Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/EF4TWx1Oph9mETkqhpnV3eBbbYQ.roa
File:                     EF4TWx1Oph9mETkqhpnV3eBbbYQ.roa (raw, json)
Hash identifier:          UCILseKs0ohWB0LdelGZD7444kwcwudHaepjScKe5GM=
Subject key identifier:   10:5E:13:5B:1D:4E:A6:1F:66:11:39:2A:86:99:D5:DD:E0:5B:6D:84
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019720B49572876CE6166FA4D92D88F72AE5
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/EF4TWx1Oph9mETkqhpnV3eBbbYQ.roa
Signing time:             Fri 30 May 2025 10:19:54 +0000
ROA not before:           Fri 30 May 2025 10:19:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a0b:b480::/29 maxlen: 29
                          2a0f:89c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Jun 2025 20:34:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:b4:95:72:87:6c:e6:16:6f:a4:d9:2d:88:f7:2a:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 30 10:19:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=105e135b1d4ea61f6611392a8699d5dde05b6d84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:bd:56:99:87:76:ee:de:31:08:13:df:10:64:
                    6c:69:a9:f8:d1:52:cf:27:83:e8:f2:34:19:63:4b:
                    4e:95:26:e4:d5:01:6f:1a:8f:99:04:24:94:d5:f2:
                    d5:f0:03:ab:3d:cc:64:f6:51:5a:e9:02:d3:7b:1f:
                    90:cf:8c:f6:ba:fa:4a:e6:ec:3b:a2:e4:3c:dc:5d:
                    8e:ad:4e:76:ec:17:14:e4:71:b7:bf:6c:bd:29:23:
                    40:85:39:69:a8:35:3b:7d:9b:85:df:52:33:c8:8a:
                    77:35:01:1f:e7:58:21:ce:24:ea:44:21:d4:7e:7a:
                    e5:e2:b4:41:9d:02:0f:b7:be:b7:58:2a:b9:6d:71:
                    bf:59:66:53:47:91:58:37:9c:ab:eb:4e:13:49:e2:
                    9d:4a:ed:4e:c8:d2:89:a5:eb:83:5f:06:2e:88:ff:
                    a6:00:9b:f4:35:88:f4:61:19:f8:e8:fa:e6:c7:53:
                    76:a5:35:e0:4f:77:8a:e7:39:56:19:79:bf:07:4a:
                    6f:a9:cd:b9:ee:46:e7:cb:1a:75:3b:73:e9:61:71:
                    63:b2:8a:f3:66:2c:d5:6f:36:5b:55:1d:99:a8:44:
                    dd:a3:8e:12:31:f2:57:6f:0e:24:41:45:db:10:1f:
                    9e:5b:dc:f7:fd:ab:eb:ad:6d:75:7b:1b:a6:96:b7:
                    8c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:5E:13:5B:1D:4E:A6:1F:66:11:39:2A:86:99:D5:DD:E0:5B:6D:84
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/EF4TWx1Oph9mETkqhpnV3eBbbYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:b480::/29
                  2a0f:89c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6d:d8:cb:e7:33:2e:a3:92:6c:5e:6a:fa:8b:fb:a9:f6:e1:6d:
         8c:ed:c6:a7:a6:dc:c9:d3:f6:6b:80:18:41:f9:5f:1e:f9:3d:
         d7:2e:36:a6:27:c4:fb:0c:38:13:f3:3d:bb:b4:53:88:4c:e0:
         44:82:54:ae:ee:0d:b2:46:61:50:68:bd:4b:d1:ff:45:64:10:
         c8:72:9a:10:82:42:09:c5:67:9b:d3:e1:c1:ac:ad:b3:ed:21:
         9d:06:9f:4c:7b:f1:20:54:0d:f2:e0:27:5b:41:c5:dd:bb:c9:
         25:1d:f6:57:55:23:54:90:7a:81:51:11:8c:b2:eb:d5:62:8c:
         a0:09:34:af:d0:8e:3c:d7:dc:36:91:0a:04:08:2b:90:9e:d4:
         07:2b:07:3d:28:98:a3:3d:87:94:eb:62:9d:53:80:b4:a2:03:
         66:47:1f:6a:89:f0:a9:05:54:26:5e:66:34:e7:34:9b:65:e2:
         28:85:dc:2f:03:ba:61:a4:53:e8:3f:22:f2:64:6a:d4:fe:dc:
         c5:f7:c2:3d:d6:c5:b4:c1:ee:a1:dd:7c:7c:c2:81:8f:d0:b1:
         50:33:cf:74:ab:b1:2a:99:53:88:c4:6c:18:8a:6e:f4:ae:d6:
         e4:24:04:3a:38:32:24:6b:44:e2:56:56:14:e0:6b:ef:c7:e2:
         29:04:bf:40
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZcgtJVyh2zmFm+k2S2I9yrlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTMwMTAxOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDVlMTM1YjFkNGVhNjFmNjYxMTM5MmE4Njk5ZDVkZGUwNWI2ZDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArr1WmYd27t4xCBPfEGRsaan40VLP
J4Po8jQZY0tOlSbk1QFvGo+ZBCSU1fLV8AOrPcxk9lFa6QLTex+Qz4z2uvpK5uw7
ouQ83F2OrU527BcU5HG3v2y9KSNAhTlpqDU7fZuF31IzyIp3NQEf51ghziTqRCHU
fnrl4rRBnQIPt763WCq5bXG/WWZTR5FYN5yr604TSeKdSu1OyNKJpeuDXwYuiP+m
AJv0NYj0YRn46Prmx1N2pTXgT3eK5zlWGXm/B0pvqc257kbnyxp1O3PpYXFjsorz
ZizVbzZbVR2ZqETdo44SMfJXbw4kQUXbEB+eW9z3/avrrW11exumlreMmwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBBeE1sdTqYfZhE5KoaZ1d3gW22EMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvRUY0VFd4MU9waDltRVRrcWhwblYzZUJiYllRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgu0gAMF
AyoPicAwDQYJKoZIhvcNAQELBQADggEBAG3Yy+czLqOSbF5q+ov7qfbhbYztxqem
3MnT9muAGEH5Xx75PdcuNqYnxPsMOBPzPbu0U4hM4ESCVK7uDbJGYVBovUvR/0Vk
EMhymhCCQgnFZ5vT4cGsrbPtIZ0Gn0x78SBUDfLgJ1tBxd27ySUd9ldVI1SQeoFR
EYyy69VijKAJNK/QjjzX3DaRCgQIK5Ce1AcrBz0omKM9h5TrYp1TgLSiA2ZHH2qJ
8KkFVCZeZjTnNJtl4iiF3C8DumGkU+g/IvJkatT+3MX3wj3WxbTB7qHdfHzCgY/Q
sVAzz3SrsSqZU4jEbBiKbvSu1uQkBDo4MiRrROJWVhTga+/H4ikEv0A=
-----END CERTIFICATE-----