Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/KXiyCJtTmpSmQTySjliHwyEv9bY.roa
File:                     KXiyCJtTmpSmQTySjliHwyEv9bY.roa (raw, json)
Hash identifier:          v92jqGLaXhQfwygEz2dXZNGz3A+5DlwPnY+2QQsgEyg=
Subject key identifier:   29:78:B2:08:9B:53:9A:94:A6:41:3C:92:8E:58:87:C3:21:2F:F5:B6
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01970922576E90CCD4C3DAABD3331FCC262C
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/KXiyCJtTmpSmQTySjliHwyEv9bY.roa
Signing time:             Sun 25 May 2025 20:28:54 +0000
ROA not before:           Sun 25 May 2025 20:28:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205884
IP address blocks:        2a0b:a4c6::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 10:10:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:22:57:6e:90:cc:d4:c3:da:ab:d3:33:1f:cc:26:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 25 20:28:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2978b2089b539a94a6413c928e5887c3212ff5b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:c0:ae:df:b4:89:fe:d5:f9:d8:34:9c:fa:87:
                    83:0f:51:6e:89:2a:19:8b:67:11:4d:db:1c:08:96:
                    a4:b6:c9:58:6f:26:4d:ff:c0:2d:3c:f2:81:13:08:
                    55:d3:e3:8d:c0:61:f7:6c:b0:0b:d7:91:97:19:06:
                    54:42:eb:ad:00:8d:9e:e8:84:88:34:5f:a7:fb:c7:
                    0b:e3:70:f7:08:3e:69:28:02:8e:bc:41:c8:35:58:
                    54:3f:46:fa:6f:40:44:6e:3e:06:66:d5:42:bb:ff:
                    3b:26:c3:46:bf:fe:65:f4:77:8f:c1:52:c0:95:4d:
                    4a:7a:a0:a3:29:87:78:2e:61:0c:3f:52:3b:0b:f0:
                    76:5c:99:7c:b4:72:ea:3d:06:30:79:86:61:86:ee:
                    16:f9:51:2b:f1:f8:21:34:cd:3e:41:23:95:a3:e7:
                    f0:c7:43:4d:67:f2:bd:eb:e5:0f:2e:49:b3:de:e1:
                    a9:0f:10:24:9e:95:d0:e6:08:1a:33:75:85:9a:20:
                    a5:b9:ca:17:47:81:9c:d9:fa:10:b2:a7:02:ee:1b:
                    ba:e4:16:29:9b:00:d3:d0:4d:0f:1b:45:ff:e3:e3:
                    0a:1a:9b:98:9f:2c:28:a1:9f:90:1a:55:db:23:6c:
                    21:ac:82:5f:10:0a:90:c2:85:ef:3b:77:06:23:c4:
                    c8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:78:B2:08:9B:53:9A:94:A6:41:3C:92:8E:58:87:C3:21:2F:F5:B6
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/KXiyCJtTmpSmQTySjliHwyEv9bY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a4c6::/32

    Signature Algorithm: sha256WithRSAEncryption
         98:52:20:6a:da:af:51:6e:c4:d1:8e:3b:cc:68:df:95:f1:d3:
         1b:92:73:67:c6:da:69:91:95:38:65:c5:93:d4:64:66:40:4b:
         58:cd:50:24:a6:87:f2:94:c6:f5:d8:31:bf:77:b5:6d:ed:fb:
         5b:11:9f:a3:05:67:e5:51:4f:ba:b9:31:b5:9d:b1:91:6c:1c:
         34:aa:bd:1a:d8:a8:d8:5e:c2:f9:69:89:00:52:b0:dd:43:bf:
         0a:f9:69:d9:73:20:b6:24:89:0b:1a:1d:c1:61:9f:99:39:3e:
         24:27:5d:7a:82:1d:69:95:23:1d:d2:18:07:e8:02:92:c4:e3:
         a7:cc:1c:35:98:fc:a8:11:a6:1f:3c:80:b4:f6:09:96:c8:18:
         56:e4:97:a2:23:13:77:96:7b:bb:7d:bd:de:ee:56:8a:97:6e:
         b7:5d:e0:33:9a:73:98:0a:86:f4:35:73:a7:93:54:20:85:86:
         6f:4b:f8:05:2d:59:18:0b:54:47:97:af:60:16:21:1e:c5:7c:
         52:03:36:d8:0d:05:b4:7b:97:c1:fd:5f:ed:f5:92:f2:bb:25:
         b2:3c:3d:e5:2f:a0:11:78:a7:a3:c6:d5:54:4d:1c:cd:1f:21:
         82:4c:b9:a5:20:1d:52:22:f5:0e:76:cf:25:b4:bf:95:c1:2b:
         bb:9c:0d:eb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJIldukMzUw9qr0zMfzCYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTI1MjAyODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTc4YjIwODliNTM5YTk0YTY0MTNjOTI4ZTU4ODdjMzIxMmZmNWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8Cu37SJ/tX52DSc+oeDD1FuiSoZ
i2cRTdscCJaktslYbyZN/8AtPPKBEwhV0+ONwGH3bLAL15GXGQZUQuutAI2e6ISI
NF+n+8cL43D3CD5pKAKOvEHINVhUP0b6b0BEbj4GZtVCu/87JsNGv/5l9HePwVLA
lU1KeqCjKYd4LmEMP1I7C/B2XJl8tHLqPQYweYZhhu4W+VEr8fghNM0+QSOVo+fw
x0NNZ/K96+UPLkmz3uGpDxAknpXQ5ggaM3WFmiClucoXR4Gc2foQsqcC7hu65BYp
mwDT0E0PG0X/4+MKGpuYnywooZ+QGlXbI2whrIJfEAqQwoXvO3cGI8TI+wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFCl4sgibU5qUpkE8ko5Yh8MhL/W2MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvS1hpeUNKdFRtcFNtUVR5U2psaUh3eUV2OWJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgukxjAN
BgkqhkiG9w0BAQsFAAOCAQEAmFIgatqvUW7E0Y47zGjflfHTG5JzZ8baaZGVOGXF
k9RkZkBLWM1QJKaH8pTG9dgxv3e1be37WxGfowVn5VFPurkxtZ2xkWwcNKq9Gtio
2F7C+WmJAFKw3UO/Cvlp2XMgtiSJCxodwWGfmTk+JCddeoIdaZUjHdIYB+gCksTj
p8wcNZj8qBGmHzyAtPYJlsgYVuSXoiMTd5Z7u3293u5Wipdut13gM5pzmAqG9DVz
p5NUIIWGb0v4BS1ZGAtUR5evYBYhHsV8UgM22A0FtHuXwf1f7fWS8rslsjw95S+g
EXino8bVVE0czR8hgky5pSAdUiL1DnbPJbS/lcEru5wN6w==
-----END CERTIFICATE-----