Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/jW_AQF1FLR2FOQFIiQo2vVi_Y5g.roa
File:                     jW_AQF1FLR2FOQFIiQo2vVi_Y5g.roa (raw, json)
Hash identifier:          Cb6kLOZMSHrNhb/6jW0Lj/1BPRCizi1qhHCgpnvp/Ms=
Subject key identifier:   8D:6F:C0:40:5D:45:2D:1D:85:39:01:48:89:0A:36:BD:58:BF:63:98
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019709217059A67479EFE843FDC9F64DF085
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/jW_AQF1FLR2FOQFIiQo2vVi_Y5g.roa
Signing time:             Sun 25 May 2025 20:27:55 +0000
ROA not before:           Sun 25 May 2025 20:27:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209982
IP address blocks:        2a0b:a4c2::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:09:21:70:59:a6:74:79:ef:e8:43:fd:c9:f6:4d:f0:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 25 20:27:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d6fc0405d452d1d85390148890a36bd58bf6398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6b:51:3a:56:b9:bf:da:55:13:f0:ee:a0:c8:
                    7b:ef:41:b8:74:fe:72:3f:08:93:47:ba:fd:2f:96:
                    2e:5e:d4:f3:35:3c:94:a7:76:43:50:42:1b:e6:c9:
                    68:ca:01:ff:ad:6d:d3:7b:b6:89:cd:5c:72:04:51:
                    d4:9e:2c:67:7b:c5:3f:af:41:84:d0:9e:6a:12:4b:
                    f1:3b:dc:53:5a:53:5b:b5:61:63:3b:a7:c0:18:b8:
                    01:d9:bf:f4:32:85:64:fb:c7:a2:0d:87:71:79:45:
                    4e:b7:63:35:81:f2:81:70:84:67:30:40:6b:6e:03:
                    0e:b1:77:4f:ce:64:4f:b5:58:0e:a4:8e:95:53:93:
                    32:d8:4b:03:64:82:eb:da:d4:83:ad:3f:2b:75:81:
                    4c:5c:35:7b:d3:b8:fe:b7:3c:83:e8:81:99:ec:59:
                    4b:c4:58:db:8b:cb:f9:fc:2d:92:ef:05:d4:79:6e:
                    af:af:3c:7f:0b:33:3a:69:0e:9e:ea:db:70:b7:05:
                    b8:e8:05:93:56:70:aa:69:f2:90:c1:76:49:4a:72:
                    b2:f1:83:c1:68:b6:80:b9:bc:a1:ca:bb:74:2c:1e:
                    12:9a:7f:f7:21:b0:ff:e0:ad:f8:28:cf:5c:ef:9c:
                    75:bf:af:b4:ce:49:2a:9c:65:75:7b:ae:7c:e7:e8:
                    38:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:6F:C0:40:5D:45:2D:1D:85:39:01:48:89:0A:36:BD:58:BF:63:98
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/jW_AQF1FLR2FOQFIiQo2vVi_Y5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a4c2::/32

    Signature Algorithm: sha256WithRSAEncryption
         3d:a8:cf:47:02:f0:4b:3c:f5:91:e3:79:6a:28:aa:ec:3c:40:
         50:84:e8:ee:19:0e:e4:fa:b0:89:af:2f:85:ab:39:dd:b3:f8:
         14:a8:45:d4:2d:3f:8a:26:4d:2e:c8:2c:04:4a:f4:78:24:e5:
         e1:8e:4c:10:8d:6c:ae:54:f2:66:11:c0:80:94:79:49:25:c2:
         41:5a:28:34:a8:0d:30:32:dd:a1:84:0d:5c:f5:ae:19:5b:fe:
         2e:6f:46:35:a4:25:e5:82:4c:0d:93:78:75:e5:63:8f:4d:45:
         db:91:73:a3:04:c3:33:78:14:d2:0c:6a:d4:c9:9c:6f:da:ff:
         8c:66:19:6b:28:f4:18:d4:fc:2a:a6:c5:83:e2:41:3a:bf:f8:
         42:43:5c:fc:7d:ae:1d:96:9d:81:ed:73:de:0f:50:38:6f:01:
         dc:a2:9b:15:18:81:39:a4:75:f4:59:86:9a:41:9d:30:93:c8:
         52:33:0b:6c:c3:29:2b:47:09:9b:9a:71:c9:11:36:dd:b7:f2:
         5b:cb:6a:d1:ff:d3:56:b3:dd:a1:ce:88:a1:6f:1f:88:a0:2f:
         c1:68:e3:d0:c9:3c:d7:34:48:9a:3b:a6:32:f0:3b:0e:22:91:
         48:64:98:44:d2:67:01:17:1b:50:b6:6c:ac:65:6b:63:3e:24:
         c7:53:13:e6
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZcJIXBZpnR57+hD/cn2TfCFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTI1MjAyNzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDZmYzA0MDVkNDUyZDFkODUzOTAxNDg4OTBhMzZiZDU4YmY2Mzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumtROla5v9pVE/DuoMh770G4dP5y
PwiTR7r9L5YuXtTzNTyUp3ZDUEIb5sloygH/rW3Te7aJzVxyBFHUnixne8U/r0GE
0J5qEkvxO9xTWlNbtWFjO6fAGLgB2b/0MoVk+8eiDYdxeUVOt2M1gfKBcIRnMEBr
bgMOsXdPzmRPtVgOpI6VU5My2EsDZILr2tSDrT8rdYFMXDV707j+tzyD6IGZ7FlL
xFjbi8v5/C2S7wXUeW6vrzx/CzM6aQ6e6ttwtwW46AWTVnCqafKQwXZJSnKy8YPB
aLaAubyhyrt0LB4Smn/3IbD/4K34KM9c75x1v6+0zkkqnGV1e6585+g4TQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFI1vwEBdRS0dhTkBSIkKNr1Yv2OYMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvaldfQVFGMUZMUjJGT1FGSWlRbzJ2VmlfWTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgukwjAN
BgkqhkiG9w0BAQsFAAOCAQEAPajPRwLwSzz1keN5aiiq7DxAUITo7hkO5Pqwia8v
has53bP4FKhF1C0/iiZNLsgsBEr0eCTl4Y5MEI1srlTyZhHAgJR5SSXCQVooNKgN
MDLdoYQNXPWuGVv+Lm9GNaQl5YJMDZN4deVjj01F25FzowTDM3gU0gxq1Mmcb9r/
jGYZayj0GNT8KqbFg+JBOr/4QkNc/H2uHZadge1z3g9QOG8B3KKbFRiBOaR19FmG
mkGdMJPIUjMLbMMpK0cJm5pxyRE23bfyW8tq0f/TVrPdoc6IoW8fiKAvwWjj0Mk8
1zRImjumMvA7DiKRSGSYRNJnARcbULZsrGVrYz4kx1MT5g==
-----END CERTIFICATE-----