Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/uIt2X2SDhvWq8loR7w-rOjU9e7A.roa
File:                     uIt2X2SDhvWq8loR7w-rOjU9e7A.roa (raw, json)
Hash identifier:          insTi+KU+jLbcCCEnd8PKeYfyDOc8/z4yHR/rA1DanQ=
Subject key identifier:   B8:8B:76:5F:64:83:86:F5:AA:F2:5A:11:EF:0F:AB:3A:35:3D:7B:B0
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019577B1DC1A2CDF6BA9345626D03C7A4638
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/uIt2X2SDhvWq8loR7w-rOjU9e7A.roa
Signing time:             Sat 08 Mar 2025 21:38:19 +0000
ROA not before:           Sat 08 Mar 2025 21:38:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213448
IP address blocks:        2a13:5040::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 04:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:77:b1:dc:1a:2c:df:6b:a9:34:56:26:d0:3c:7a:46:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar  8 21:38:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b88b765f648386f5aaf25a11ef0fab3a353d7bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a9:34:77:84:e3:79:d4:33:13:49:0d:80:41:
                    25:89:40:45:2d:98:ea:79:6e:3d:a3:14:69:1a:7d:
                    d6:ec:45:04:78:01:66:ac:20:3d:40:f2:74:8e:fa:
                    d3:83:09:3d:01:17:84:ad:e3:7e:fa:26:ce:e6:46:
                    3b:4c:3a:02:7d:21:50:c2:3b:06:f5:02:3c:54:d1:
                    2a:18:ba:bb:90:81:2a:a6:90:f5:5b:4e:2f:cd:fc:
                    8f:1b:16:0b:9b:e6:6f:bb:41:3f:59:fd:ef:b7:ed:
                    46:35:f2:e0:2a:0f:20:88:f3:66:a2:49:93:54:a6:
                    0d:a7:70:35:c5:ac:a0:ad:56:f0:ee:79:86:3d:6e:
                    0e:ef:b1:c7:1c:1c:4d:a4:10:ea:57:60:31:51:c0:
                    8a:56:ec:f4:87:db:a9:9a:8e:fa:5d:96:c5:03:79:
                    e8:ce:d2:1e:b1:d8:a9:d1:36:78:26:39:07:27:de:
                    f4:33:a0:64:16:50:3d:a7:d1:64:24:d8:95:49:dd:
                    3d:ba:2e:8d:d8:f5:c7:5c:19:60:c0:18:3f:9b:d5:
                    54:62:d7:b2:d0:8e:a5:08:8c:53:13:54:08:de:25:
                    4a:b6:d7:cb:f4:21:19:38:8d:07:31:30:07:25:0f:
                    e0:66:73:eb:72:f3:a7:99:9c:41:f4:85:13:f4:84:
                    ac:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:8B:76:5F:64:83:86:F5:AA:F2:5A:11:EF:0F:AB:3A:35:3D:7B:B0
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/uIt2X2SDhvWq8loR7w-rOjU9e7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:5040::/29

    Signature Algorithm: sha256WithRSAEncryption
         29:1b:c5:ff:5c:3c:1b:3c:f6:2c:78:8b:cd:a4:4b:4a:04:4a:
         61:cc:30:78:00:7b:ce:c0:06:e7:1e:b3:06:8e:9f:7c:90:ba:
         f8:1f:c5:5d:55:f1:a6:d0:4e:73:90:3e:fb:87:50:53:10:99:
         d5:b2:86:52:b4:91:8e:86:c0:3f:e7:61:38:a2:4d:0c:00:de:
         62:9d:e0:82:08:bb:ee:d5:2a:bb:42:c6:aa:86:49:cd:6d:97:
         fb:86:30:67:79:b6:54:fe:5f:5b:18:9b:c6:03:3a:96:22:d0:
         45:fd:8f:80:91:15:d8:a7:01:d9:f4:04:de:76:a8:4e:ea:c3:
         47:b9:19:fb:07:6c:f7:b7:9d:f9:26:7c:04:71:ea:07:62:55:
         91:0e:25:41:90:6a:33:ed:02:61:a2:73:20:73:ea:a4:0f:20:
         5d:27:4a:55:3f:c2:4f:0b:f2:63:05:5e:f0:99:cb:f9:43:5f:
         8a:21:42:d0:ef:ec:62:9b:e5:d0:c2:d1:fa:ad:53:9c:b1:31:
         aa:69:cc:30:60:34:36:77:c4:28:bb:61:76:4b:f5:b5:96:24:
         97:fe:08:00:30:91:7e:d2:8d:22:c8:46:c8:27:c5:27:17:de:
         36:d2:db:98:0c:8c:5c:67:a9:1d:9c:f8:a3:fe:2b:a2:51:ff:
         a4:be:90:17
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZV3sdwaLN9rqTRWJtA8ekY4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwMzA4MjEzODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODhiNzY1ZjY0ODM4NmY1YWFmMjVhMTFlZjBmYWIzYTM1M2Q3YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ak0d4TjedQzE0kNgEEliUBFLZjq
eW49oxRpGn3W7EUEeAFmrCA9QPJ0jvrTgwk9AReEreN++ibO5kY7TDoCfSFQwjsG
9QI8VNEqGLq7kIEqppD1W04vzfyPGxYLm+Zvu0E/Wf3vt+1GNfLgKg8giPNmokmT
VKYNp3A1xaygrVbw7nmGPW4O77HHHBxNpBDqV2AxUcCKVuz0h9upmo76XZbFA3no
ztIesdip0TZ4JjkHJ970M6BkFlA9p9FkJNiVSd09ui6N2PXHXBlgwBg/m9VUYtey
0I6lCIxTE1QI3iVKttfL9CEZOI0HMTAHJQ/gZnPrcvOnmZxB9IUT9ISsEwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLiLdl9kg4b1qvJaEe8Pqzo1PXuwMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvdUl0MlgyU0RodldxOGxvUjd3LXJPalU5ZTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhNQQDAN
BgkqhkiG9w0BAQsFAAOCAQEAKRvF/1w8Gzz2LHiLzaRLSgRKYcwweAB7zsAG5x6z
Bo6ffJC6+B/FXVXxptBOc5A++4dQUxCZ1bKGUrSRjobAP+dhOKJNDADeYp3gggi7
7tUqu0LGqoZJzW2X+4YwZ3m2VP5fWxibxgM6liLQRf2PgJEV2KcB2fQE3naoTurD
R7kZ+wds97ed+SZ8BHHqB2JVkQ4lQZBqM+0CYaJzIHPqpA8gXSdKVT/CTwvyYwVe
8JnL+UNfiiFC0O/sYpvl0MLR+q1TnLExqmnMMGA0NnfEKLthdkv1tZYkl/4IADCR
ftKNIshGyCfFJxfeNtLbmAyMXGepHZz4o/4rolH/pL6QFw==
-----END CERTIFICATE-----