Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/2C8z_5p6BYmjXPtV6bjASpWY68c.roa
File:                     2C8z_5p6BYmjXPtV6bjASpWY68c.roa (raw, json)
Hash identifier:          sngxNH21BG1MTwKvWrptr+WCEJchTmBvoIuJoZ9KT+M=
Subject key identifier:   D8:2F:33:FF:9A:7A:05:89:A3:5C:FB:55:E9:B8:C0:4A:95:98:EB:C7
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0196BF2626ED016F21F87360B290629EFC96
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/2C8z_5p6BYmjXPtV6bjASpWY68c.roa
Signing time:             Sun 11 May 2025 11:41:10 +0000
ROA not before:           Sun 11 May 2025 11:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215210
IP address blocks:        2a0b:8440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 05:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:bf:26:26:ed:01:6f:21:f8:73:60:b2:90:62:9e:fc:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: May 11 11:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d82f33ff9a7a0589a35cfb55e9b8c04a9598ebc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:40:bf:f3:05:08:20:b6:b0:98:9a:07:db:f7:
                    52:cf:97:b3:5e:d6:48:1f:88:02:8c:cc:87:0b:c5:
                    b6:7a:b7:c7:3c:7f:76:a7:7d:1f:2c:94:ee:a9:27:
                    5e:8a:6f:d5:f3:7e:13:51:18:43:29:6a:0f:e9:74:
                    7d:c5:a8:fe:f2:6d:87:45:3b:8d:8f:ea:df:09:cd:
                    d3:ae:78:81:cd:d7:b6:54:a5:05:bd:14:fc:17:d1:
                    c6:46:14:7b:43:e1:88:4c:3c:5d:4c:2e:4a:33:12:
                    8d:99:67:d7:7b:25:1b:b6:69:76:9b:53:37:c7:d7:
                    10:0b:32:50:4a:9e:5f:78:46:32:08:33:9b:d8:5f:
                    0f:7f:80:29:24:d9:cd:3d:17:4a:ec:6c:5c:cf:4f:
                    c9:df:e3:3f:58:25:48:8e:f4:f6:f7:e1:83:08:e2:
                    58:06:ff:80:53:63:c9:ef:7d:c6:c0:cf:85:de:7d:
                    65:7d:eb:c4:a4:01:86:82:d5:92:96:6f:17:72:53:
                    00:a7:84:9d:a2:6d:22:58:69:07:ac:ed:cc:ef:c3:
                    eb:24:26:c2:36:46:63:a9:55:a1:bd:6b:76:c0:6c:
                    cc:9e:ff:1d:bd:d2:aa:df:44:e4:e5:5f:12:31:c1:
                    5c:4e:7e:71:1d:ca:d4:97:96:6f:84:9e:b9:50:07:
                    59:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:2F:33:FF:9A:7A:05:89:A3:5C:FB:55:E9:B8:C0:4A:95:98:EB:C7
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/2C8z_5p6BYmjXPtV6bjASpWY68c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8440::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:59:35:ee:2f:e5:72:93:68:d3:35:19:4d:54:dd:c9:9e:0c:
         fd:c7:4c:09:8d:d8:a3:40:30:92:c8:1c:33:5b:0d:46:19:a5:
         9b:dd:60:68:52:67:cc:cc:30:b4:5a:85:32:d4:5a:72:84:ef:
         97:e0:fc:60:77:9a:5d:22:53:34:01:4b:18:4b:ff:bb:fd:be:
         33:94:61:99:df:23:83:ab:5b:0c:e5:9d:92:fe:10:1e:b7:b8:
         8a:c7:71:d1:1d:ad:9d:a6:66:59:3c:c5:bd:da:1b:7c:ad:54:
         61:2e:c4:eb:dd:24:6e:78:f1:1f:e3:c9:6b:08:3e:4a:ba:93:
         7f:69:93:c5:ab:d1:37:1a:84:f9:0d:31:df:c9:42:69:4a:4a:
         23:52:89:80:36:d9:55:69:4e:1c:c0:b7:c4:06:fd:3d:59:79:
         c3:78:fe:91:cf:12:35:69:48:a2:42:8a:2d:a1:c9:fe:f8:60:
         81:8f:c7:73:3b:ea:69:af:0d:4b:e1:f7:a3:70:05:05:d6:be:
         d8:12:54:d4:75:8a:47:8b:77:ae:cf:5b:0f:3a:9a:bb:f4:2b:
         09:13:6c:f3:18:95:31:d5:76:66:fd:29:76:6e:4a:56:96:92:
         50:09:8c:a1:7a:c2:42:8a:0c:30:d3:e8:7a:e4:8b:90:12:e7:
         00:8b:e0:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZa/JibtAW8h+HNgspBinvyWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNTExMTE0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODJmMzNmZjlhN2EwNTg5YTM1Y2ZiNTVlOWI4YzA0YTk1OThlYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0C/8wUIILawmJoH2/dSz5ezXtZI
H4gCjMyHC8W2erfHPH92p30fLJTuqSdeim/V834TURhDKWoP6XR9xaj+8m2HRTuN
j+rfCc3TrniBzde2VKUFvRT8F9HGRhR7Q+GITDxdTC5KMxKNmWfXeyUbtml2m1M3
x9cQCzJQSp5feEYyCDOb2F8Pf4ApJNnNPRdK7Gxcz0/J3+M/WCVIjvT29+GDCOJY
Bv+AU2PJ733GwM+F3n1lfevEpAGGgtWSlm8XclMAp4Sdom0iWGkHrO3M78PrJCbC
NkZjqVWhvWt2wGzMnv8dvdKq30Tk5V8SMcFcTn5xHcrUl5ZvhJ65UAdZCQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFNgvM/+aegWJo1z7Vem4wEqVmOvHMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvMkM4el81cDZCWW1qWFB0VjZiakFTcFdZNjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKguEQDAN
BgkqhkiG9w0BAQsFAAOCAQEApVk17i/lcpNo0zUZTVTdyZ4M/cdMCY3Yo0Awksgc
M1sNRhmlm91gaFJnzMwwtFqFMtRacoTvl+D8YHeaXSJTNAFLGEv/u/2+M5Rhmd8j
g6tbDOWdkv4QHre4isdx0R2tnaZmWTzFvdobfK1UYS7E690kbnjxH+PJawg+SrqT
f2mTxavRNxqE+Q0x38lCaUpKI1KJgDbZVWlOHMC3xAb9PVl5w3j+kc8SNWlIokKK
LaHJ/vhggY/Hczvqaa8NS+H3o3AFBda+2BJU1HWKR4t3rs9bDzqau/QrCRNs8xiV
MdV2Zv0pdm5KVpaSUAmMoXrCQooMMNPoeuSLkBLnAIvg2w==
-----END CERTIFICATE-----