Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/SrEfDrHMkGEpdeA2ZUisx7ubFNA.roa
File:                     SrEfDrHMkGEpdeA2ZUisx7ubFNA.roa (raw, json)
Hash identifier:          RKPLlrEgQ53ytDlI3r+HGIuuyex97rpEUzMwWq38+9s=
Subject key identifier:   4A:B1:1F:0E:B1:CC:90:61:29:75:E0:36:65:48:AC:C7:BB:9B:14:D0
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0197418EF7A478EA94EE3C7FF7211BD21C61
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/SrEfDrHMkGEpdeA2ZUisx7ubFNA.roa
Signing time:             Thu 05 Jun 2025 19:26:17 +0000
ROA not before:           Thu 05 Jun 2025 19:26:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     133944
IP address blocks:        2a10:7ac0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:41:8e:f7:a4:78:ea:94:ee:3c:7f:f7:21:1b:d2:1c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun  5 19:26:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ab11f0eb1cc90612975e0366548acc7bb9b14d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:50:1f:8f:e5:04:0f:10:b8:fc:87:a5:b1:d6:
                    64:63:7d:fe:27:ed:6d:83:5f:70:7f:e9:9b:e2:c6:
                    0c:88:57:49:f2:55:01:7a:7f:87:0f:7a:62:17:53:
                    1d:d3:7e:a5:54:06:18:2b:01:2f:e6:29:56:64:d2:
                    0a:87:42:44:9f:c2:2d:0d:71:4f:99:43:89:10:12:
                    4e:49:cd:3f:d2:5f:32:b4:7b:3f:7b:5d:be:d5:4e:
                    19:aa:dd:ed:d0:0e:49:a4:24:9b:5e:cf:12:f7:4e:
                    5f:41:7a:48:aa:54:ca:b3:64:2a:69:9a:8b:29:c5:
                    10:b8:1f:35:10:22:fd:36:d7:af:25:d0:b6:10:6d:
                    7f:ac:aa:d6:90:f8:48:cb:80:b7:bd:4b:44:5f:b4:
                    9b:db:bd:a9:9c:00:9a:e7:e5:6c:a0:5d:4b:f8:80:
                    ca:08:2c:34:f8:c8:32:6a:f2:5b:57:a1:36:b7:37:
                    e6:a9:eb:f3:70:83:13:4c:43:71:50:1e:90:79:e7:
                    33:3c:cb:3a:7a:0b:44:9f:ed:77:73:b2:ad:f7:29:
                    a1:31:79:ce:4c:e5:ee:83:af:dc:07:66:11:19:d0:
                    16:27:c1:bc:26:f1:7e:d6:e4:aa:af:b3:4c:81:7c:
                    2c:01:21:2a:44:0c:86:92:c9:c2:b9:29:e6:35:9f:
                    64:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B1:1F:0E:B1:CC:90:61:29:75:E0:36:65:48:AC:C7:BB:9B:14:D0
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/SrEfDrHMkGEpdeA2ZUisx7ubFNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:7ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         94:bc:cb:7a:e7:09:37:b6:8f:fe:03:35:dd:82:3d:a3:5c:37:
         4b:96:76:08:27:9b:e5:1d:0e:58:00:1e:52:d5:01:6b:89:e1:
         f1:69:fb:11:99:b1:4c:e0:31:74:ab:01:32:b7:32:b1:8d:8d:
         88:fa:21:e8:da:01:19:be:fc:5b:6c:94:4b:af:d3:d6:ca:4d:
         48:c7:c8:13:2c:70:86:fa:8e:59:37:16:3f:a5:01:e0:61:a1:
         2a:9a:00:0d:c6:98:1b:0d:da:cb:20:97:2f:90:ba:b9:ed:42:
         90:b8:2f:0e:a9:f7:4d:17:5f:12:58:23:66:fd:c7:6b:58:3e:
         e9:0b:4d:ad:16:b9:fa:3f:46:9d:51:af:8e:f6:48:cc:10:bf:
         d1:78:b2:90:4d:b1:3b:c7:84:32:2c:c6:6d:38:90:3c:62:53:
         ba:a5:9c:19:80:5d:15:82:ed:bf:d9:25:43:85:1b:9b:2e:62:
         b9:0a:3a:3a:c3:72:a7:be:34:94:f0:90:4c:ae:54:98:13:03:
         b5:c5:c3:bc:86:cb:e9:cc:27:d8:3e:ad:ae:da:ba:80:82:d7:
         e4:70:dd:08:8c:e7:1c:5d:bb:3a:cd:6e:a0:5d:df:32:4a:52:
         04:f6:68:a6:53:cb:c0:7c:a6:9c:3c:f2:a8:6b:c1:2e:57:a4:
         b3:ec:b4:83
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZdBjvekeOqU7jx/9yEb0hxhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjA1MTkyNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWIxMWYwZWIxY2M5MDYxMjk3NWUwMzY2NTQ4YWNjN2JiOWIxNGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqVAfj+UEDxC4/IelsdZkY33+J+1t
g19wf+mb4sYMiFdJ8lUBen+HD3piF1Md036lVAYYKwEv5ilWZNIKh0JEn8ItDXFP
mUOJEBJOSc0/0l8ytHs/e12+1U4Zqt3t0A5JpCSbXs8S905fQXpIqlTKs2QqaZqL
KcUQuB81ECL9NtevJdC2EG1/rKrWkPhIy4C3vUtEX7Sb272pnACa5+VsoF1L+IDK
CCw0+MgyavJbV6E2tzfmqevzcIMTTENxUB6QeeczPMs6egtEn+13c7Kt9ymhMXnO
TOXug6/cB2YRGdAWJ8G8JvF+1uSqr7NMgXwsASEqRAyGksnCuSnmNZ9kgQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFEqxHw6xzJBhKXXgNmVIrMe7mxTQMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvU3JFZkRySE1rR0VwZGVBMlpVaXN4N3ViRk5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhB6wDAN
BgkqhkiG9w0BAQsFAAOCAQEAlLzLeucJN7aP/gM13YI9o1w3S5Z2CCeb5R0OWAAe
UtUBa4nh8Wn7EZmxTOAxdKsBMrcysY2NiPoh6NoBGb78W2yUS6/T1spNSMfIEyxw
hvqOWTcWP6UB4GGhKpoADcaYGw3ayyCXL5C6ue1CkLgvDqn3TRdfElgjZv3Ha1g+
6QtNrRa5+j9GnVGvjvZIzBC/0XiykE2xO8eEMizGbTiQPGJTuqWcGYBdFYLtv9kl
Q4Ubmy5iuQo6OsNyp740lPCQTK5UmBMDtcXDvIbL6cwn2D6trtq6gILX5HDdCIzn
HF27Os1uoF3fMkpSBPZoplPLwHymnDzyqGvBLleks+y0gw==
-----END CERTIFICATE-----