Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/1fBqan9eiGNKf_sVRt9T7w2ueco.roa
File:                     1fBqan9eiGNKf_sVRt9T7w2ueco.roa (raw, json)
Hash identifier:          B1F3p0oyzxC6K5ejaWJLuMfvLmGRqgLjI4bPANtUWaw=
Subject key identifier:   D5:F0:6A:6A:7F:5E:88:63:4A:7F:FB:15:46:DF:53:EF:0D:AE:79:CA
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019709216D11152F6ED48EA9E96F12C1C290
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/1fBqan9eiGNKf_sVRt9T7w2ueco.roa
Signing time:             Sun 25 May 2025 20:27:54 +0000
ROA not before:           Sun 25 May 2025 20:27:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204794
IP address blocks:        2a0b:a4c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:21:6d:11:15:2f:6e:d4:8e:a9:e9:6f:12:c1:c2:90
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 25 20:27:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5f06a6a7f5e88634a7ffb1546df53ef0dae79ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:09:8f:f5:f8:55:43:7e:31:fc:c6:12:60:b3:
                    d9:3d:aa:28:e3:0c:8b:50:47:ef:76:3a:42:ad:dd:
                    58:3e:9b:e7:7f:1a:61:c7:5e:02:18:5d:d1:62:24:
                    25:26:6d:1b:b7:5f:c3:cc:83:c1:a8:b1:36:25:04:
                    f2:40:a4:44:b7:c7:a4:9a:81:d7:d3:d5:86:b8:19:
                    f3:f2:51:1b:b2:28:29:1a:5a:3a:b4:5f:cc:fb:16:
                    0b:0f:43:70:63:c8:23:66:6a:4f:0d:cd:19:fb:68:
                    64:21:90:43:10:03:37:68:da:84:ac:b6:7f:c1:2a:
                    ce:69:ad:95:04:b0:2a:83:89:1c:a8:b9:7b:67:3f:
                    51:1a:12:f2:61:58:39:80:1b:de:c9:b9:86:f3:e1:
                    34:75:2d:33:b6:16:8a:01:d3:85:d7:3b:05:1d:eb:
                    0c:a1:0b:87:c3:e4:9b:ff:4f:f9:bf:ed:81:36:51:
                    d9:3e:18:92:b9:21:eb:11:25:e1:1a:76:e3:31:aa:
                    dc:84:73:e2:48:ae:e2:55:23:be:35:b1:2d:35:8e:
                    41:54:b1:6d:f0:15:03:fb:07:12:0d:50:c8:8d:54:
                    e3:12:f9:69:65:cc:05:c6:6f:9f:5a:14:14:45:84:
                    30:71:a3:31:c9:3c:1e:d5:88:57:dd:a7:62:03:75:
                    3f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:F0:6A:6A:7F:5E:88:63:4A:7F:FB:15:46:DF:53:EF:0D:AE:79:CA
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/1fBqan9eiGNKf_sVRt9T7w2ueco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a4c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         a1:6e:0b:81:c4:f6:80:ba:07:ec:7a:29:57:c8:f9:92:48:13:
         ae:50:71:32:f0:de:90:c3:9d:6b:4b:c2:7b:f1:4e:a8:6a:c3:
         93:75:69:e4:80:80:fd:af:47:ff:8a:62:e0:22:0f:d3:01:4a:
         0d:db:cd:e5:96:a2:6d:3b:b0:4a:b0:47:b0:7f:90:e3:76:4d:
         71:2a:66:4f:be:07:a7:e8:2b:e2:1c:6f:b9:da:d8:a0:dc:8a:
         87:8a:04:39:89:2b:26:d5:60:25:26:82:7b:4f:c2:fe:33:f3:
         32:11:ab:14:6d:d9:ba:ad:22:fd:6a:fa:2f:93:36:ad:25:57:
         3a:ee:5d:aa:58:f3:c0:a1:10:98:07:a7:64:da:7e:c4:cd:94:
         39:a6:e0:42:35:fa:a0:77:a5:23:f6:f4:22:f6:c1:b4:dc:8b:
         7c:a5:17:cd:59:4b:e2:f8:ff:75:9b:8e:44:1c:48:3b:69:15:
         a6:3c:ee:ef:c7:c8:ec:99:6e:fc:9f:9b:3b:14:a9:2a:1b:c6:
         b1:cc:e1:43:f5:5e:20:10:8e:05:0b:01:63:d6:f3:86:e9:bc:
         a4:e7:17:32:78:27:ea:2b:7f:8a:49:72:f3:2d:5d:61:c3:fc:
         e4:3d:47:f3:a0:4f:95:ed:0d:49:b9:37:59:91:9a:a6:23:57:
         1c:e7:69:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJIW0RFS9u1I6p6W8SwcKQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTI1MjAyNzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWYwNmE2YTdmNWU4ODYzNGE3ZmZiMTU0NmRmNTNlZjBkYWU3OWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwmP9fhVQ34x/MYSYLPZPaoo4wyL
UEfvdjpCrd1YPpvnfxphx14CGF3RYiQlJm0bt1/DzIPBqLE2JQTyQKREt8ekmoHX
09WGuBnz8lEbsigpGlo6tF/M+xYLD0NwY8gjZmpPDc0Z+2hkIZBDEAM3aNqErLZ/
wSrOaa2VBLAqg4kcqLl7Zz9RGhLyYVg5gBveybmG8+E0dS0zthaKAdOF1zsFHesM
oQuHw+Sb/0/5v+2BNlHZPhiSuSHrESXhGnbjMarchHPiSK7iVSO+NbEtNY5BVLFt
8BUD+wcSDVDIjVTjEvlpZcwFxm+fWhQURYQwcaMxyTwe1YhX3adiA3U/oQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNXwamp/XohjSn/7FUbfU+8NrnnKMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvMWZCcWFuOWVpR05LZl9zVlJ0OVQ3dzJ1ZWNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgukxDAN
BgkqhkiG9w0BAQsFAAOCAQEAoW4LgcT2gLoH7HopV8j5kkgTrlBxMvDekMOda0vC
e/FOqGrDk3Vp5ICA/a9H/4pi4CIP0wFKDdvN5ZaibTuwSrBHsH+Q43ZNcSpmT74H
p+gr4hxvudrYoNyKh4oEOYkrJtVgJSaCe0/C/jPzMhGrFG3Zuq0i/Wr6L5M2rSVX
Ou5dqljzwKEQmAenZNp+xM2UOabgQjX6oHelI/b0IvbBtNyLfKUXzVlL4vj/dZuO
RBxIO2kVpjzu78fI7Jlu/J+bOxSpKhvGsczhQ/VeIBCOBQsBY9bzhum8pOcXMngn
6it/ikly8y1dYcP85D1H86BPle0NSbk3WZGapiNXHOdpCA==
-----END CERTIFICATE-----