Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/6NktxJS7SV-soe69tE2zxPM1iWI.roa
File:                     6NktxJS7SV-soe69tE2zxPM1iWI.roa (raw, json)
Hash identifier:          aqOZrEPKlIu+bqZiBozw+l4nXKMV/b9t1NxYsXKzpPY=
Subject key identifier:   E8:D9:2D:C4:94:BB:49:5F:AC:A1:EE:BD:B4:4D:B3:C4:F3:35:89:62
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019709216F0B69DCE5923504DAF1D68CFB89
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/6NktxJS7SV-soe69tE2zxPM1iWI.roa
Signing time:             Sun 25 May 2025 20:27:55 +0000
ROA not before:           Sun 25 May 2025 20:27:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209396
IP address blocks:        2a0b:a4c1::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:21:6f:0b:69:dc:e5:92:35:04:da:f1:d6:8c:fb:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 25 20:27:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8d92dc494bb495faca1eebdb44db3c4f3358962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:70:6b:3a:f7:96:26:98:73:80:44:b5:98:97:
                    86:a7:a7:bf:4f:cf:fe:57:95:6a:f4:1b:e3:42:2e:
                    bb:2d:fb:46:e6:d6:a0:16:18:de:ec:d0:52:0b:2d:
                    38:b9:87:de:37:2d:b7:51:a7:62:0d:4c:60:7c:f4:
                    6e:d9:b2:1b:b0:99:86:97:fc:4e:9a:57:75:50:78:
                    64:aa:a3:a7:2d:b8:17:9b:d3:39:b2:9c:63:33:38:
                    19:08:82:fb:fb:bd:b1:93:b8:05:f8:67:d4:4b:cc:
                    f5:6b:38:b9:01:56:bd:04:0a:d9:98:04:14:23:ee:
                    2e:f8:c0:72:45:ea:4e:ab:11:4a:08:ce:20:50:ac:
                    94:b5:95:65:17:da:00:8b:7b:e1:53:20:27:9a:9d:
                    ba:ec:86:3a:0c:87:0d:af:ce:fb:34:15:3d:83:23:
                    93:e3:bd:e3:70:ac:e9:5a:79:e6:22:5b:28:85:ca:
                    f9:ff:58:cb:27:1a:0a:7a:38:76:bc:5b:9f:08:ef:
                    46:17:44:b5:5f:39:33:0a:d6:38:92:f2:17:55:cd:
                    eb:ed:c9:8a:18:10:65:ae:3f:06:e5:9a:5e:9a:e1:
                    17:2d:7c:b2:72:22:4f:cb:2a:27:85:db:a9:51:48:
                    7e:1b:b1:e1:96:8c:2c:ab:18:55:f3:a6:00:a6:74:
                    9e:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:D9:2D:C4:94:BB:49:5F:AC:A1:EE:BD:B4:4D:B3:C4:F3:35:89:62
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/6NktxJS7SV-soe69tE2zxPM1iWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a4c1::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:f4:41:58:be:ef:7d:01:ae:58:a4:63:f3:28:6c:14:2b:d7:
         67:cd:6c:f4:38:5e:a7:78:43:d4:fe:a3:38:db:fa:37:ac:62:
         95:bf:d4:d0:cc:e0:c3:47:01:50:3e:42:d6:5b:c5:cc:55:2b:
         15:8f:e3:2d:3b:50:28:75:5a:c4:a4:ec:9f:93:30:37:c0:e1:
         da:82:54:a7:f1:13:49:3f:38:fc:22:f5:f9:f3:e4:b4:cb:94:
         b2:eb:30:06:a7:47:44:8e:95:ef:ba:8e:c5:7b:60:b1:97:c8:
         e8:38:29:8d:89:e7:df:c6:61:1b:d4:88:d9:dd:92:d4:f1:af:
         bf:53:e6:9c:4d:b9:1b:11:80:ab:03:2b:0c:55:29:18:e0:f0:
         0c:46:ec:30:b7:96:f5:e4:25:78:13:cd:4f:e1:d5:a9:8c:6b:
         e8:15:0e:3e:31:1c:8d:f7:e8:ca:5d:07:e5:a1:67:65:25:6f:
         6b:2f:eb:f5:83:26:8b:a7:a7:3c:b6:85:4b:81:91:56:be:e1:
         f1:bb:6d:e7:45:9b:46:8d:5c:c8:d7:58:51:c3:da:b7:4a:cf:
         ee:fa:00:aa:46:98:17:d9:d8:bd:78:1d:86:43:6b:0a:9c:65:
         5b:61:c3:e0:1e:e0:43:98:ab:b4:1d:51:0e:b8:e2:bf:17:9e:
         4b:c5:7c:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJIW8LadzlkjUE2vHWjPuJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTI1MjAyNzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGQ5MmRjNDk0YmI0OTVmYWNhMWVlYmRiNDRkYjNjNGYzMzU4OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXBrOveWJphzgES1mJeGp6e/T8/+
V5Vq9BvjQi67LftG5tagFhje7NBSCy04uYfeNy23UadiDUxgfPRu2bIbsJmGl/xO
mld1UHhkqqOnLbgXm9M5spxjMzgZCIL7+72xk7gF+GfUS8z1azi5AVa9BArZmAQU
I+4u+MByRepOqxFKCM4gUKyUtZVlF9oAi3vhUyAnmp267IY6DIcNr877NBU9gyOT
473jcKzpWnnmIlsohcr5/1jLJxoKejh2vFufCO9GF0S1XzkzCtY4kvIXVc3r7cmK
GBBlrj8G5ZpemuEXLXyyciJPyyonhdupUUh+G7HhlowsqxhV86YApnSeFQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFOjZLcSUu0lfrKHuvbRNs8TzNYliMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvNk5rdHhKUzdTVi1zb2U2OXRFMnp4UE0xaVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgukwTAN
BgkqhkiG9w0BAQsFAAOCAQEAQ/RBWL7vfQGuWKRj8yhsFCvXZ81s9Dhep3hD1P6j
ONv6N6xilb/U0Mzgw0cBUD5C1lvFzFUrFY/jLTtQKHVaxKTsn5MwN8Dh2oJUp/ET
ST84/CL1+fPktMuUsuswBqdHRI6V77qOxXtgsZfI6DgpjYnn38ZhG9SI2d2S1PGv
v1PmnE25GxGAqwMrDFUpGODwDEbsMLeW9eQleBPNT+HVqYxr6BUOPjEcjffoyl0H
5aFnZSVvay/r9YMmi6enPLaFS4GRVr7h8btt50WbRo1cyNdYUcPat0rP7voAqkaY
F9nYvXgdhkNrCpxlW2HD4B7gQ5irtB1RDrjivxeeS8V85g==
-----END CERTIFICATE-----