Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/2-jzsfhMMb0RIDszcU9Bxe3dil0.roa
File:                     2-jzsfhMMb0RIDszcU9Bxe3dil0.roa (raw, json)
Hash identifier:          a5uAU6wg4ixL0x01+P2YcqFwvfYHW2TV3eZbSepEKRM=
Subject key identifier:   DB:E8:F3:B1:F8:4C:31:BD:11:20:3B:33:71:4F:41:C5:ED:DD:8A:5D
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019779DD07B41DF610C7A582405D00BDF276
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/2-jzsfhMMb0RIDszcU9Bxe3dil0.roa
Signing time:             Mon 16 Jun 2025 17:50:17 +0000
ROA not before:           Mon 16 Jun 2025 17:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215420
IP address blocks:        2a0f:89c0::/29 maxlen: 29
                          2a13:d140::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:dd:07:b4:1d:f6:10:c7:a5:82:40:5d:00:bd:f2:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 16 17:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbe8f3b1f84c31bd11203b33714f41c5eddd8a5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0f:60:81:9d:3d:df:1f:62:e2:da:87:50:f7:
                    ab:c6:10:45:d2:29:b1:09:df:d6:e8:7e:45:5c:2e:
                    6b:05:0b:11:c5:c5:9d:a9:fe:01:31:e7:ca:2c:eb:
                    49:19:e8:27:36:ae:5a:fe:9b:22:55:37:b3:6b:cf:
                    79:09:03:a3:ab:88:be:e2:9d:48:ce:88:dc:44:ca:
                    a2:7e:f5:de:ab:7f:d2:6b:b6:2e:57:1c:12:08:3f:
                    24:ca:8e:1d:f3:e5:c1:0e:35:72:79:99:68:5b:63:
                    c8:df:c5:4f:c8:0d:28:a9:e6:83:a7:0e:49:04:d0:
                    80:7a:23:b3:3d:b6:62:fa:1b:98:90:08:60:5c:39:
                    1e:7b:65:14:92:2a:20:b3:1b:60:f3:bf:06:e0:8f:
                    66:6c:fb:91:2f:7a:fd:6e:e2:90:ae:7f:18:f5:ce:
                    2e:d7:3b:18:56:0d:55:71:ec:81:a6:64:ec:75:4c:
                    6c:3a:ae:70:6c:fe:46:ec:05:92:6c:d9:b2:30:12:
                    c1:ce:53:56:2e:74:68:99:58:0c:80:f2:79:91:53:
                    a1:92:15:33:e0:32:3b:d2:5f:1d:f3:c6:fc:da:5c:
                    a0:c7:ef:5f:50:16:c5:31:72:b4:4f:f6:c6:c2:3f:
                    be:98:82:a7:b4:b7:57:ae:78:3f:33:dd:1c:e1:89:
                    f2:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:E8:F3:B1:F8:4C:31:BD:11:20:3B:33:71:4F:41:C5:ED:DD:8A:5D
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/2-jzsfhMMb0RIDszcU9Bxe3dil0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:89c0::/29
                  2a13:d140::/29

    Signature Algorithm: sha256WithRSAEncryption
         5f:15:cc:7c:dd:7f:d8:21:09:52:d1:20:00:47:ce:a5:31:26:
         1f:75:3b:e9:ea:24:7a:54:4a:81:53:36:a9:39:f3:20:49:1b:
         07:89:cc:b4:a1:ad:ac:a8:0f:6e:9e:af:a7:ec:2d:5e:ca:f5:
         22:2f:d0:d4:87:3e:f5:fd:08:7e:7d:f6:6d:3e:db:eb:2a:e2:
         91:88:fb:27:a1:f1:61:c8:51:23:7f:4f:2e:c2:62:74:96:b1:
         5b:8b:ca:bb:70:4c:d0:b5:cd:0e:20:58:a9:40:5b:d5:68:1f:
         ce:41:0d:f0:d3:fa:30:66:ef:bb:7b:a2:c0:04:ee:a9:9f:9a:
         08:14:f0:5a:13:32:e0:d7:5d:5f:de:a6:df:52:98:4f:bd:42:
         f0:c0:c1:3a:42:97:40:d0:a4:39:03:f5:6e:f0:21:de:46:a5:
         b8:55:6f:8a:56:6c:ba:9d:f2:e7:74:b9:57:c8:15:17:95:5c:
         c1:bd:fd:6c:57:32:ac:b8:3f:c1:0e:12:09:97:2a:9f:72:f6:
         da:2e:c8:02:7d:ef:65:b0:71:0e:a1:10:34:7e:e0:67:a2:0c:
         3a:cc:a6:ea:ff:3f:6e:3a:e2:32:8f:11:28:34:6d:b7:fc:98:
         4d:f7:a4:4e:11:51:57:c8:96:74:b9:d6:e0:dc:12:2e:26:d5:
         e4:e7:94:c8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZd53Qe0HfYQx6WCQF0AvfJ2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjE2MTc1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmU4ZjNiMWY4NGMzMWJkMTEyMDNiMzM3MTRmNDFjNWVkZGQ4YTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqw9ggZ093x9i4tqHUPerxhBF0imx
Cd/W6H5FXC5rBQsRxcWdqf4BMefKLOtJGegnNq5a/psiVTeza895CQOjq4i+4p1I
zojcRMqifvXeq3/Sa7YuVxwSCD8kyo4d8+XBDjVyeZloW2PI38VPyA0oqeaDpw5J
BNCAeiOzPbZi+huYkAhgXDkee2UUkiogsxtg878G4I9mbPuRL3r9buKQrn8Y9c4u
1zsYVg1VceyBpmTsdUxsOq5wbP5G7AWSbNmyMBLBzlNWLnRomVgMgPJ5kVOhkhUz
4DI70l8d88b82lygx+9fUBbFMXK0T/bGwj++mIKntLdXrng/M90c4YnycQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFNvo87H4TDG9ESA7M3FPQcXt3YpdMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvMi1qenNmaE1NYjBSSURzemNVOUJ4ZTNkaWwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg+JwAMF
AyoT0UAwDQYJKoZIhvcNAQELBQADggEBAF8VzHzdf9ghCVLRIABHzqUxJh91O+nq
JHpUSoFTNqk58yBJGweJzLShrayoD26er6fsLV7K9SIv0NSHPvX9CH599m0+2+sq
4pGI+yeh8WHIUSN/Ty7CYnSWsVuLyrtwTNC1zQ4gWKlAW9VoH85BDfDT+jBm77t7
osAE7qmfmggU8FoTMuDXXV/ept9SmE+9QvDAwTpCl0DQpDkD9W7wId5GpbhVb4pW
bLqd8ud0uVfIFReVXMG9/WxXMqy4P8EOEgmXKp9y9touyAJ972WwcQ6hEDR+4Gei
DDrMpur/P2464jKPESg0bbf8mE33pE4RUVfIlnS51uDcEi4m1eTnlMg=
-----END CERTIFICATE-----