Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/llZgG8Y-q78YQeKYfpEfukiXHZw.roa
File:                     llZgG8Y-q78YQeKYfpEfukiXHZw.roa (raw, json)
Hash identifier:          750jurlzT+SnwXi+SNTPI/rfnPKw6g8CUFkTXOgWdgo=
Subject key identifier:   96:56:60:1B:C6:3E:AB:BF:18:41:E2:98:7E:91:1F:BA:48:97:1D:9C
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0195683C9E8666E9004838A8D654ED5ED66B
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/llZgG8Y-q78YQeKYfpEfukiXHZw.roa
Signing time:             Wed 05 Mar 2025 21:35:58 +0000
ROA not before:           Wed 05 Mar 2025 21:35:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205659
IP address blocks:        2a10:3e80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 10:01:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:68:3c:9e:86:66:e9:00:48:38:a8:d6:54:ed:5e:d6:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar  5 21:35:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9656601bc63eabbf1841e2987e911fba48971d9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:3f:1c:f5:c3:af:2f:34:da:0b:f9:07:cf:
                    38:29:82:b2:2b:7a:b8:3c:3a:b7:72:bd:32:89:7a:
                    bc:37:76:b8:c2:71:0c:4d:b0:d5:c2:ff:1a:d7:7d:
                    c8:fb:6b:9e:c8:f3:be:33:53:fb:7c:a6:77:b7:2c:
                    8b:ee:b8:0d:a1:42:b7:68:98:aa:1f:0d:1d:cd:20:
                    27:4a:84:a3:1f:0d:02:e7:fc:41:09:70:11:41:ad:
                    be:8d:1d:7e:bf:55:fe:98:6c:05:b9:dd:78:4b:13:
                    42:b1:0f:b0:a3:14:63:56:eb:e0:2e:05:99:81:b5:
                    3f:70:ae:fb:fa:d7:85:10:6c:85:bd:76:98:2b:4d:
                    2d:79:09:d4:e7:bb:e8:5e:e6:ac:e8:37:29:25:05:
                    ec:e5:95:15:a1:59:b3:b3:00:e4:02:d3:c4:8b:e0:
                    13:74:42:ca:a3:46:99:c9:42:29:c9:2a:99:d5:a6:
                    f8:14:eb:25:67:39:05:16:ab:fa:b1:c3:e3:ab:39:
                    d9:b0:c3:47:22:bc:d5:d6:0e:da:ed:3b:23:bc:2a:
                    f1:4b:08:96:1d:a7:ea:55:10:58:bf:c5:2c:32:cb:
                    61:f2:46:4f:4b:38:b0:e8:71:82:f8:0d:23:88:52:
                    1d:ab:67:78:2a:59:d7:74:94:64:22:91:6b:0a:e5:
                    dd:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:56:60:1B:C6:3E:AB:BF:18:41:E2:98:7E:91:1F:BA:48:97:1D:9C
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/llZgG8Y-q78YQeKYfpEfukiXHZw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:3e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         38:55:8c:95:8f:e4:c8:59:dc:17:00:59:41:ca:b2:80:5b:f5:
         86:7f:14:cc:f5:92:69:7d:6f:25:4c:2f:91:a2:c5:33:2a:4b:
         81:33:96:51:b5:92:31:b5:77:b0:8d:2c:00:20:19:18:b7:ec:
         80:84:28:a0:09:db:5c:61:56:89:61:1d:11:26:70:90:c4:8d:
         78:28:3f:84:88:9e:32:c5:ea:ae:af:c6:ae:14:73:b5:e1:a6:
         15:5f:37:8b:6e:71:03:06:17:f5:c0:62:23:21:d5:d6:d7:1f:
         f8:bb:3c:79:fd:19:a7:2a:a5:5a:62:e3:11:2b:c2:68:80:95:
         8c:96:17:9d:5d:91:34:1f:ba:b4:54:d2:83:69:1c:22:a7:5d:
         cb:d7:7d:a9:6f:b4:1f:64:31:5f:87:1d:13:38:67:f6:10:df:
         d9:5e:0a:70:1d:f3:07:a5:af:5c:8e:da:4b:97:55:61:af:eb:
         a3:0b:4b:06:d3:3c:94:77:89:94:23:68:1b:67:a1:ed:5e:6f:
         6d:6e:f9:62:ad:c6:d4:fa:11:f1:91:df:4d:a1:f2:68:ae:89:
         6d:c5:c0:17:6d:f4:70:83:99:99:0a:56:33:60:4d:17:67:dd:
         cf:79:d3:3a:e0:a0:1c:a4:a7:bc:01:8d:91:5d:cb:28:a7:1c:
         5c:5d:c9:21
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVoPJ6GZukASDio1lTtXtZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwMzA1MjEzNTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjU2NjAxYmM2M2VhYmJmMTg0MWUyOTg3ZTkxMWZiYTQ4OTcxZDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0c/HPXDry802gv5B884KYKyK3q4
PDq3cr0yiXq8N3a4wnEMTbDVwv8a133I+2ueyPO+M1P7fKZ3tyyL7rgNoUK3aJiq
Hw0dzSAnSoSjHw0C5/xBCXARQa2+jR1+v1X+mGwFud14SxNCsQ+woxRjVuvgLgWZ
gbU/cK77+teFEGyFvXaYK00teQnU57voXuas6DcpJQXs5ZUVoVmzswDkAtPEi+AT
dELKo0aZyUIpySqZ1ab4FOslZzkFFqv6scPjqznZsMNHIrzV1g7a7TsjvCrxSwiW
HafqVRBYv8UsMsth8kZPSziw6HGC+A0jiFIdq2d4KlnXdJRkIpFrCuXd2QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFJZWYBvGPqu/GEHimH6RH7pIlx2cMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvbGxaZ0c4WS1xNzhZUWVLWWZwRWZ1a2lYSFp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhA+gDAN
BgkqhkiG9w0BAQsFAAOCAQEAOFWMlY/kyFncFwBZQcqygFv1hn8UzPWSaX1vJUwv
kaLFMypLgTOWUbWSMbV3sI0sACAZGLfsgIQooAnbXGFWiWEdESZwkMSNeCg/hIie
MsXqrq/GrhRzteGmFV83i25xAwYX9cBiIyHV1tcf+Ls8ef0ZpyqlWmLjESvCaICV
jJYXnV2RNB+6tFTSg2kcIqddy9d9qW+0H2QxX4cdEzhn9hDf2V4KcB3zB6WvXI7a
S5dVYa/rowtLBtM8lHeJlCNoG2eh7V5vbW75Yq3G1PoR8ZHfTaHyaK6JbcXAF230
cIOZmQpWM2BNF2fdz3nTOuCgHKSnvAGNkV3LKKccXF3JIQ==
-----END CERTIFICATE-----