Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/x0R7ucAas_Uach6E-eJfiMGpS4w.roa
File:                     x0R7ucAas_Uach6E-eJfiMGpS4w.roa (raw, json)
Hash identifier:          IQs+ud1QQwwHaivveC+ZD83TtQFco/6/nWMvBWT5GyU=
Subject key identifier:   C7:44:7B:B9:C0:1A:B3:F5:1A:72:1E:84:F9:E2:5F:88:C1:A9:4B:8C
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0196CE0EFB6C70FE69EC799202BE11F74D97
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/x0R7ucAas_Uach6E-eJfiMGpS4w.roa
Signing time:             Wed 14 May 2025 09:10:10 +0000
ROA not before:           Wed 14 May 2025 09:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205227
IP address blocks:        2a0f:63c4::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:0e:fb:6c:70:fe:69:ec:79:92:02:be:11:f7:4d:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 14 09:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7447bb9c01ab3f51a721e84f9e25f88c1a94b8c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:56:87:be:b4:e0:e8:16:99:fe:14:b3:1f:8b:
                    d9:f4:bc:8b:9a:2d:23:64:e3:1f:e6:38:31:c9:40:
                    56:54:c9:b2:7c:88:31:95:f0:6a:d8:a9:b0:db:82:
                    62:82:27:e4:ce:46:0a:1b:37:53:1c:02:cf:24:71:
                    e1:a5:a6:f0:37:65:92:be:74:d1:51:a9:81:f3:e8:
                    02:d0:bc:79:9e:f6:fb:70:42:69:c0:36:fa:1c:c7:
                    e7:f8:63:e7:3d:40:5d:ed:94:46:24:4f:93:57:7c:
                    3d:80:c1:61:aa:75:67:0d:15:53:93:06:4a:d9:06:
                    a4:34:93:d4:2d:41:60:85:b0:5e:4a:05:41:48:db:
                    57:a5:ca:eb:2d:cb:b2:35:6d:37:84:e7:9a:b5:af:
                    1f:9c:99:78:0e:88:a9:bf:d5:2d:e0:78:8e:ac:73:
                    f0:fb:0a:53:29:d6:66:75:2b:8a:d2:90:af:95:8b:
                    5a:c3:52:42:01:12:55:0d:a6:9f:51:ca:0e:82:75:
                    ea:04:ab:05:3b:6f:a3:d8:39:78:5f:bb:db:79:02:
                    ca:ec:22:72:09:f6:76:fd:11:2f:d4:9f:78:56:5f:
                    e6:3f:bb:fc:49:3b:a8:06:97:7a:f8:34:2d:5d:bc:
                    03:ec:3a:24:bb:fa:3d:bc:b2:53:d7:92:9b:60:e2:
                    63:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:44:7B:B9:C0:1A:B3:F5:1A:72:1E:84:F9:E2:5F:88:C1:A9:4B:8C
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/x0R7ucAas_Uach6E-eJfiMGpS4w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:63c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:0c:c1:e4:de:35:6f:5a:7b:c0:63:bd:e9:8f:b1:a8:ea:66:
         c2:85:1b:cf:ca:c0:45:fd:a7:61:25:28:e7:2b:29:4c:9b:0a:
         1f:b0:48:c3:66:38:fe:07:a6:8c:0c:b4:a4:10:7b:ae:70:2a:
         01:89:e3:05:db:32:9c:c1:f6:1a:65:3e:0f:78:b0:d0:ab:bd:
         5f:2f:56:0b:73:84:55:40:ab:2a:8a:1b:ec:d0:84:64:35:0c:
         d9:c2:b4:85:aa:ff:5d:41:d2:d4:d5:30:89:14:e2:45:47:9b:
         77:8b:a7:54:c8:78:08:54:bd:fa:ca:32:a5:72:4c:5c:20:7c:
         87:8a:2d:f3:15:15:e9:d8:f0:fb:6f:eb:31:dd:61:69:d7:50:
         92:07:ee:11:4f:f2:82:6a:a6:4b:fc:c6:68:6f:01:a5:af:cc:
         7b:ea:34:9e:2f:ee:b6:52:46:fd:73:7c:55:dd:bf:27:9b:d4:
         6f:06:29:32:8c:69:66:9b:ae:f8:b8:08:97:ac:a6:4e:40:19:
         b0:52:88:77:5b:cd:d5:1c:3f:5c:8e:df:b5:99:ac:75:66:a8:
         ca:9c:4e:e9:8e:cf:00:3a:35:d9:32:9a:01:6b:10:d1:ae:ad:
         a1:c3:16:59:28:ff:a5:2e:bf:9d:65:40:db:07:e2:6d:4a:79:
         7d:3d:63:b4
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZbODvtscP5p7HmSAr4R902XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTE0MDkxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzQ0N2JiOWMwMWFiM2Y1MWE3MjFlODRmOWUyNWY4OGMxYTk0YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVaHvrTg6BaZ/hSzH4vZ9LyLmi0j
ZOMf5jgxyUBWVMmyfIgxlfBq2Kmw24JigifkzkYKGzdTHALPJHHhpabwN2WSvnTR
UamB8+gC0Lx5nvb7cEJpwDb6HMfn+GPnPUBd7ZRGJE+TV3w9gMFhqnVnDRVTkwZK
2QakNJPULUFghbBeSgVBSNtXpcrrLcuyNW03hOeata8fnJl4Doipv9Ut4HiOrHPw
+wpTKdZmdSuK0pCvlYtaw1JCARJVDaafUcoOgnXqBKsFO2+j2Dl4X7vbeQLK7CJy
CfZ2/REv1J94Vl/mP7v8STuoBpd6+DQtXbwD7Doku/o9vLJT15KbYOJjFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMdEe7nAGrP1GnIehPniX4jBqUuMMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEveDBSN3VjQWFzX1VhY2g2RS1lSmZpTUdwUzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKg9jxDAN
BgkqhkiG9w0BAQsFAAOCAQEApgzB5N41b1p7wGO96Y+xqOpmwoUbz8rARf2nYSUo
5yspTJsKH7BIw2Y4/gemjAy0pBB7rnAqAYnjBdsynMH2GmU+D3iw0Ku9Xy9WC3OE
VUCrKoob7NCEZDUM2cK0har/XUHS1NUwiRTiRUebd4unVMh4CFS9+soypXJMXCB8
h4ot8xUV6djw+2/rMd1haddQkgfuEU/ygmqmS/zGaG8Bpa/Me+o0ni/utlJG/XN8
Vd2/J5vUbwYpMoxpZpuu+LgIl6ymTkAZsFKId1vN1Rw/XI7ftZmsdWaoypxO6Y7P
ADo12TKaAWsQ0a6tocMWWSj/pS6/nWVA2wfibUp5fT1jtA==
-----END CERTIFICATE-----