyLzEvV0xuTmlIUWtobGZnSU5meHBEMmJyOThYdndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC9iYzY2ZDctNTdhYi00NzVkLTk2YmEtODliNmMzMjMxNWMy
LzEvZjJ2UnByQkdKY1Z4MkRENGVMSEFJNEpIUUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgvVADAN
BgkqhkiG9w0BAQsFAAOCAQEALfzpIkWVOBdqdfYzG8npVxLpvNAmS5vJEDBdsPxZ
m/6XMbMDF2AdRNP4v6QCfiE2Dk6aM787bsIyjb+Lqzl4WXUJ0aZ0Eo7vI2AEiHBG
TPivqCq0esHmcIjMsh0PN77GmEydMC61Z712QBbcvtiA9AvGKB3eQunsbDHyENL8
v/CATqaXcu2oe8+jwCOmBIZFdRK5XoOlcrfu81E4cWTB50mNuEIYKgzv2c4CmtNR
6GNn7hxB6IkqCXvjuZy9E5rxyT/4wfdDPVuNSLku9AgIsAMvxRNuPQAgXMAJ+x7M
GrVNij9J/Q5dcwlekiEdCcaICEFHWxBBZlLG+0/emmUxcQ==
-----END CERTIFICATE-----