Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/TImNcCZbJ6x9TK-j2tCqimWpvl0.roa
File:                     TImNcCZbJ6x9TK-j2tCqimWpvl0.roa (raw, json)
Hash identifier:          Lj/FilEeTORwSLSDxn7m8z/Qf4z0ium+i7pXMmvoomw=
Subject key identifier:   4C:89:8D:70:26:5B:27:AC:7D:4C:AF:A3:DA:D0:AA:8A:65:A9:BE:5D
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01974557987FC9FD81BF322D5B62C260BDE0
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/TImNcCZbJ6x9TK-j2tCqimWpvl0.roa
Signing time:             Fri 06 Jun 2025 13:04:17 +0000
ROA not before:           Fri 06 Jun 2025 13:04:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215420
IP address blocks:        2a0f:89c0::/29 maxlen: 29
                          2a13:d140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:45:57:98:7f:c9:fd:81:bf:32:2d:5b:62:c2:60:bd:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun  6 13:04:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4c898d70265b27ac7d4cafa3dad0aa8a65a9be5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:71:b7:cb:b4:44:aa:bd:50:31:6a:63:86:85:
                    f9:1f:af:a7:51:5c:9c:b2:32:60:7c:c9:80:50:b7:
                    df:34:3e:3e:8a:11:35:c4:8d:53:37:2f:51:cb:00:
                    76:44:8e:20:ea:4b:c9:df:26:af:41:9e:3c:cb:66:
                    d5:a8:80:b2:51:9e:34:6e:fc:80:95:b9:35:67:42:
                    7a:18:b8:87:8b:74:05:37:84:e6:5a:08:91:cb:3a:
                    bd:f9:41:d3:d8:18:b1:2e:1e:6e:82:a3:ea:a0:a3:
                    7f:3d:88:46:e2:72:2a:7e:06:f3:7a:e4:58:70:d9:
                    f7:c1:61:00:52:ae:2e:21:f6:21:79:da:93:c9:e0:
                    63:dc:fd:a5:04:22:8a:bb:dd:72:7d:80:54:7b:65:
                    d1:66:77:0d:c0:eb:5d:6f:ca:bf:fc:bf:d5:76:87:
                    5e:7a:7f:57:3a:d0:ff:da:0d:61:2c:86:21:e7:25:
                    98:ad:83:16:e3:f0:ac:5a:17:34:c6:7b:40:e2:e1:
                    12:2d:9f:ba:1a:90:e8:c8:14:7a:dc:aa:41:32:3f:
                    d9:64:62:60:ce:f6:4f:8d:07:e1:9c:52:da:64:cd:
                    9c:84:e2:6f:7e:4e:ed:2d:7b:b9:70:45:1a:1d:c1:
                    19:06:fc:4d:e5:f1:e8:db:c9:27:99:35:ef:28:cb:
                    66:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:89:8D:70:26:5B:27:AC:7D:4C:AF:A3:DA:D0:AA:8A:65:A9:BE:5D
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/TImNcCZbJ6x9TK-j2tCqimWpvl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:89c0::/29
                  2a13:d140::/29

    Signature Algorithm: sha256WithRSAEncryption
         60:db:f7:47:5c:b7:54:c9:2e:e8:1f:ca:0b:82:33:a2:04:a0:
         9e:87:41:b8:e2:05:5c:a1:63:aa:f3:09:16:90:cb:e0:db:15:
         55:62:9c:e4:c3:20:c0:d9:31:b9:0a:8b:2b:16:a2:99:4a:d6:
         ae:9b:fd:ad:ef:fe:84:f9:3a:8d:e7:c2:e9:60:cd:b5:25:9e:
         3c:9f:89:24:ef:f6:25:d9:60:f0:0c:00:ec:dd:62:51:64:4a:
         e4:63:fa:c5:f5:da:c2:f7:fe:87:7b:41:73:09:eb:05:cc:c6:
         58:ec:9a:de:76:9c:ed:d5:d3:4f:7e:e7:6a:4e:30:e0:bc:bc:
         09:8b:40:d6:5a:6c:5a:9e:df:89:a8:9b:6a:cc:e4:94:63:e0:
         f0:e2:ae:97:d7:86:69:e9:d4:19:75:4c:79:f6:9e:33:e1:6c:
         2a:f5:eb:b5:51:8c:18:62:fe:dc:fa:71:ad:aa:e9:7a:2d:0f:
         11:d5:02:e8:35:8d:91:07:f3:cd:6c:80:f2:d9:05:9a:d9:2e:
         38:3b:31:41:4a:6f:ee:74:20:ad:96:dc:af:e8:4c:34:f0:e8:
         38:45:f7:45:c6:92:6a:ae:63:99:66:67:2a:70:d9:44:05:be:
         39:9c:9f:a0:74:1d:e7:0b:f5:e0:cd:82:b1:89:cb:cf:3e:7f:
         ea:ac:62:a4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdFV5h/yf2BvzItW2LCYL3gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjA2MTMwNDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Yzg5OGQ3MDI2NWIyN2FjN2Q0Y2FmYTNkYWQwYWE4YTY1YTliZTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnG3y7REqr1QMWpjhoX5H6+nUVyc
sjJgfMmAULffND4+ihE1xI1TNy9RywB2RI4g6kvJ3yavQZ48y2bVqICyUZ40bvyA
lbk1Z0J6GLiHi3QFN4TmWgiRyzq9+UHT2BixLh5ugqPqoKN/PYhG4nIqfgbzeuRY
cNn3wWEAUq4uIfYhedqTyeBj3P2lBCKKu91yfYBUe2XRZncNwOtdb8q//L/Vdode
en9XOtD/2g1hLIYh5yWYrYMW4/CsWhc0xntA4uESLZ+6GpDoyBR63KpBMj/ZZGJg
zvZPjQfhnFLaZM2chOJvfk7tLXu5cEUaHcEZBvxN5fHo28knmTXvKMtmjwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEyJjXAmWyesfUyvo9rQqoplqb5dMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvVEltTmNDWmJKNng5VEstajJ0Q3FpbVdwdmwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg+JwAMF
AyoT0UAwDQYJKoZIhvcNAQELBQADggEBAGDb90dct1TJLugfyguCM6IEoJ6HQbji
BVyhY6rzCRaQy+DbFVVinOTDIMDZMbkKiysWoplK1q6b/a3v/oT5Oo3nwulgzbUl
njyfiSTv9iXZYPAMAOzdYlFkSuRj+sX12sL3/od7QXMJ6wXMxljsmt52nO3V009+
52pOMOC8vAmLQNZabFqe34mom2rM5JRj4PDirpfXhmnp1Bl1THn2njPhbCr167VR
jBhi/tz6ca2q6XotDxHVAug1jZEH881sgPLZBZrZLjg7MUFKb+50IK2W3K/oTDTw
6DhF90XGkmquY5lmZypw2UQFvjmcn6B0HecL9eDNgrGJy88+f+qsYqQ=
-----END CERTIFICATE-----
Generated at Mon Jun 9 14:41:40 2025 by rpki-client