Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/tgSRqnQnZUD0Fu4ANbQFDigMoEo.roa
File:                     tgSRqnQnZUD0Fu4ANbQFDigMoEo.roa (raw, json)
Hash identifier:          NZR02viri4xDg6oLTnJWANSbonEFpMqlapgOxg1s9+0=
Subject key identifier:   B6:04:91:AA:74:27:65:40:F4:16:EE:00:35:B4:05:0E:28:0C:A0:4A
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019E82501667A257FCEE27623127FEEFC0C8
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/tgSRqnQnZUD0Fu4ANbQFDigMoEo.roa
Signing time:             Mon 01 Jun 2026 08:32:27 +0000
ROA not before:           Mon 01 Jun 2026 08:32:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214266
IP address blocks:        2a13:d140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:50:16:67:a2:57:fc:ee:27:62:31:27:fe:ef:c0:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun  1 08:32:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b60491aa74276540f416ee0035b4050e280ca04a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:a0:64:02:25:96:ea:d6:8b:c5:9e:9d:78:92:
                    f9:84:aa:c8:c4:ec:76:a0:13:51:4e:9d:17:7d:51:
                    f9:27:ce:2d:07:5b:01:2a:e8:cf:f7:b4:66:80:1a:
                    48:dd:30:69:9d:ab:55:fa:39:cd:3a:77:16:8a:15:
                    60:2d:a4:d8:c3:17:73:e4:ba:50:13:4f:bd:1b:99:
                    16:62:f6:fc:9c:c0:9a:ae:86:8a:ce:0e:56:96:3e:
                    b9:21:5c:c0:d8:bd:ce:07:d9:71:b1:ce:42:34:7d:
                    6d:45:51:50:2e:74:25:85:2c:97:f6:07:70:43:b4:
                    48:75:28:15:64:9b:1c:73:c9:2c:2e:f2:bb:e0:3f:
                    6a:08:93:aa:e3:8a:be:99:5d:c2:cf:1d:9e:9f:6d:
                    37:f5:dc:7b:64:f5:ff:a8:78:af:7f:3c:1f:44:d0:
                    69:79:34:89:78:0b:e5:ec:3f:1a:9a:83:e5:1f:3b:
                    d3:9c:61:36:92:d4:c7:b8:f2:94:88:cf:c3:95:3a:
                    ea:17:94:c7:b1:d0:09:25:a7:04:63:66:be:bc:ea:
                    de:67:50:c9:f7:11:29:b7:d3:c4:0f:eb:aa:cd:cf:
                    f1:9c:33:54:a1:b2:5d:36:70:1a:a0:50:68:a5:80:
                    12:b0:28:ac:f4:e9:65:09:50:22:56:ed:e1:a3:23:
                    e3:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:04:91:AA:74:27:65:40:F4:16:EE:00:35:B4:05:0E:28:0C:A0:4A
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/tgSRqnQnZUD0Fu4ANbQFDigMoEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:d140::/29

    Signature Algorithm: sha256WithRSAEncryption
         af:3e:e3:61:4b:a0:cf:b7:37:af:95:74:53:52:46:00:40:35:
         ab:89:64:66:20:4e:71:ae:7f:d9:12:ca:fb:9c:98:f9:97:87:
         7f:c7:52:14:19:6f:6c:d2:93:51:bc:20:c3:21:85:12:c9:07:
         9c:22:bd:2a:20:66:2a:d2:7b:7d:28:ba:98:16:e2:2e:73:8a:
         8c:ca:28:35:1a:19:02:8a:60:a9:01:6e:49:60:81:45:2e:cc:
         66:46:7a:db:81:96:f8:a9:94:cd:a2:89:07:74:b4:51:f7:c4:
         a8:e5:c5:37:9d:0b:0f:62:5f:6f:90:39:e9:29:52:0e:06:08:
         18:6c:6c:7b:c2:7c:52:1a:5b:7b:57:6f:8f:42:4b:99:4e:ee:
         db:9d:ae:00:19:2d:1f:a0:a1:c0:72:f8:e7:11:d9:a7:2b:1a:
         06:de:ee:b8:5f:c4:24:3a:d7:86:0c:56:05:b7:66:de:92:0f:
         56:b4:a2:ed:c3:7f:d2:7d:72:2d:98:f2:d6:0f:3c:95:36:b0:
         9a:a6:db:98:78:76:18:ec:8e:27:13:47:10:e1:fc:02:65:c1:
         db:2f:a9:8e:ce:6c:34:61:e5:e2:be:10:4d:44:0f:85:c3:1a:
         e5:75:18:6b:8e:54:c9:8f:27:43:ff:d0:96:98:71:83:c1:56:
         7a:de:9e:bc
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6CUBZnolf87idiMSf+78DIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNjAxMDgzMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjA0OTFhYTc0Mjc2NTQwZjQxNmVlMDAzNWI0MDUwZTI4MGNhMDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkqBkAiWW6taLxZ6deJL5hKrIxOx2
oBNRTp0XfVH5J84tB1sBKujP97RmgBpI3TBpnatV+jnNOncWihVgLaTYwxdz5LpQ
E0+9G5kWYvb8nMCaroaKzg5Wlj65IVzA2L3OB9lxsc5CNH1tRVFQLnQlhSyX9gdw
Q7RIdSgVZJscc8ksLvK74D9qCJOq44q+mV3Czx2en2039dx7ZPX/qHivfzwfRNBp
eTSJeAvl7D8amoPlHzvTnGE2ktTHuPKUiM/DlTrqF5THsdAJJacEY2a+vOreZ1DJ
9xEpt9PED+uqzc/xnDNUobJdNnAaoFBopYASsCis9OllCVAiVu3hoyPjYwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLYEkap0J2VA9BbuADW0BQ4oDKBKMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvdGdTUnFuUW5aVUQwRnU0QU5iUUZEaWdNb0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPRQDAN
BgkqhkiG9w0BAQsFAAOCAQEArz7jYUugz7c3r5V0U1JGAEA1q4lkZiBOca5/2RLK
+5yY+ZeHf8dSFBlvbNKTUbwgwyGFEskHnCK9KiBmKtJ7fSi6mBbiLnOKjMooNRoZ
AopgqQFuSWCBRS7MZkZ624GW+KmUzaKJB3S0UffEqOXFN50LD2Jfb5A56SlSDgYI
GGxse8J8Uhpbe1dvj0JLmU7u252uABktH6ChwHL45xHZpysaBt7uuF/EJDrXhgxW
Bbdm3pIPVrSi7cN/0n1yLZjy1g88lTawmqbbmHh2GOyOJxNHEOH8AmXB2y+pjs5s
NGHl4r4QTUQPhcMa5XUYa45UyY8nQ//Qlphxg8FWet6evA==
-----END CERTIFICATE-----