Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/5icBd0SiH315n-HVMtagBiavGrY.roa
File:                     5icBd0SiH315n-HVMtagBiavGrY.roa (raw, json)
Hash identifier:          p0KkzXZdBS6oqPTNFdVo+Hqh12dFmZNGqbhCziDts9Y=
Subject key identifier:   E6:27:01:77:44:A2:1F:7D:79:9F:E1:D5:32:D6:A0:06:26:AF:1A:B6
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01971C81C0A21FEADFD6177E694B57171BDE
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/5icBd0SiH315n-HVMtagBiavGrY.roa
Signing time:             Thu 29 May 2025 14:45:54 +0000
ROA not before:           Thu 29 May 2025 14:45:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59729
IP address blocks:        2a10:a9c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:1c:81:c0:a2:1f:ea:df:d6:17:7e:69:4b:57:17:1b:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 29 14:45:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e627017744a21f7d799fe1d532d6a00626af1ab6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b6:24:fd:67:3b:43:ec:cc:c1:49:ba:62:30:
                    4d:d5:27:16:9b:76:60:6b:4f:b0:2f:42:59:47:a5:
                    b9:c2:90:af:05:d9:37:5c:86:d8:50:cf:a4:ea:2d:
                    f0:ef:11:29:7f:e1:a9:2d:44:7c:dd:8b:02:c1:95:
                    27:f9:77:2a:21:34:a7:f3:df:81:ba:7b:2f:bf:e2:
                    8d:ca:0e:a8:dd:66:ed:c9:f3:86:25:9f:2e:49:d0:
                    e4:87:9f:ea:17:31:49:a0:c3:ba:02:69:c8:74:d2:
                    c3:40:e0:5e:62:e5:4f:f9:fc:6b:b8:70:c2:29:ee:
                    d1:d7:ed:22:64:5f:fb:db:78:eb:56:89:b4:25:f7:
                    8c:66:36:be:70:e7:00:f1:b3:a7:a0:b0:74:6a:b3:
                    3d:3b:fc:4d:e1:d8:67:59:d5:5a:d5:bb:9c:ca:46:
                    22:93:fc:ea:7b:c8:e0:ad:49:b5:15:92:ac:38:72:
                    6a:37:cf:e9:7f:00:70:96:f0:10:3b:f0:ba:65:d0:
                    f1:a4:bf:ce:a3:cb:27:11:e1:c6:4f:4c:c7:7d:af:
                    64:b6:91:a9:05:cd:eb:46:2a:d1:a7:37:69:c5:e9:
                    f7:8d:45:01:37:b7:9e:8a:8f:0b:75:01:44:b1:84:
                    69:72:bc:fd:52:ec:da:ed:40:3e:f3:72:2c:c6:76:
                    aa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:27:01:77:44:A2:1F:7D:79:9F:E1:D5:32:D6:A0:06:26:AF:1A:B6
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/5icBd0SiH315n-HVMtagBiavGrY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         02:30:22:10:5a:d7:5a:68:0f:8e:7c:22:d1:59:2f:15:87:92:
         64:43:29:db:13:0b:ee:cb:04:ab:31:09:68:69:f8:2c:63:95:
         67:ea:db:12:d6:86:37:56:9b:95:3d:16:9d:43:b5:90:fa:b6:
         c8:76:74:8a:3f:f6:71:6a:d3:45:8c:1e:a3:d7:8d:96:d8:f3:
         15:17:1e:d1:f2:be:86:03:49:61:4b:af:6f:f1:0f:75:93:12:
         73:9d:53:bb:fe:d9:36:d0:ed:b8:8d:30:56:56:a6:ef:db:f5:
         b2:13:61:cb:11:50:a8:7a:8e:7a:04:0d:f2:92:ad:59:3b:a5:
         82:b2:80:3d:6f:4e:ee:ca:93:e3:aa:84:d5:6e:17:bd:bb:3f:
         37:34:2e:3e:c4:df:72:37:28:a6:19:7c:04:50:87:e3:71:0a:
         cf:23:a2:a9:b8:c0:19:ac:5e:30:f9:78:4a:88:79:e8:cb:c5:
         c4:62:9a:59:d4:16:69:1c:a3:5f:df:9b:c2:85:dc:0c:b4:67:
         e6:9d:ac:a7:3d:c4:16:4e:f1:60:ff:99:e4:88:30:ba:ea:ce:
         a8:6b:64:00:ed:5e:2a:2e:4d:1f:07:8b:36:41:15:b5:9e:90:
         79:0a:d9:1a:97:3b:2f:60:e3:27:c6:7c:2c:72:92:0d:ed:0d:
         2c:f9:f8:90
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZccgcCiH+rf1hd+aUtXFxveMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTI5MTQ0NTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjI3MDE3NzQ0YTIxZjdkNzk5ZmUxZDUzMmQ2YTAwNjI2YWYxYWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybYk/Wc7Q+zMwUm6YjBN1ScWm3Zg
a0+wL0JZR6W5wpCvBdk3XIbYUM+k6i3w7xEpf+GpLUR83YsCwZUn+XcqITSn89+B
unsvv+KNyg6o3WbtyfOGJZ8uSdDkh5/qFzFJoMO6AmnIdNLDQOBeYuVP+fxruHDC
Ke7R1+0iZF/723jrVom0JfeMZja+cOcA8bOnoLB0arM9O/xN4dhnWdVa1bucykYi
k/zqe8jgrUm1FZKsOHJqN8/pfwBwlvAQO/C6ZdDxpL/Oo8snEeHGT0zHfa9ktpGp
Bc3rRirRpzdpxen3jUUBN7eeio8LdQFEsYRpcrz9Uuza7UA+83Isxnaq2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOYnAXdEoh99eZ/h1TLWoAYmrxq2MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvNWljQmQwU2lIMzE1bi1IVk10YWdCaWF2R3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhCpwDAN
BgkqhkiG9w0BAQsFAAOCAQEAAjAiEFrXWmgPjnwi0VkvFYeSZEMp2xML7ssEqzEJ
aGn4LGOVZ+rbEtaGN1ablT0WnUO1kPq2yHZ0ij/2cWrTRYweo9eNltjzFRce0fK+
hgNJYUuvb/EPdZMSc51Tu/7ZNtDtuI0wVlam79v1shNhyxFQqHqOegQN8pKtWTul
grKAPW9O7sqT46qE1W4Xvbs/NzQuPsTfcjcophl8BFCH43EKzyOiqbjAGaxeMPl4
Soh56MvFxGKaWdQWaRyjX9+bwoXcDLRn5p2spz3EFk7xYP+Z5IgwuurOqGtkAO1e
Ki5NHweLNkEVtZ6QeQrZGpc7L2DjJ8Z8LHKSDe0NLPn4kA==
-----END CERTIFICATE-----