Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/1-iWOVrefjs9HBIASRdjsq7CSI7Q.roa
File:                     1-iWOVrefjs9HBIASRdjsq7CSI7Q.roa (raw, json)
Hash identifier:          m7ouBQ2qviW5hyE9F7O8F0y6LhZUjUrkwEJiugNgPHU=
Subject key identifier:   FA:25:8E:56:B7:9F:8E:CF:47:04:80:12:45:D8:EC:AB:B0:92:23:B4
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019DAFEE5AB97DC1AECB93DBF381618472E6
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/1-iWOVrefjs9HBIASRdjsq7CSI7Q.roa
Signing time:             Tue 21 Apr 2026 12:05:26 +0000
ROA not before:           Tue 21 Apr 2026 12:05:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     62610
IP address blocks:        2a13:dcc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 12:05:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:af:ee:5a:b9:7d:c1:ae:cb:93:db:f3:81:61:84:72:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Apr 21 12:05:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fa258e56b79f8ecf4704801245d8ecabb09223b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e4:d0:6f:29:e6:ca:af:59:20:77:28:7c:1f:
                    29:fa:9f:b8:b0:4e:85:c6:22:b5:ab:ab:9e:60:f9:
                    e1:27:76:85:68:cd:ef:7b:03:3c:d9:0c:3e:f2:50:
                    f7:50:ea:5b:fd:c5:82:0e:4f:e5:f6:66:1d:da:35:
                    a0:c8:66:56:ea:7d:f8:3f:9f:8f:7d:0b:93:dd:0f:
                    c8:94:f9:d4:0c:83:48:25:ef:00:05:1c:7f:ab:73:
                    6a:b8:40:b3:2e:e8:17:d2:68:b4:f1:a4:06:5e:73:
                    60:34:7a:89:22:4a:25:c1:7c:93:15:54:97:b8:92:
                    5d:bf:52:d4:3b:06:32:fd:50:62:4e:ed:7e:09:39:
                    e3:a6:b9:02:6b:2c:6d:62:ce:c0:6e:ab:f3:1c:4a:
                    a9:ea:17:e1:86:52:a7:b5:0c:43:ba:05:f4:be:30:
                    11:ac:09:5c:72:54:e8:11:ec:90:1f:9a:17:5f:5f:
                    1c:84:d6:7b:3f:c4:88:29:2f:24:14:77:da:a3:2c:
                    e2:7a:2f:73:16:c1:5b:dc:27:18:14:3c:20:9c:30:
                    df:01:ea:51:91:1e:88:fb:b0:91:d5:c4:7a:34:24:
                    77:a6:93:ac:3f:e7:85:17:93:e3:71:3f:6f:2f:b2:
                    3f:9f:99:22:c1:ea:47:97:eb:5d:7d:3e:97:9a:54:
                    a6:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:25:8E:56:B7:9F:8E:CF:47:04:80:12:45:D8:EC:AB:B0:92:23:B4
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/1-iWOVrefjs9HBIASRdjsq7CSI7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:dcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         78:7a:e2:01:cf:6e:74:c2:3f:8d:d8:49:d1:59:14:db:a6:c1:
         7d:53:1c:70:96:4e:8e:8e:cc:78:57:47:ef:86:8c:51:a4:c6:
         e0:a3:c6:4b:e1:e1:3d:59:83:dc:72:2a:57:19:b9:fc:0b:ec:
         cd:63:27:07:b1:0d:0a:2f:c4:16:31:1f:34:63:19:53:75:49:
         46:69:d1:23:1b:52:3c:8e:50:2f:df:67:a1:9a:63:a3:2a:bc:
         48:36:50:08:9f:8e:8d:67:82:32:af:3c:d3:67:ba:8d:f6:f3:
         6c:e6:cb:7b:d6:16:23:29:d8:80:fd:33:7c:a3:a3:69:df:74:
         2e:97:53:88:18:96:d2:ab:a3:b0:37:94:e3:7c:0a:fc:ba:9f:
         b4:a5:4c:32:44:b2:c1:ae:6a:95:eb:bd:46:7e:7e:96:f0:1a:
         52:04:53:45:cb:96:47:c1:28:13:32:ac:99:f1:4b:7b:98:91:
         5c:ae:51:47:fe:94:27:05:22:88:58:82:86:c3:a4:91:92:04:
         a4:5e:58:b6:04:b6:1e:a9:14:4d:a4:f1:17:82:0c:bc:92:5a:
         ae:dd:98:20:d5:a8:b8:c7:9f:ed:ff:54:7b:40:86:08:76:e2:
         45:a5:33:af:60:77:b3:e6:1b:60:9c:3b:ce:7f:7e:eb:a7:22:
         46:c1:26:f9
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZ2v7lq5fcGuy5Pb84FhhHLmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNDIxMTIwNTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTI1OGU1NmI3OWY4ZWNmNDcwNDgwMTI0NWQ4ZWNhYmIwOTIyM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseTQbynmyq9ZIHcofB8p+p+4sE6F
xiK1q6ueYPnhJ3aFaM3vewM82Qw+8lD3UOpb/cWCDk/l9mYd2jWgyGZW6n34P5+P
fQuT3Q/IlPnUDINIJe8ABRx/q3NquECzLugX0mi08aQGXnNgNHqJIkolwXyTFVSX
uJJdv1LUOwYy/VBiTu1+CTnjprkCayxtYs7AbqvzHEqp6hfhhlKntQxDugX0vjAR
rAlcclToEeyQH5oXX18chNZ7P8SIKS8kFHfaoyziei9zFsFb3CcYFDwgnDDfAepR
kR6I+7CR1cR6NCR3ppOsP+eFF5PjcT9vL7I/n5kiwepHl+tdfT6XmlSmhwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPoljla3n47PRwSAEkXY7KuwkiO0MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvMS1pV09WcmVmanM5SEJJQVNSZGpzcTdDU0k3US5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYmMvN2ExOTg4LTI3MzYtNDlkYy1hOTA3LTExYjNjZjNmZDRl
MS8xL1dLMWcybEpuSHBDRHp6bUdUc29xb2pKQnZwNC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFAyoT3MAw
DQYJKoZIhvcNAQELBQADggEBAHh64gHPbnTCP43YSdFZFNumwX1THHCWTo6OzHhX
R++GjFGkxuCjxkvh4T1Zg9xyKlcZufwL7M1jJwexDQovxBYxHzRjGVN1SUZp0SMb
UjyOUC/fZ6GaY6MqvEg2UAifjo1ngjKvPNNnuo3282zmy3vWFiMp2ID9M3yjo2nf
dC6XU4gYltKro7A3lON8Cvy6n7SlTDJEssGuapXrvUZ+fpbwGlIEU0XLlkfBKBMy
rJnxS3uYkVyuUUf+lCcFIohYgobDpJGSBKReWLYEth6pFE2k8ReCDLySWq7dmCDV
qLjHn+3/VHtAhgh24kWlM69gd7PmG2CcO85/fuunIkbBJvk=
-----END CERTIFICATE-----