Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/uFgO3BPoYDCOEJPdE8IKSfZVuTc.roa
File:                     uFgO3BPoYDCOEJPdE8IKSfZVuTc.roa (raw, json)
Hash identifier:          a2R/UNG/E5Qy1m4HdasfmQ7L4oE3yawNJRmsiCA2Gfc=
Subject key identifier:   B8:58:0E:DC:13:E8:60:30:8E:10:93:DD:13:C2:0A:49:F6:55:B9:37
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019E89737D94E838C201162C9D4DB4F62153
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/uFgO3BPoYDCOEJPdE8IKSfZVuTc.roa
Signing time:             Tue 02 Jun 2026 17:48:27 +0000
ROA not before:           Tue 02 Jun 2026 17:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216215
IP address blocks:        2a0b:a4c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 05 Jun 2026 05:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:89:73:7d:94:e8:38:c2:01:16:2c:9d:4d:b4:f6:21:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun  2 17:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b8580edc13e860308e1093dd13c20a49f655b937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:cc:90:41:73:3d:b6:23:17:63:31:e2:3d:e9:
                    32:2e:4a:f2:ca:6c:3e:5a:2c:44:0a:b5:75:b7:39:
                    3b:07:8e:70:f4:da:1b:5d:3c:ba:f2:7c:96:c8:04:
                    2c:bb:e2:31:98:f9:a2:32:b6:6d:25:f7:15:45:f2:
                    ed:a5:79:18:d3:49:ed:b3:13:98:f9:84:e2:d0:ec:
                    ee:a2:6f:51:12:fe:fc:52:81:ce:b2:89:de:ad:2d:
                    bd:95:ea:05:be:ec:ae:62:35:f8:4b:5f:04:c8:ff:
                    9f:59:dc:3f:5a:d0:41:a8:c1:b7:24:5a:71:61:9f:
                    ca:55:3f:6c:e3:5e:37:87:6c:3e:1a:98:72:9b:01:
                    97:2d:f1:ab:91:93:a0:4a:bb:ca:26:bb:63:81:e4:
                    cb:bc:45:b7:24:b8:f7:ce:8f:1f:b3:36:61:b3:3e:
                    d3:98:8a:2a:8d:82:34:7c:56:01:4f:96:24:f7:4f:
                    57:5b:f7:a2:1d:2a:f3:93:7e:73:a9:2e:eb:f7:8e:
                    d8:eb:fd:b3:08:78:1a:40:eb:45:97:8a:35:3f:de:
                    03:55:3f:e7:0d:e6:aa:8d:01:0f:a1:e4:74:95:aa:
                    5f:24:90:ba:8d:78:4c:fb:5e:ec:54:36:6f:15:ad:
                    5e:ed:35:67:c9:be:50:69:32:3f:18:62:d6:45:2a:
                    81:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:58:0E:DC:13:E8:60:30:8E:10:93:DD:13:C2:0A:49:F6:55:B9:37
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/uFgO3BPoYDCOEJPdE8IKSfZVuTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:a4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         a6:50:d0:ab:8b:7b:6d:61:a1:d2:2f:e5:d9:e3:31:d1:a2:da:
         d2:a7:5b:58:27:27:2f:af:43:c6:b6:51:21:3d:5a:e2:ba:62:
         0f:a2:e0:22:e6:ae:a3:f9:a9:36:fc:4e:49:80:3e:8d:c0:33:
         02:4f:29:da:5d:9f:15:1d:46:9a:fc:d3:e5:9b:54:a5:23:fd:
         77:7e:6f:70:3b:8e:96:34:92:a5:f5:b7:f6:3a:b0:ba:7e:a0:
         a3:21:9a:39:fe:fd:c0:83:16:6e:4a:d5:e9:81:61:be:ef:e5:
         a0:36:98:8c:68:3f:7a:7f:ee:36:54:bc:00:3d:0a:17:b9:e9:
         4e:64:4e:a0:af:d1:e2:a6:fb:bc:89:0e:7b:ae:13:3a:96:24:
         cc:1b:7e:5b:70:ea:59:09:9e:f6:03:bf:f2:7b:f1:6c:52:e8:
         f7:9f:8a:ad:b4:74:dc:76:3c:bc:fa:83:6e:e7:04:a6:a2:98:
         fe:a1:7e:97:c6:c7:d5:50:9a:db:fb:e4:60:34:4c:74:28:5f:
         af:3b:a1:1b:ec:d0:4d:83:7d:e8:0d:45:64:96:c9:35:be:c3:
         58:23:93:23:ee:29:7a:ac:09:77:74:5e:c9:60:4b:8b:4c:8a:
         d5:f7:55:43:73:3b:77:55:4d:0f:ef:e9:45:4b:f8:74:bc:df:
         1e:af:37:d5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ6Jc32U6DjCARYsnU209iFTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNjAyMTc0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODU4MGVkYzEzZTg2MDMwOGUxMDkzZGQxM2MyMGE0OWY2NTViOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArcyQQXM9tiMXYzHiPekyLkryymw+
WixECrV1tzk7B45w9NobXTy68nyWyAQsu+IxmPmiMrZtJfcVRfLtpXkY00ntsxOY
+YTi0Ozuom9REv78UoHOsonerS29leoFvuyuYjX4S18EyP+fWdw/WtBBqMG3JFpx
YZ/KVT9s4143h2w+GphymwGXLfGrkZOgSrvKJrtjgeTLvEW3JLj3zo8fszZhsz7T
mIoqjYI0fFYBT5Yk909XW/eiHSrzk35zqS7r947Y6/2zCHgaQOtFl4o1P94DVT/n
DeaqjQEPoeR0lapfJJC6jXhM+17sVDZvFa1e7TVnyb5QaTI/GGLWRSqBbwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLhYDtwT6GAwjhCT3RPCCkn2Vbk3MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvdUZnTzNCUG9ZRENPRUpQZEU4SUtTZlpWdVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgukwDAN
BgkqhkiG9w0BAQsFAAOCAQEAplDQq4t7bWGh0i/l2eMx0aLa0qdbWCcnL69DxrZR
IT1a4rpiD6LgIuauo/mpNvxOSYA+jcAzAk8p2l2fFR1GmvzT5ZtUpSP9d35vcDuO
ljSSpfW39jqwun6goyGaOf79wIMWbkrV6YFhvu/loDaYjGg/en/uNlS8AD0KF7np
TmROoK/R4qb7vIkOe64TOpYkzBt+W3DqWQme9gO/8nvxbFLo95+KrbR03HY8vPqD
bucEpqKY/qF+l8bH1VCa2/vkYDRMdChfrzuhG+zQTYN96A1FZJbJNb7DWCOTI+4p
eqwJd3ReyWBLi0yK1fdVQ3M7d1VND+/pRUv4dLzfHq831Q==
-----END CERTIFICATE-----