Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/bebb6f-947a-4eac-85b1-36313c532d04/1/ZHdRHQbq9RdpwxPcagNf8YQQV1I.roa
File:                     ZHdRHQbq9RdpwxPcagNf8YQQV1I.roa (raw, json)
Hash identifier:          oqeq1XmqzUbnhfhvQ0hO2K8HUX1JZvHn7wFgkj1mzYI=
Subject key identifier:   64:77:51:1D:06:EA:F5:17:69:C3:13:DC:6A:03:5F:F1:84:10:57:52
Certificate issuer:       /CN=58ff89023b87c0bf8479b9ff4725258613e4f0b5
Certificate serial:       0199432C38F78787E84735E43F1FB22F583A
Authority key identifier: 58:FF:89:02:3B:87:C0:BF:84:79:B9:FF:47:25:25:86:13:E4:F0:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WP-JAjuHwL-Eebn_RyUlhhPk8LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/bebb6f-947a-4eac-85b1-36313c532d04/1/ZHdRHQbq9RdpwxPcagNf8YQQV1I.roa
Signing time:             Sat 13 Sep 2025 13:03:15 +0000
ROA not before:           Sat 13 Sep 2025 13:03:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213200
IP address blocks:        2a07:4b40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/bebb6f-947a-4eac-85b1-36313c532d04/1/WP-JAjuHwL-Eebn_RyUlhhPk8LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/bebb6f-947a-4eac-85b1-36313c532d04/1/WP-JAjuHwL-Eebn_RyUlhhPk8LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WP-JAjuHwL-Eebn_RyUlhhPk8LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:43:2c:38:f7:87:87:e8:47:35:e4:3f:1f:b2:2f:58:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ff89023b87c0bf8479b9ff4725258613e4f0b5
        Validity
            Not Before: Sep 13 13:03:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6477511d06eaf51769c313dc6a035ff184105752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:14:21:00:81:b7:57:a2:67:fc:fe:f8:c7:cb:
                    f5:58:cf:ad:22:79:af:b3:a6:5a:8e:98:40:ba:70:
                    d3:a8:66:05:3b:0c:b1:eb:d6:5f:ef:8b:d9:67:9c:
                    7b:3a:75:55:6a:0d:2f:6e:56:34:d0:15:84:97:86:
                    fa:67:f9:03:4e:05:32:6e:c4:90:4c:ba:0c:3d:db:
                    46:15:76:86:4d:99:91:45:ef:eb:9c:58:c1:51:ed:
                    0d:3b:d7:36:7d:73:f3:21:55:d5:04:4f:1d:d5:cd:
                    26:39:13:82:ed:30:e8:e2:07:54:ea:97:ff:1b:54:
                    a6:c0:41:d3:70:c6:bb:bd:05:b1:e8:14:52:be:64:
                    1e:14:9c:bb:fb:a4:15:39:fd:de:08:7a:10:b4:39:
                    f4:33:82:2b:01:ea:0e:a0:46:ac:f1:30:4b:a3:39:
                    7e:95:b1:31:d0:fa:33:a8:ae:a1:8b:ab:c3:14:19:
                    91:c3:4c:d8:46:e1:dc:b8:59:2f:e4:c1:d6:a0:ac:
                    37:db:01:65:d1:03:fb:c7:2d:87:3c:95:19:42:3b:
                    34:62:0d:ff:62:31:d2:2c:3a:02:d8:d9:47:9d:26:
                    c6:05:2f:53:3f:60:26:18:e3:7c:80:b5:51:f1:69:
                    f2:0d:d4:64:2e:5d:9b:e9:95:ef:ac:c2:8d:99:97:
                    2d:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:77:51:1D:06:EA:F5:17:69:C3:13:DC:6A:03:5F:F1:84:10:57:52
            X509v3 Authority Key Identifier:
