Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/FYUC0pIEfsPLJcLPRM8ZNRdYzZE.roa
File:                     FYUC0pIEfsPLJcLPRM8ZNRdYzZE.roa (raw, json)
Hash identifier:          Hi+b9v3/fuodL1f71yFY2qTEcK5Re2V3BNTHfOi008I=
Subject key identifier:   15:85:02:D2:92:04:7E:C3:CB:25:C2:CF:44:CF:19:35:17:58:CD:91
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01970920828AB9206D6B9009BDB7D3EF8075
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/FYUC0pIEfsPLJcLPRM8ZNRdYzZE.roa
Signing time:             Sun 25 May 2025 20:26:54 +0000
ROA not before:           Sun 25 May 2025 20:26:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206750
IP address blocks:        2a0b:a4c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:20:82:8a:b9:20:6d:6b:90:09:bd:b7:d3:ef:80:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 25 20:26:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=158502d292047ec3cb25c2cf44cf19351758cd91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:b8:cf:68:5b:7d:90:ee:9e:cc:b7:92:96:ad:
                    54:b7:7f:d8:3d:dd:aa:4e:93:b6:58:42:94:9b:8d:
                    df:d1:10:40:7d:39:b9:18:7d:05:33:d4:58:95:c9:
                    8e:e5:31:34:3a:bd:16:11:59:67:62:ba:2d:cf:fd:
                    cb:3f:f2:9e:85:c8:a6:49:2a:5b:97:7a:66:56:ed:
                    0a:ce:47:5f:03:44:cb:81:0c:76:47:fc:1d:fc:3e:
                    7a:42:3d:3c:8a:19:4d:72:a1:24:9a:08:2b:09:d0:
                    f3:cc:cc:38:90:80:d3:29:d6:5c:a6:bd:16:6d:f3:
                    6c:cc:a7:5a:0a:fe:67:e3:2b:70:f0:75:00:80:9e:
                    4b:cd:a7:6e:05:a5:7a:fe:19:3b:de:1f:98:52:22:
                    78:56:b4:a6:e6:2c:7a:ab:c4:94:75:98:02:54:a7:
                    09:08:63:1a:b2:8d:39:2d:aa:57:f9:6c:26:07:d3:
                    ba:05:3b:fb:a8:76:73:7a:9e:9f:18:62:7d:62:83:
                    42:eb:91:0a:2f:81:e3:8a:30:b8:7f:2a:95:14:e9:
                    85:6b:30:53:34:40:02:04:c5:36:10:8a:91:f4:5f:
                    5b:fa:e5:b6:3f:d3:02:7d:8f:73:a7:24:9f:48:8a:
                    a4:c9:23:a0:40:28:5b:5d:f7:46:d0:1f:35:82:e9:
                    e7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:85:02:D2:92:04:7E:C3:CB:25:C2:CF:44:CF:19:35:17:58:CD:91
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/FYUC0pIEfsPLJcLPRM8ZNRdYzZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a4c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:84:bb:97:bc:3b:f6:fe:09:48:95:fc:9b:d6:85:e1:78:70:
         f0:be:53:f4:42:15:81:9d:44:0c:00:7c:77:27:89:41:49:d2:
         68:c2:2d:64:4f:77:ab:34:dc:c0:03:e0:8b:27:e1:5d:91:47:
         22:0d:b9:ea:68:95:d5:67:29:85:e4:9f:ab:88:2c:dc:3a:a1:
         37:a6:06:31:2d:64:32:cb:03:95:5a:df:0b:d2:e5:dd:d3:56:
         cd:85:a8:bb:28:46:a2:e5:10:1a:34:3c:b3:36:5b:27:e5:6d:
         a6:92:65:8d:49:27:bc:05:84:1e:15:ba:82:9e:9e:7a:3d:1c:
         fa:d0:87:43:60:bc:bb:cf:d4:3b:4c:b7:a3:a2:59:a6:0c:56:
         55:a6:63:a5:a4:55:f0:a8:0e:3b:76:83:9e:c0:40:b4:19:31:
         37:58:3d:e1:a6:04:8f:b3:d8:d9:26:d4:28:2d:a9:ba:d4:b7:
         13:c3:5b:63:cf:02:25:a1:20:8c:f5:f7:b2:49:ce:ae:c3:2e:
         8e:ff:ae:27:aa:f9:a4:61:b0:12:5d:ec:b0:eb:c7:6f:77:f4:
         41:a9:4f:a3:6b:5e:fb:88:bf:17:ee:b5:0d:a3:d8:a8:02:e7:
         e7:c4:f4:0a:4f:f4:8a:69:9b:15:e3:73:17:8b:3a:27:9d:2a:
         c0:cf:08:77
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJIIKKuSBta5AJvbfT74B1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTI1MjAyNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTg1MDJkMjkyMDQ3ZWMzY2IyNWMyY2Y0NGNmMTkzNTE3NThjZDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtLjPaFt9kO6ezLeSlq1Ut3/YPd2q
TpO2WEKUm43f0RBAfTm5GH0FM9RYlcmO5TE0Or0WEVlnYrotz/3LP/KehcimSSpb
l3pmVu0KzkdfA0TLgQx2R/wd/D56Qj08ihlNcqEkmggrCdDzzMw4kIDTKdZcpr0W
bfNszKdaCv5n4ytw8HUAgJ5LzaduBaV6/hk73h+YUiJ4VrSm5ix6q8SUdZgCVKcJ
CGMaso05LapX+WwmB9O6BTv7qHZzep6fGGJ9YoNC65EKL4HjijC4fyqVFOmFazBT
NEACBMU2EIqR9F9b+uW2P9MCfY9zpySfSIqkySOgQChbXfdG0B81gunnlQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBWFAtKSBH7DyyXCz0TPGTUXWM2RMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvRllVQzBwSUVmc1BMSmNMUFJNOFpOUmRZelpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgukwDAN
BgkqhkiG9w0BAQsFAAOCAQEARoS7l7w79v4JSJX8m9aF4Xhw8L5T9EIVgZ1EDAB8
dyeJQUnSaMItZE93qzTcwAPgiyfhXZFHIg256miV1WcpheSfq4gs3DqhN6YGMS1k
MssDlVrfC9Ll3dNWzYWouyhGouUQGjQ8szZbJ+VtppJljUknvAWEHhW6gp6eej0c
+tCHQ2C8u8/UO0y3o6JZpgxWVaZjpaRV8KgOO3aDnsBAtBkxN1g94aYEj7PY2SbU
KC2putS3E8NbY88CJaEgjPX3sknOrsMujv+uJ6r5pGGwEl3ssOvHb3f0QalPo2te
+4i/F+61DaPYqALn58T0Ck/0immbFeNzF4s6J50qwM8Idw==
-----END CERTIFICATE-----