Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/BGe_on7qrCfsKtQApUCVT-W_f4o.roa
File:                     BGe_on7qrCfsKtQApUCVT-W_f4o.roa (raw, json)
Hash identifier:          eXoBTCZM9jJ6iXZZ2gA2THN4DK4rmF7lioqEMFYvhII=
Subject key identifier:   04:67:BF:A2:7E:EA:AC:27:EC:2A:D4:00:A5:40:95:4F:E5:BF:7F:8A
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019ECA8D80073A7AB66D405DA365617CE8B4
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/BGe_on7qrCfsKtQApUCVT-W_f4o.roa
Signing time:             Mon 15 Jun 2026 09:12:11 +0000
ROA not before:           Mon 15 Jun 2026 09:12:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        2a0f:89c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Jun 2026 05:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:ca:8d:80:07:3a:7a:b6:6d:40:5d:a3:65:61:7c:e8:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 15 09:12:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0467bfa27eeaac27ec2ad400a540954fe5bf7f8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:e9:f0:85:e3:ea:fe:19:dd:2d:0b:a2:63:66:
                    18:62:30:19:a9:e0:61:4b:42:a2:f4:8e:10:2e:86:
                    b1:b2:38:00:47:53:49:93:14:e0:00:e6:6b:54:45:
                    93:dc:c3:ee:14:5d:60:aa:49:95:44:0e:c1:91:ce:
                    72:7f:ae:87:ec:7a:43:7a:13:87:ac:04:71:df:3f:
                    1d:fa:e0:d1:5b:54:48:89:56:3c:e6:bc:f1:e3:59:
                    a0:e1:a7:53:50:8e:11:00:3c:03:4c:6a:16:c4:3c:
                    69:bb:94:ff:ce:61:01:f6:b4:84:e7:2a:03:ad:7c:
                    77:6c:81:a1:06:7e:27:59:7f:4d:ca:64:1c:f3:63:
                    71:5b:92:f7:b6:ff:e7:15:ac:98:da:56:d9:89:d5:
                    8a:be:1a:4e:eb:4a:6b:a2:0e:57:42:a5:b2:6c:23:
                    c7:a3:58:31:04:47:3f:8f:08:07:be:3e:1b:9e:2b:
                    11:13:ed:df:97:02:71:77:d9:7e:36:4c:79:cc:04:
                    cd:13:64:8d:7c:04:21:1e:69:aa:c5:5c:91:2e:0a:
                    83:b2:15:6e:68:71:ef:a9:9e:ff:e7:d4:25:db:44:
                    8c:a5:e7:73:1e:4f:6a:31:27:61:df:12:8f:c9:6e:
                    d8:d0:5e:f7:9e:33:36:f3:cc:2b:ae:e9:45:9b:5f:
                    8a:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:67:BF:A2:7E:EA:AC:27:EC:2A:D4:00:A5:40:95:4F:E5:BF:7F:8A
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/BGe_on7qrCfsKtQApUCVT-W_f4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:89c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         44:d4:1d:ab:74:0e:60:f8:c5:32:f6:e8:99:f5:c6:be:b8:5d:
         ae:29:f5:64:14:10:55:bf:9b:7f:ef:21:38:8d:e9:99:f6:64:
         08:1c:ec:fe:5f:7e:c2:e0:0b:c3:1e:9b:2d:49:81:43:7c:07:
         49:da:04:d6:3f:93:de:06:dd:48:51:c7:65:6a:a8:71:bf:dd:
         a8:fa:7b:7d:d4:0a:4c:f1:28:c3:b2:57:46:75:2d:0f:8e:0a:
         6d:e3:a6:52:54:56:1c:bf:43:2d:5a:1b:73:d3:92:6d:5a:c4:
         0d:3b:d8:6b:5f:20:c6:fd:f9:28:42:e5:2a:f0:84:83:14:9f:
         88:45:a2:e6:2b:e1:71:9d:cc:ad:c7:b2:57:e0:f8:6d:29:b3:
         4d:78:2a:7d:2b:da:58:72:73:f6:77:83:46:84:08:ed:6b:d8:
         1b:5f:db:57:27:91:5d:9e:3a:0f:ea:bb:f0:d4:ba:68:74:ac:
         46:ca:c4:cb:bb:0f:46:7f:04:52:99:d6:89:87:ee:67:27:50:
         5f:26:69:c4:70:ef:66:30:90:95:3b:d6:71:4f:97:88:1e:19:
         ef:a3:ad:af:59:bc:7b:1a:47:78:32:9b:64:32:c8:53:7a:a2:
         9a:7d:6a:78:d5:d5:10:3c:4d:a2:ef:ae:33:a3:eb:74:84:8e:
         c6:b9:91:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ7KjYAHOnq2bUBdo2VhfOi0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNjE1MDkxMjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDY3YmZhMjdlZWFhYzI3ZWMyYWQ0MDBhNTQwOTU0ZmU1YmY3ZjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoenwhePq/hndLQuiY2YYYjAZqeBh
S0Ki9I4QLoaxsjgAR1NJkxTgAOZrVEWT3MPuFF1gqkmVRA7Bkc5yf66H7HpDehOH
rARx3z8d+uDRW1RIiVY85rzx41mg4adTUI4RADwDTGoWxDxpu5T/zmEB9rSE5yoD
rXx3bIGhBn4nWX9NymQc82NxW5L3tv/nFayY2lbZidWKvhpO60prog5XQqWybCPH
o1gxBEc/jwgHvj4bnisRE+3flwJxd9l+Nkx5zATNE2SNfAQhHmmqxVyRLgqDshVu
aHHvqZ7/59Ql20SMpedzHk9qMSdh3xKPyW7Y0F73njM288wrrulFm1+K0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFARnv6J+6qwn7CrUAKVAlU/lv3+KMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvQkdlX29uN3FyQ2ZzS3RRQXBVQ1ZULVdfZjRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKg+JwDAN
BgkqhkiG9w0BAQsFAAOCAQEARNQdq3QOYPjFMvbomfXGvrhdrin1ZBQQVb+bf+8h
OI3pmfZkCBzs/l9+wuALwx6bLUmBQ3wHSdoE1j+T3gbdSFHHZWqocb/dqPp7fdQK
TPEow7JXRnUtD44KbeOmUlRWHL9DLVobc9OSbVrEDTvYa18gxv35KELlKvCEgxSf
iEWi5ivhcZ3MrceyV+D4bSmzTXgqfSvaWHJz9neDRoQI7WvYG1/bVyeRXZ46D+q7
8NS6aHSsRsrEy7sPRn8EUpnWiYfuZydQXyZpxHDvZjCQlTvWcU+XiB4Z76Otr1m8
expHeDKbZDLIU3qimn1qeNXVEDxNou+uM6PrdISOxrmR1w==
-----END CERTIFICATE-----