Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/qgaVtMG-ojykgXMOKJGYVZtJ6Mw.roa
File:                     qgaVtMG-ojykgXMOKJGYVZtJ6Mw.roa (raw, json)
Hash identifier:          XEyZ6wW+iDEC/a8wABAnaZQWU4pTCM3lBtDUlv+Gfbc=
Subject key identifier:   AA:06:95:B4:C1:BE:A2:3C:A4:81:73:0E:28:91:98:55:9B:49:E8:CC
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019906A1938A23502F4430EC5B2009A13EDA
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/qgaVtMG-ojykgXMOKJGYVZtJ6Mw.roa
Signing time:             Mon 01 Sep 2025 18:54:36 +0000
ROA not before:           Mon 01 Sep 2025 18:54:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215420
IP address blocks:        2a13:d140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Sep 2025 02:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:06:a1:93:8a:23:50:2f:44:30:ec:5b:20:09:a1:3e:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Sep  1 18:54:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=aa0695b4c1bea23ca481730e289198559b49e8cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:1f:e1:24:30:1c:3c:c2:da:a2:5d:cb:70:69:
                    59:e8:e6:16:28:87:a9:35:04:98:75:2f:56:30:95:
                    b5:17:28:40:27:35:bd:cb:f2:6e:c0:a5:f8:5c:18:
                    45:2c:42:37:30:18:93:28:22:77:ea:64:59:c4:1d:
                    ac:01:8f:4d:ad:39:32:4d:26:ab:96:ed:c6:66:fc:
                    d1:d7:e8:b6:db:09:2b:78:0c:ff:02:93:51:e8:68:
                    58:b3:58:4f:3a:3b:10:b5:38:35:f5:08:b5:94:ee:
                    97:f5:28:7f:9d:68:55:85:a5:2e:e4:4e:4b:a2:d6:
                    17:c7:60:dd:62:e2:2c:ba:40:ea:5b:91:0c:ff:79:
                    26:72:2e:bc:f5:da:94:c0:b0:71:81:7a:ec:8d:c2:
                    f7:6d:c6:e4:1c:9f:ee:47:ae:b7:cd:14:1f:cc:6b:
                    5b:38:68:72:48:95:6a:2b:cf:c5:81:f1:ea:e4:57:
                    f0:46:49:28:b4:51:9d:00:2a:cd:39:c1:4e:77:85:
                    0f:be:08:cb:10:c0:dd:b6:57:e1:95:63:15:5a:4e:
                    28:96:d5:bd:2c:9e:6c:e3:cf:33:44:38:62:e8:5c:
                    5d:69:4c:50:dc:f5:21:18:25:24:9c:65:eb:9b:0f:
                    22:f8:9a:69:f4:3a:6c:a7:bc:83:52:e4:4c:89:c0:
                    da:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:06:95:B4:C1:BE:A2:3C:A4:81:73:0E:28:91:98:55:9B:49:E8:CC
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/qgaVtMG-ojykgXMOKJGYVZtJ6Mw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d140::/29

    Signature Algorithm: sha256WithRSAEncryption
         14:91:ca:a3:05:22:7a:81:c9:e8:41:fe:22:5f:9d:bd:06:e2:
         9d:89:30:da:e1:ba:47:2c:3b:47:9a:ba:f0:c9:49:97:f7:0d:
         c1:25:ae:da:eb:87:18:08:b0:e6:b5:46:88:ca:7e:4a:c4:fe:
         9a:f5:20:cc:f8:e1:94:ec:12:1c:9a:7a:b5:29:7a:d7:3c:19:
         76:33:e5:dd:37:1f:67:20:b9:08:c5:d0:a3:16:1c:f4:76:84:
         92:8d:0e:08:d9:69:6e:22:7a:fa:b5:0c:c9:6f:12:0c:94:20:
         88:19:a3:f0:bc:a5:d5:61:a8:67:b8:1d:87:df:3c:31:cb:d3:
         3e:d5:22:93:c5:40:3b:f9:d0:4b:46:fb:59:db:07:e7:e6:45:
         ab:89:d3:3c:e4:3c:c7:f6:79:42:bc:04:f8:b4:9a:24:56:92:
         19:03:26:83:7a:90:08:23:67:9d:52:43:fc:81:c9:a7:d2:57:
         eb:b3:39:59:37:86:ea:4b:f7:2a:3b:30:d1:a0:5a:1c:55:52:
         aa:77:d1:01:e1:6f:7d:c1:57:74:52:c6:20:2b:a1:f3:a6:6d:
         d3:fa:f3:c2:89:cd:23:bc:ae:e1:a1:a7:3d:6a:09:6f:e0:50:
         61:f2:ee:07:2b:2d:34:0b:f1:d3:75:6c:b6:44:23:8d:0f:0d:
         79:e2:fa:8a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZkGoZOKI1AvRDDsWyAJoT7aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwOTAxMTg1NDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTA2OTViNGMxYmVhMjNjYTQ4MTczMGUyODkxOTg1NTliNDllOGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoR/hJDAcPMLaol3LcGlZ6OYWKIep
NQSYdS9WMJW1FyhAJzW9y/JuwKX4XBhFLEI3MBiTKCJ36mRZxB2sAY9NrTkyTSar
lu3GZvzR1+i22wkreAz/ApNR6GhYs1hPOjsQtTg19Qi1lO6X9Sh/nWhVhaUu5E5L
otYXx2DdYuIsukDqW5EM/3kmci689dqUwLBxgXrsjcL3bcbkHJ/uR663zRQfzGtb
OGhySJVqK8/FgfHq5FfwRkkotFGdACrNOcFOd4UPvgjLEMDdtlfhlWMVWk4oltW9
LJ5s488zRDhi6FxdaUxQ3PUhGCUknGXrmw8i+Jpp9Dpsp7yDUuRMicDaUwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKoGlbTBvqI8pIFzDiiRmFWbSejMMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvcWdhVnRNRy1vanlrZ1hNT0tKR1lWWnRKNk13LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPRQDAN
BgkqhkiG9w0BAQsFAAOCAQEAFJHKowUieoHJ6EH+Il+dvQbinYkw2uG6Ryw7R5q6
8MlJl/cNwSWu2uuHGAiw5rVGiMp+SsT+mvUgzPjhlOwSHJp6tSl61zwZdjPl3Tcf
ZyC5CMXQoxYc9HaEko0OCNlpbiJ6+rUMyW8SDJQgiBmj8Lyl1WGoZ7gdh988McvT
PtUik8VAO/nQS0b7WdsH5+ZFq4nTPOQ8x/Z5QrwE+LSaJFaSGQMmg3qQCCNnnVJD
/IHJp9JX67M5WTeG6kv3Kjsw0aBaHFVSqnfRAeFvfcFXdFLGICuh86Zt0/rzwonN
I7yu4aGnPWoJb+BQYfLuBystNAvx03VstkQjjQ8NeeL6ig==
-----END CERTIFICATE-----