                keyid:58:FF:89:02:3B:87:C0:BF:84:79:B9:FF:47:25:25:86:13:E4:F0:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WP-JAjuHwL-Eebn_RyUlhhPk8LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/bebb6f-947a-4eac-85b1-36313c532d04/1/ZHdRHQbq9RdpwxPcagNf8YQQV1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/bebb6f-947a-4eac-85b1-36313c532d04/1/WP-JAjuHwL-Eebn_RyUlhhPk8LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:4b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:c3:b3:e9:55:1e:e9:a9:ef:72:43:0a:11:32:bb:b3:b2:a4:
         9b:fe:44:fa:5e:39:4c:63:28:d8:46:4e:bd:84:fb:71:65:f9:
         68:c6:15:b3:33:a9:bc:a9:5c:f9:f2:e1:3e:7d:1c:d4:37:cf:
         d0:44:19:42:b2:b8:24:f7:95:2a:ad:a2:6d:9b:93:e7:18:c9:
         fa:26:a3:1a:30:d2:17:8d:4b:e9:59:74:1f:ea:ae:7a:26:77:
         f0:6c:67:0b:c5:63:54:4a:ec:6f:95:52:1c:38:27:a8:e3:f5:
         70:a7:ca:f2:4b:f2:78:7e:6c:43:8c:cc:2a:6a:39:64:ac:eb:
         00:f9:1b:63:11:29:e1:c4:79:e8:bf:5b:86:ec:8b:68:42:12:
         ef:58:de:74:80:cb:4f:47:7f:33:b4:a5:47:a4:d5:6c:30:dc:
         38:a2:d8:37:19:ab:36:6e:40:3b:73:5f:0d:68:76:1a:77:b4:
         5e:46:de:1a:97:9c:72:02:54:a5:fd:e9:83:9f:4d:83:4f:f6:
         67:9d:1a:9d:4b:24:da:45:67:f7:17:f7:f7:40:5f:37:9d:47:
         1e:15:77:05:a9:ab:27:f9:4f:20:57:a4:fa:b0:9d:a6:28:3b:
         82:5e:74:e3:fc:20:56:3e:8a:14:db:1b:e3:97:40:20:7d:d1:
         ce:43:6b:c3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZlDLDj3h4foRzXkPx+yL1g6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZmY4OTAyM2I4N2MwYmY4NDc5YjlmZjQ3MjUyNTg2MTNl
NGYwYjUwHhcNMjUwOTEzMTMwMzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDc3NTExZDA2ZWFmNTE3NjljMzEzZGM2YTAzNWZmMTg0MTA1NzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBQhAIG3V6Jn/P74x8v1WM+tInmv
s6ZajphAunDTqGYFOwyx69Zf74vZZ5x7OnVVag0vblY00BWEl4b6Z/kDTgUybsSQ
TLoMPdtGFXaGTZmRRe/rnFjBUe0NO9c2fXPzIVXVBE8d1c0mOROC7TDo4gdU6pf/
G1SmwEHTcMa7vQWx6BRSvmQeFJy7+6QVOf3eCHoQtDn0M4IrAeoOoEas8TBLozl+
lbEx0PozqK6hi6vDFBmRw0zYRuHcuFkv5MHWoKw32wFl0QP7xy2HPJUZQjs0Yg3/
YjHSLDoC2NlHnSbGBS9TP2AmGON8gLVR8WnyDdRkLl2b6ZXvrMKNmZctGwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGR3UR0G6vUXacMT3GoDX/GEEFdSMB8GA1UdIwQY
MBaAFFj/iQI7h8C/hHm5/0clJYYT5PC1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1AtSkFqdUh3TC1FZWJuX1J5VWxoaFBrOExVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9iZWJiNmYtOTQ3YS00ZWFjLTg1YjEt
MzYzMTNjNTMyZDA0LzEvWkhkUkhRYnE5UmRwd3hQY2FnTmY4WVFRVjFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9iZWJiNmYtOTQ3YS00ZWFjLTg1YjEtMzYzMTNjNTMyZDA0
LzEvV1AtSkFqdUh3TC1FZWJuX1J5VWxoaFBrOExVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKgdLQDAN
BgkqhkiG9w0BAQsFAAOCAQEAisOz6VUe6anvckMKETK7s7Kkm/5E+l45TGMo2EZO
vYT7cWX5aMYVszOpvKlc+fLhPn0c1DfP0EQZQrK4JPeVKq2ibZuT5xjJ+iajGjDS
F41L6Vl0H+queiZ38GxnC8VjVErsb5VSHDgnqOP1cKfK8kvyeH5sQ4zMKmo5ZKzr
APkbYxEp4cR56L9bhuyLaEIS71jedIDLT0d/M7SlR6TVbDDcOKLYNxmrNm5AO3Nf
DWh2Gne0XkbeGpeccgJUpf3pg59Ng0/2Z50anUsk2kVn9xf390BfN51HHhV3Bamr
J/lPIFek+rCdpig7gl504/wgVj6KFNsb45dAIH3RzkNrww==
-----END CERTIFICATE-----