Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/DYexdmZOxcpbKWuAqDq2QX7NEFY.roa
File:                     DYexdmZOxcpbKWuAqDq2QX7NEFY.roa (raw, json)
Hash identifier:          F1i23HVwCerE7yItsRmcmGbWDzsfKJ2ge5FBGIuSG48=
Subject key identifier:   0D:87:B1:76:66:4E:C5:CA:5B:29:6B:80:A8:3A:B6:41:7E:CD:10:56
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0196F46274C0679F36E0A33103EA16667ADE
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/DYexdmZOxcpbKWuAqDq2QX7NEFY.roa
Signing time:             Wed 21 May 2025 19:46:55 +0000
ROA not before:           Wed 21 May 2025 19:46:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3257
IP address blocks:        2a07:f240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f4:62:74:c0:67:9f:36:e0:a3:31:03:ea:16:66:7a:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 21 19:46:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d87b176664ec5ca5b296b80a83ab6417ecd1056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:62:ff:6d:12:47:c4:4a:c5:60:43:ef:cf:33:
                    80:da:9d:ad:ae:5a:f1:6d:e8:cf:a5:fa:cb:69:8f:
                    de:7d:ac:99:40:15:ff:a0:e6:fc:0f:0d:2f:42:85:
                    72:28:e1:62:02:de:60:13:40:61:e1:f4:ee:9e:b5:
                    6d:16:d1:69:d2:c7:72:9a:e0:c9:32:94:7c:fb:22:
                    ca:42:e6:47:35:b3:16:19:9d:24:82:1b:e9:23:38:
                    36:e3:ae:c1:db:51:ee:a0:bd:ed:e9:86:42:2f:02:
                    93:fd:9d:42:08:21:c1:2e:dd:d6:3d:ec:7b:de:93:
                    f3:a1:ee:ed:1f:6c:a0:d4:44:fe:66:ef:a2:b0:07:
                    34:52:45:3f:7f:f4:a2:b4:a0:bc:df:3c:00:ed:93:
                    39:06:52:52:b3:70:eb:7f:94:d6:59:05:f1:08:40:
                    4d:e0:55:db:dc:fe:7b:af:b0:fe:5d:eb:51:ee:d7:
                    72:87:43:35:a0:6d:27:6f:e8:2c:39:c4:f1:bd:b7:
                    08:ac:dd:c1:68:bf:f6:c1:68:59:3d:cc:ca:1b:56:
                    b7:8b:12:a0:ad:eb:26:eb:c8:08:79:dc:be:ff:a6:
                    f3:b7:b8:b2:69:95:52:67:3e:19:1e:67:5d:42:56:
                    03:3a:09:4e:26:7e:93:1d:98:04:e7:ad:5c:ae:d8:
                    a5:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:87:B1:76:66:4E:C5:CA:5B:29:6B:80:A8:3A:B6:41:7E:CD:10:56
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/DYexdmZOxcpbKWuAqDq2QX7NEFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:f240::/29

    Signature Algorithm: sha256WithRSAEncryption
         46:88:a4:4e:d2:ce:d1:13:78:00:2d:34:01:56:1e:c2:ae:67:
         f6:c8:c6:f9:76:76:f3:d0:a8:73:1f:3b:a1:2d:34:eb:5f:b8:
         c9:3d:5b:de:21:00:a7:aa:99:82:91:84:61:fb:ee:5b:e3:00:
         95:8f:02:fe:df:fc:0e:29:e5:e6:f2:ac:71:01:4e:44:60:17:
         4b:3d:c2:65:25:bc:9a:e2:15:c1:d7:f0:86:45:cd:02:77:2b:
         e4:58:e9:7e:b4:60:83:22:f9:38:e9:70:73:3e:5c:84:60:55:
         9b:29:67:1a:55:b0:fa:b0:b8:dd:3b:d6:d3:45:41:7c:f0:c1:
         04:3e:06:a0:f2:65:40:30:d0:4d:28:63:a3:49:ab:28:a1:14:
         c3:d8:4b:66:f7:81:f9:48:86:d2:05:4b:e8:66:75:93:34:24:
         66:7d:89:46:4d:9e:e4:7a:d6:f5:04:f4:60:67:3e:3f:b3:f5:
         f0:ab:40:c8:e2:9a:aa:2c:00:1c:10:3e:e3:2e:db:b4:b5:07:
         17:24:1b:9a:a6:25:de:ae:4b:23:ee:df:aa:92:be:4f:a5:53:
         35:ff:12:65:33:73:86:0e:1d:6d:8c:67:fb:82:1b:2c:73:8e:
         50:ff:e9:b7:71:5a:79:8e:ef:7c:de:c8:90:08:cc:6d:41:26:
         a9:60:1a:cc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZb0YnTAZ5824KMxA+oWZnreMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTIxMTk0NjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDg3YjE3NjY2NGVjNWNhNWIyOTZiODBhODNhYjY0MTdlY2QxMDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWL/bRJHxErFYEPvzzOA2p2trlrx
bejPpfrLaY/efayZQBX/oOb8Dw0vQoVyKOFiAt5gE0Bh4fTunrVtFtFp0sdymuDJ
MpR8+yLKQuZHNbMWGZ0kghvpIzg2467B21HuoL3t6YZCLwKT/Z1CCCHBLt3WPex7
3pPzoe7tH2yg1ET+Zu+isAc0UkU/f/SitKC83zwA7ZM5BlJSs3Drf5TWWQXxCEBN
4FXb3P57r7D+XetR7tdyh0M1oG0nb+gsOcTxvbcIrN3BaL/2wWhZPczKG1a3ixKg
resm68gIedy+/6bzt7iyaZVSZz4ZHmddQlYDOglOJn6THZgE561crtil3wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFA2HsXZmTsXKWylrgKg6tkF+zRBWMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvRFlleGRtWk94Y3BiS1d1QXFEcTJRWDdORUZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgfyQDAN
BgkqhkiG9w0BAQsFAAOCAQEARoikTtLO0RN4AC00AVYewq5n9sjG+XZ289Cocx87
oS0061+4yT1b3iEAp6qZgpGEYfvuW+MAlY8C/t/8Dinl5vKscQFORGAXSz3CZSW8
muIVwdfwhkXNAncr5FjpfrRggyL5OOlwcz5chGBVmylnGlWw+rC43TvW00VBfPDB
BD4GoPJlQDDQTShjo0mrKKEUw9hLZveB+UiG0gVL6GZ1kzQkZn2JRk2e5HrW9QT0
YGc+P7P18KtAyOKaqiwAHBA+4y7btLUHFyQbmqYl3q5LI+7fqpK+T6VTNf8SZTNz
hg4dbYxn+4IbLHOOUP/pt3FaeY7vfN7IkAjMbUEmqWAazA==
-----END CERTIFICATE-----