Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/0tiYDHvXqGLRCP5CB6fwB-Pbi9c.roa
File:                     0tiYDHvXqGLRCP5CB6fwB-Pbi9c.roa (raw, json)
Hash identifier:          AJ+4ihGapnoBabpDsAx4s+j1CS00hMfcr4CQTIkeuLg=
Subject key identifier:   D2:D8:98:0C:7B:D7:A8:62:D1:08:FE:42:07:A7:F0:07:E3:DB:8B:D7
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0196CE0E114C0EB3E8738CB7C85A8EBD5E0E
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/0tiYDHvXqGLRCP5CB6fwB-Pbi9c.roa
Signing time:             Wed 14 May 2025 09:09:10 +0000
ROA not before:           Wed 14 May 2025 09:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202511
IP address blocks:        2a0f:63c2::/32 maxlen: 32
                          2a13:be47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 12:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:0e:11:4c:0e:b3:e8:73:8c:b7:c8:5a:8e:bd:5e:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 14 09:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d2d8980c7bd7a862d108fe4207a7f007e3db8bd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:06:83:df:fd:da:6d:1f:d3:7d:2a:f3:86:b4:
                    95:bb:84:0c:ee:12:94:8c:f7:5c:d6:05:0e:7b:60:
                    01:a8:66:fc:f0:c3:d3:83:e3:9b:b8:b4:c1:1f:44:
                    8e:56:56:e2:6d:3b:1d:b9:2f:95:74:05:c7:bc:49:
                    c1:43:c6:7a:f1:a9:53:62:ff:25:60:21:2b:4c:50:
                    f4:64:cd:d3:9e:c0:de:86:49:9e:1c:f6:70:8f:69:
                    84:21:98:69:d9:8f:55:f2:ee:2a:1a:29:06:49:c2:
                    93:af:ee:a6:39:e1:fd:5e:51:64:96:1f:4b:c8:7f:
                    da:e6:f7:45:7d:b8:91:5d:32:c9:5a:d0:f0:e7:75:
                    a0:50:cb:02:2c:76:48:8f:ae:f1:e1:82:13:57:90:
                    d8:02:71:25:e0:12:9f:53:4d:75:d1:02:1b:7c:30:
                    f5:0a:e5:a4:bc:37:5c:ca:34:c6:f5:3e:de:09:03:
                    59:b1:16:60:57:19:3a:c0:35:01:37:7d:56:d1:3c:
                    0e:6a:9a:4f:07:a5:63:a6:b5:26:ae:8a:eb:15:fd:
                    5f:7d:eb:fa:e1:f2:8a:f7:c0:51:66:9b:eb:b4:7b:
                    a4:4a:15:83:f0:c0:19:7a:b0:eb:60:06:ae:76:84:
                    41:de:82:9b:f3:5b:0e:5e:6a:4b:85:7f:ed:be:a7:
                    f3:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:D8:98:0C:7B:D7:A8:62:D1:08:FE:42:07:A7:F0:07:E3:DB:8B:D7
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/0tiYDHvXqGLRCP5CB6fwB-Pbi9c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:63c2::/32
                  2a13:be47::/32

    Signature Algorithm: sha256WithRSAEncryption
         58:55:75:8f:b7:f0:09:b6:7f:dd:f6:68:64:1f:c1:2f:59:a2:
         8b:0f:bd:33:97:ab:0a:7b:e1:b9:fa:66:fd:86:d5:b7:5a:85:
         5d:78:d4:c2:d6:e9:94:07:d1:7b:8d:5a:40:1f:bc:aa:a2:1f:
         61:c3:40:d5:0f:b0:3c:ce:d8:9b:a3:e9:30:a8:f5:3f:0c:c2:
         2e:cd:9c:7d:3b:a4:62:bb:41:f3:20:49:db:4a:87:9f:32:b8:
         f3:19:f1:92:b8:df:9f:9e:42:f7:90:eb:ec:78:c2:fc:26:60:
         eb:d8:d9:9b:75:ad:18:0a:6f:13:bd:62:57:ae:05:93:9b:8e:
         19:7d:3e:3c:32:b4:fa:56:3f:db:1c:63:67:06:70:47:87:3c:
         73:c2:32:42:c4:d2:a2:ae:22:32:48:f2:ee:64:3f:72:bb:50:
         f6:d9:d2:4a:31:a8:68:2d:45:c9:0e:b1:96:66:7e:40:58:8f:
         eb:be:c7:2f:05:a4:65:d9:0b:40:29:22:43:ab:a9:93:42:63:
         3f:48:46:00:4e:12:a9:69:49:1b:e9:5d:75:1e:a9:5e:3c:a6:
         96:b8:a3:29:e7:36:6b:bc:18:7f:6f:b9:2d:8e:8c:8b:92:22:
         b3:24:24:e3:28:47:e3:69:93:39:43:4a:1d:60:84:9b:ca:ca:
         c1:61:d2:75
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZbODhFMDrPoc4y3yFqOvV4OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTE0MDkwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMmQ4OTgwYzdiZDdhODYyZDEwOGZlNDIwN2E3ZjAwN2UzZGI4YmQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwaD3/3abR/TfSrzhrSVu4QM7hKU
jPdc1gUOe2ABqGb88MPTg+ObuLTBH0SOVlbibTsduS+VdAXHvEnBQ8Z68alTYv8l
YCErTFD0ZM3TnsDehkmeHPZwj2mEIZhp2Y9V8u4qGikGScKTr+6mOeH9XlFklh9L
yH/a5vdFfbiRXTLJWtDw53WgUMsCLHZIj67x4YITV5DYAnEl4BKfU0110QIbfDD1
CuWkvDdcyjTG9T7eCQNZsRZgVxk6wDUBN31W0TwOappPB6VjprUmrorrFf1ffev6
4fKK98BRZpvrtHukShWD8MAZerDrYAaudoRB3oKb81sOXmpLhX/tvqfz6QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNLYmAx716hi0Qj+Qgen8Afj24vXMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvMHRpWURIdlhxR0xSQ1A1Q0I2ZndCLVBiaTljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUAKg9jwgMF
ACoTvkcwDQYJKoZIhvcNAQELBQADggEBAFhVdY+38Am2f932aGQfwS9ZoosPvTOX
qwp74bn6Zv2G1bdahV141MLW6ZQH0XuNWkAfvKqiH2HDQNUPsDzO2Juj6TCo9T8M
wi7NnH07pGK7QfMgSdtKh58yuPMZ8ZK435+eQveQ6+x4wvwmYOvY2Zt1rRgKbxO9
YleuBZObjhl9PjwytPpWP9scY2cGcEeHPHPCMkLE0qKuIjJI8u5kP3K7UPbZ0kox
qGgtRckOsZZmfkBYj+u+xy8FpGXZC0ApIkOrqZNCYz9IRgBOEqlpSRvpXXUeqV48
ppa4oynnNmu8GH9vuS2OjIuSIrMkJOMoR+NpkzlDSh1ghJvKysFh0nU=
-----END CERTIFICATE-----