Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/XgnUq-DK8odYhc2781KpiinG5uU.roa
File:                     XgnUq-DK8odYhc2781KpiinG5uU.roa (raw, json)
Hash identifier:          ZEY/2bKJANwgt5iB8ToeW8NcpLVwCdNhPjR2Bd+1nCE=
Subject key identifier:   5E:09:D4:AB:E0:CA:F2:87:58:85:CD:BB:F3:52:A9:8A:29:C6:E6:E5
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0196CE0EFBFF2AAB42CD53A6CD6015479672
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/XgnUq-DK8odYhc2781KpiinG5uU.roa
Signing time:             Wed 14 May 2025 09:10:10 +0000
ROA not before:           Wed 14 May 2025 09:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        2a0f:63c7::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 12 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:0e:fb:ff:2a:ab:42:cd:53:a6:cd:60:15:47:96:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 14 09:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e09d4abe0caf2875885cdbbf352a98a29c6e6e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a5:07:71:97:83:af:85:54:7a:83:2c:ec:8f:
                    07:c9:94:d1:6f:f9:11:80:c0:2d:7d:17:2d:78:19:
                    e2:e6:b8:8b:73:90:15:ff:74:98:86:a4:0b:39:ce:
                    37:cc:b3:da:73:64:8f:a2:a8:2f:c7:89:1d:c3:2e:
                    ea:42:19:d1:89:01:0f:1f:0c:45:b6:15:f1:58:14:
                    24:69:98:e8:e5:9a:a3:ea:d8:36:83:e7:b9:20:81:
                    ec:bf:6a:ea:c3:5d:ee:c1:1a:63:77:9c:3f:8c:dd:
                    8f:6b:dc:ef:4f:6e:65:63:f3:f0:05:08:20:1d:74:
                    48:7e:6b:99:c7:95:8f:cb:06:e4:b4:ce:44:69:f8:
                    e5:83:3b:20:9c:2c:22:ba:f5:22:86:08:76:fd:57:
                    5a:a6:3a:f0:82:ce:8c:63:3c:e0:e1:fe:ba:6a:b9:
                    c3:60:7f:e8:f6:a3:34:aa:10:b3:ca:33:81:50:8f:
                    7d:68:e2:e6:28:76:e9:26:f2:19:9a:47:73:1b:de:
                    b4:2e:3a:8c:75:34:c5:ab:d8:05:e9:3b:75:6e:d6:
                    f0:c4:c9:f9:9e:fc:01:63:5a:ca:1a:c9:14:47:00:
                    30:7e:04:1a:88:6d:ab:ac:50:89:98:1d:40:95:d1:
                    91:2e:13:ff:26:54:78:e0:39:5b:2d:72:84:5c:0b:
                    e6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:09:D4:AB:E0:CA:F2:87:58:85:CD:BB:F3:52:A9:8A:29:C6:E6:E5
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/XgnUq-DK8odYhc2781KpiinG5uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:63c7::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:fe:a1:fa:db:c5:c5:c8:f0:8b:fe:98:b5:26:80:d9:01:1e:
         36:9d:ba:1f:e8:33:fc:36:af:76:c3:19:fa:5f:f8:4f:f9:de:
         e3:a0:bf:d5:9d:58:c5:c1:78:e2:67:d8:83:c2:6b:ee:53:19:
         e9:39:24:05:15:95:98:02:b2:6f:99:e4:da:41:78:13:65:d5:
         71:4f:d6:1d:43:2e:b0:bb:25:57:af:64:e3:e9:21:13:50:0e:
         a3:0f:72:27:52:63:be:8a:b3:73:d4:22:98:8c:93:5a:35:0d:
         94:80:5b:82:5f:92:e7:9c:83:26:ae:b3:69:a6:33:78:82:94:
         6f:91:81:cc:ce:a9:21:1c:06:f3:dc:49:bb:6a:69:11:64:5f:
         cd:5c:98:a6:db:e9:77:4f:f6:bb:ab:b1:ce:8c:08:ff:54:ac:
         20:21:e8:e3:99:f2:31:d1:9e:c1:14:ce:7e:69:7a:dd:a8:97:
         81:aa:60:ad:7f:1d:7a:ae:d9:f8:e7:8f:28:3b:54:4d:e2:61:
         10:dc:37:88:87:a6:d4:ed:09:ec:f8:a8:c8:93:d3:dc:0f:d2:
         e5:51:fd:69:3a:13:bc:3e:78:f4:e6:c9:fb:a0:8b:26:25:85:
         b6:75:dd:29:e9:50:9a:6d:c2:30:82:f5:4d:43:cb:86:8a:53:
         f6:81:56:9b
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZbODvv/KqtCzVOmzWAVR5ZyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTE0MDkxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTA5ZDRhYmUwY2FmMjg3NTg4NWNkYmJmMzUyYTk4YTI5YzZlNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqUHcZeDr4VUeoMs7I8HyZTRb/kR
gMAtfRcteBni5riLc5AV/3SYhqQLOc43zLPac2SPoqgvx4kdwy7qQhnRiQEPHwxF
thXxWBQkaZjo5Zqj6tg2g+e5IIHsv2rqw13uwRpjd5w/jN2Pa9zvT25lY/PwBQgg
HXRIfmuZx5WPywbktM5EafjlgzsgnCwiuvUihgh2/Vdapjrwgs6MYzzg4f66arnD
YH/o9qM0qhCzyjOBUI99aOLmKHbpJvIZmkdzG960LjqMdTTFq9gF6Tt1btbwxMn5
nvwBY1rKGskURwAwfgQaiG2rrFCJmB1AldGRLhP/JlR44DlbLXKEXAvmbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFF4J1KvgyvKHWIXNu/NSqYopxublMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvWGduVXEtREs4b2RZaGMyNzgxS3BpaW5HNXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg9jxzAN
BgkqhkiG9w0BAQsFAAOCAQEAN/6h+tvFxcjwi/6YtSaA2QEeNp26H+gz/DavdsMZ
+l/4T/ne46C/1Z1YxcF44mfYg8Jr7lMZ6TkkBRWVmAKyb5nk2kF4E2XVcU/WHUMu
sLslV69k4+khE1AOow9yJ1Jjvoqzc9QimIyTWjUNlIBbgl+S55yDJq6zaaYzeIKU
b5GBzM6pIRwG89xJu2ppEWRfzVyYptvpd0/2u6uxzowI/1SsICHo45nyMdGewRTO
fml63aiXgapgrX8deq7Z+OePKDtUTeJhENw3iIem1O0J7PioyJPT3A/S5VH9aToT
vD549ObJ+6CLJiWFtnXdKelQmm3CMIL1TUPLhopT9oFWmw==
-----END CERTIFICATE-----