Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/HsXdHC7XLr8L5Jap91e-0O8hqWg.roa
File:                     HsXdHC7XLr8L5Jap91e-0O8hqWg.roa (raw, json)
Hash identifier:          0AUM4AXSh8LD0LXCQT8OJCo+0466mL2PMgQaSwOGM/U=
Subject key identifier:   1E:C5:DD:1C:2E:D7:2E:BF:0B:E4:96:A9:F7:57:BE:D0:EF:21:A9:68
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019709216DF3CA73541D219DEC8266C15583
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/HsXdHC7XLr8L5Jap91e-0O8hqWg.roa
Signing time:             Sun 25 May 2025 20:27:55 +0000
ROA not before:           Sun 25 May 2025 20:27:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205301
IP address blocks:        2a0b:a4c5::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:21:6d:f3:ca:73:54:1d:21:9d:ec:82:66:c1:55:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 25 20:27:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1ec5dd1c2ed72ebf0be496a9f757bed0ef21a968
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ce:33:e6:9f:66:29:1c:1e:63:24:d1:c1:bc:
                    82:d0:2d:d4:aa:07:d4:fc:b4:56:42:31:b7:f3:65:
                    64:78:7d:d2:66:6b:b7:e0:d1:a5:2b:86:6b:4e:68:
                    54:38:7e:de:9e:16:1a:10:8c:34:50:7c:d7:bb:b1:
                    36:5d:1a:5a:4b:d8:a9:ab:89:8e:97:64:78:14:da:
                    d0:ed:a6:58:1b:2a:13:bd:03:2d:b8:f0:ec:91:47:
                    5c:9c:f9:70:13:9a:16:bc:b7:2d:7e:94:98:d4:f0:
                    9d:a4:0a:8f:e7:a2:19:7c:32:c7:74:55:0e:9b:a0:
                    3c:af:0b:b7:a7:0f:ea:0a:12:27:81:c4:7f:fe:cc:
                    2b:55:62:3d:22:87:a1:a0:d3:22:c0:e4:05:0f:d2:
                    a7:da:61:43:20:cd:0a:90:b3:fd:d8:a9:7c:fb:9c:
                    b2:cb:c6:17:81:2e:fa:34:b6:fe:12:f1:9e:34:1c:
                    8c:e0:b5:56:e8:0c:fc:32:44:68:3f:3c:b2:a7:70:
                    4a:0b:a7:d9:ba:f0:c7:c1:b7:75:a6:61:b5:02:9d:
                    b5:79:76:9c:87:72:a2:1e:c9:9c:05:2c:5b:05:79:
                    84:f8:3c:cb:3d:24:9d:c3:81:88:6e:02:0e:67:c9:
                    d9:3d:72:74:7b:cb:86:94:d8:1c:1e:84:aa:95:db:
                    8f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:C5:DD:1C:2E:D7:2E:BF:0B:E4:96:A9:F7:57:BE:D0:EF:21:A9:68
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/HsXdHC7XLr8L5Jap91e-0O8hqWg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a4c5::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:67:ee:07:d5:39:8b:11:35:37:04:b8:e4:d2:51:13:0c:fb:
         d1:c5:7e:af:6c:68:dd:cd:d8:36:4d:ad:64:16:50:20:4b:dc:
         41:2f:c8:77:b8:b2:e8:5c:fe:a0:35:3b:3a:91:ed:17:46:c0:
         ac:b5:6e:f3:c5:b0:22:34:86:d1:d6:1f:85:b3:ec:f6:ef:3c:
         f2:9e:62:2b:37:af:bb:ef:b5:2c:e1:b3:ec:fe:b0:2a:e2:23:
         68:5f:72:f2:b1:73:7a:a8:6b:59:1c:ba:b2:45:19:b1:a4:a5:
         2a:50:f3:b5:60:63:88:8b:0c:3e:5f:b5:8b:e2:9f:50:f3:3f:
         0c:6f:60:12:9d:0a:6f:0d:ac:07:da:9a:66:ae:d4:54:16:a9:
         29:9e:f7:24:09:24:8f:bd:66:39:71:ad:5f:d9:20:31:59:7b:
         83:0c:36:60:99:e8:c7:13:1d:f3:48:5b:f3:69:06:62:ea:9e:
         d3:22:90:f3:e6:72:a5:1d:4a:22:08:e7:77:44:9f:16:3f:dd:
         71:5b:8e:54:21:dc:de:6d:70:58:59:f7:50:c9:81:0d:d5:6a:
         1e:97:af:81:c2:c7:9d:8b:36:a9:1b:a0:b1:08:7e:87:58:e6:
         0f:61:a5:fc:69:54:a6:98:a8:57:93:a4:ea:8b:40:cf:da:62:
         5f:05:65:4a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJIW3zynNUHSGd7IJmwVWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTI1MjAyNzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWM1ZGQxYzJlZDcyZWJmMGJlNDk2YTlmNzU3YmVkMGVmMjFhOTY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsM4z5p9mKRweYyTRwbyC0C3UqgfU
/LRWQjG382VkeH3SZmu34NGlK4ZrTmhUOH7enhYaEIw0UHzXu7E2XRpaS9ipq4mO
l2R4FNrQ7aZYGyoTvQMtuPDskUdcnPlwE5oWvLctfpSY1PCdpAqP56IZfDLHdFUO
m6A8rwu3pw/qChIngcR//swrVWI9IoehoNMiwOQFD9Kn2mFDIM0KkLP92Kl8+5yy
y8YXgS76NLb+EvGeNByM4LVW6Az8MkRoPzyyp3BKC6fZuvDHwbd1pmG1Ap21eXac
h3KiHsmcBSxbBXmE+DzLPSSdw4GIbgIOZ8nZPXJ0e8uGlNgcHoSqlduPNwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFB7F3Rwu1y6/C+SWqfdXvtDvIaloMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvSHNYZEhDN1hMcjhMNUphcDkxZS0wTzhocVdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgukxTAN
BgkqhkiG9w0BAQsFAAOCAQEAXGfuB9U5ixE1NwS45NJREwz70cV+r2xo3c3YNk2t
ZBZQIEvcQS/Id7iy6Fz+oDU7OpHtF0bArLVu88WwIjSG0dYfhbPs9u888p5iKzev
u++1LOGz7P6wKuIjaF9y8rFzeqhrWRy6skUZsaSlKlDztWBjiIsMPl+1i+KfUPM/
DG9gEp0Kbw2sB9qaZq7UVBapKZ73JAkkj71mOXGtX9kgMVl7gww2YJnoxxMd80hb
82kGYuqe0yKQ8+ZypR1KIgjnd0SfFj/dcVuOVCHc3m1wWFn3UMmBDdVqHpevgcLH
nYs2qRugsQh+h1jmD2Gl/GlUppioV5Ok6otAz9piXwVlSg==
-----END CERTIFICATE-----