Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/CMswoFz0kQnMGtr8LzkjHMaEYGI.roa
File:                     CMswoFz0kQnMGtr8LzkjHMaEYGI.roa (raw, json)
Hash identifier:          olT02ujNnke3gR3cLyhD5YqdPmyoi+LNOKFLBkEVlos=
Subject key identifier:   08:CB:30:A0:5C:F4:91:09:CC:1A:DA:FC:2F:39:23:1C:C6:84:60:62
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0195BF22E55227D3DE76912D711B940D77CE
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/CMswoFz0kQnMGtr8LzkjHMaEYGI.roa
Signing time:             Sat 22 Mar 2025 18:34:49 +0000
ROA not before:           Sat 22 Mar 2025 18:34:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211507
IP address blocks:        2a07:f240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:bf:22:e5:52:27:d3:de:76:91:2d:71:1b:94:0d:77:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar 22 18:34:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08cb30a05cf49109cc1adafc2f39231cc6846062
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:a9:52:95:c1:fc:1b:03:23:7c:72:95:b4:67:
                    d7:23:5d:9b:7a:68:3e:72:8f:b9:9c:1f:c6:af:ab:
                    4a:6f:6c:48:69:2e:12:bc:55:c7:3c:77:3f:dc:b9:
                    42:35:26:21:be:a3:a4:a7:b2:ef:4d:5e:c4:91:26:
                    f4:b9:0b:43:36:65:89:8a:47:b8:9c:03:06:c9:dc:
                    9a:1e:1f:7c:82:77:b5:99:1e:c4:42:db:8b:d8:db:
                    85:73:05:eb:3d:68:99:49:73:82:7c:87:5f:e6:e0:
                    c7:7b:4a:df:bb:04:44:3b:ef:f4:e5:39:18:02:3d:
                    08:1d:0b:f0:dd:b7:f8:b0:74:bd:76:b1:69:33:39:
                    98:ff:1b:a2:56:be:21:41:57:a1:9f:73:1a:01:35:
                    2c:6f:38:5f:d0:7a:cb:74:a3:88:87:45:5f:63:b7:
                    ae:7a:4c:22:af:37:46:e1:ee:cc:3c:a3:e3:df:e9:
                    a0:41:dd:0b:bd:51:99:de:2e:c1:ce:81:bb:27:df:
                    59:c7:52:32:56:48:58:47:f3:93:5c:d8:7c:b2:b0:
                    6e:20:86:1a:d1:86:b6:9c:9a:fa:c5:d3:cf:28:43:
                    c5:41:c0:2f:ca:d5:3f:c8:15:06:67:13:27:2e:a9:
                    6e:df:90:19:8f:8b:80:0d:68:b4:ee:b7:c3:c1:e5:
                    4c:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:CB:30:A0:5C:F4:91:09:CC:1A:DA:FC:2F:39:23:1C:C6:84:60:62
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/CMswoFz0kQnMGtr8LzkjHMaEYGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         ad:1c:db:4a:e7:fb:e0:9a:82:db:ca:06:b3:15:7e:0b:be:2a:
         a0:f9:bc:68:ca:58:83:42:bd:48:2b:90:cb:ab:6b:fb:36:5c:
         23:37:e1:b5:02:c3:b4:8c:35:b0:d7:87:0d:db:98:09:d2:8a:
         4b:3f:fd:ac:02:41:97:80:45:10:3d:4c:17:92:da:16:e3:c2:
         72:f3:9d:4a:e1:67:f5:72:09:89:3f:12:fd:bb:ce:e7:e7:26:
         7b:be:11:3f:84:42:a2:92:7e:ee:9f:ef:6c:3f:db:0d:a6:3f:
         63:30:03:a4:2a:85:04:8b:eb:cb:7a:07:25:0f:e0:91:d0:d7:
         24:76:fc:c3:c7:d2:ff:e5:e1:2a:6b:9a:8b:16:e3:e0:19:a8:
         29:cd:eb:a8:b8:d5:b4:75:d2:03:c4:44:cd:20:90:07:94:ab:
         41:d2:13:2c:2a:ee:86:e3:a0:ea:1c:55:0f:6e:3d:18:fd:03:
         0f:45:36:c8:86:21:51:05:9f:91:01:57:d6:00:92:83:d1:85:
         81:6f:08:8f:65:dc:11:d4:af:1b:cf:12:2d:bb:c1:c4:23:5a:
         31:a0:84:11:41:bf:14:b4:bf:12:f1:9e:c4:c7:7f:6d:d3:db:
         88:30:0a:55:52:c7:1c:1d:77:22:e2:36:b3:26:ba:ad:7e:e1:
         56:bf:c1:96
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZW/IuVSJ9PedpEtcRuUDXfOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwMzIyMTgzNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGNiMzBhMDVjZjQ5MTA5Y2MxYWRhZmMyZjM5MjMxY2M2ODQ2MDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2qlSlcH8GwMjfHKVtGfXI12bemg+
co+5nB/Gr6tKb2xIaS4SvFXHPHc/3LlCNSYhvqOkp7LvTV7EkSb0uQtDNmWJike4
nAMGydyaHh98gne1mR7EQtuL2NuFcwXrPWiZSXOCfIdf5uDHe0rfuwREO+/05TkY
Aj0IHQvw3bf4sHS9drFpMzmY/xuiVr4hQVehn3MaATUsbzhf0HrLdKOIh0VfY7eu
ekwirzdG4e7MPKPj3+mgQd0LvVGZ3i7BzoG7J99Zx1IyVkhYR/OTXNh8srBuIIYa
0Ya2nJr6xdPPKEPFQcAvytU/yBUGZxMnLqlu35AZj4uADWi07rfDweVMAQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAjLMKBc9JEJzBra/C85IxzGhGBiMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvQ01zd29GejBrUW5NR3RyOEx6a2pITWFFWUdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgfyQDAN
BgkqhkiG9w0BAQsFAAOCAQEArRzbSuf74JqC28oGsxV+C74qoPm8aMpYg0K9SCuQ
y6tr+zZcIzfhtQLDtIw1sNeHDduYCdKKSz/9rAJBl4BFED1MF5LaFuPCcvOdSuFn
9XIJiT8S/bvO5+cme74RP4RCopJ+7p/vbD/bDaY/YzADpCqFBIvry3oHJQ/gkdDX
JHb8w8fS/+XhKmuaixbj4BmoKc3rqLjVtHXSA8REzSCQB5SrQdITLCruhuOg6hxV
D249GP0DD0U2yIYhUQWfkQFX1gCSg9GFgW8Ij2XcEdSvG88SLbvBxCNaMaCEEUG/
FLS/EvGexMd/bdPbiDAKVVLHHB13IuI2sya6rX7hVr/Blg==
-----END CERTIFICATE-----