Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/6ClWWOCNN_5u_sE9CPI9dXoK3zI.roa
File:                     6ClWWOCNN_5u_sE9CPI9dXoK3zI.roa (raw, json)
Hash identifier:          0zp7urhEcbKaK9DA9Ike+3uUwk8tucs6IybOpEzSfXc=
Subject key identifier:   E8:29:56:58:E0:8D:37:FE:6E:FE:C1:3D:08:F2:3D:75:7A:0A:DF:32
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       0197A3379D9B3FEB168475CEE401C779AD47
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/6ClWWOCNN_5u_sE9CPI9dXoK3zI.roa
Signing time:             Tue 24 Jun 2025 18:33:40 +0000
ROA not before:           Tue 24 Jun 2025 18:33:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a10:a9c0::/29 maxlen: 29
                          2a13:bec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a3:37:9d:9b:3f:eb:16:84:75:ce:e4:01:c7:79:ad:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 24 18:33:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8295658e08d37fe6efec13d08f23d757a0adf32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:45:c2:2f:06:3b:3c:8e:72:1a:63:1d:95:87:
                    ad:c0:d1:fd:17:2f:8e:1e:91:61:31:f8:d1:75:3c:
                    2d:5a:c1:bf:26:56:10:b0:a6:6d:cd:67:5d:c2:e8:
                    88:70:a8:bb:b3:64:b3:fb:a4:65:cb:22:7b:fe:9d:
                    7d:48:4b:0e:c7:ea:50:14:aa:e3:91:9d:28:42:5d:
                    ec:e0:73:dc:ae:d7:fd:ef:fe:64:75:62:1e:ba:3d:
                    4f:36:f4:5d:48:16:e0:ba:4a:cf:6d:6c:8d:30:fc:
                    59:c7:4f:64:59:32:4e:1a:23:9a:a6:d3:d6:8c:05:
                    20:ac:79:59:b9:f9:1b:3b:76:39:73:b0:59:52:84:
                    a3:56:74:7e:12:df:2a:90:c1:b2:86:46:68:91:b2:
                    0d:ed:6d:68:2f:63:93:07:f5:a2:84:ba:f4:0d:96:
                    9a:b8:06:6b:e8:08:76:4d:5f:f9:f0:6a:be:77:b3:
                    1a:13:8e:e1:82:ec:da:5d:ab:98:73:2e:9c:0d:5d:
                    1c:86:8c:3d:5a:84:85:45:65:a9:b3:9f:76:41:5c:
                    f7:3c:c9:0b:34:ca:b0:14:13:ba:48:c0:0e:05:0c:
                    3e:b3:6a:42:a0:6b:ca:37:2b:cd:f5:58:ed:47:2b:
                    6a:81:eb:d8:de:88:8b:24:6a:06:90:4d:86:75:7e:
                    03:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:29:56:58:E0:8D:37:FE:6E:FE:C1:3D:08:F2:3D:75:7A:0A:DF:32
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/6ClWWOCNN_5u_sE9CPI9dXoK3zI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a9c0::/29
                  2a13:bec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         09:41:51:2f:5c:9d:28:cc:57:52:d8:d5:a1:77:e9:d5:d6:2e:
         57:3a:ea:1b:04:d4:d6:32:d3:c2:d4:3e:b2:65:e4:39:2a:53:
         76:4a:2f:53:d2:f7:d4:d2:6d:d8:58:e9:f1:07:22:2e:f7:c6:
         aa:76:71:49:14:94:d8:b3:88:a7:b0:58:09:12:fa:f7:3b:18:
         dd:f8:10:a7:8a:10:30:40:07:df:c3:54:42:d8:5b:db:30:ae:
         d8:2d:15:c0:cc:7b:d5:b4:5f:7a:f4:26:32:e5:20:e1:af:a5:
         ea:8c:93:a1:d9:ec:05:33:74:8a:e3:6b:0f:e6:b7:98:81:59:
         24:93:eb:21:4b:25:79:b0:40:b9:70:86:85:de:d3:8e:fa:d9:
         b1:42:fd:1d:4c:ee:8d:c5:d4:28:ce:b3:21:21:11:21:7e:63:
         46:cf:01:f4:17:08:63:93:1e:42:0f:9b:9b:40:40:3d:0c:0a:
         ea:5a:48:36:dd:ab:63:9f:a5:c4:f7:07:bd:5d:ff:5a:8d:be:
         85:32:63:18:41:4e:d3:d2:d3:e9:0f:e7:fd:c2:7a:1e:61:d8:
         e3:0e:b4:5e:df:d8:5a:90:32:fa:32:e9:92:ee:e6:bc:4b:49:
         48:13:0f:ae:38:36:c2:c9:eb:35:66:3c:f6:20:31:59:31:ab:
         bb:88:b9:5f
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZejN52bP+sWhHXO5AHHea1HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjI0MTgzMzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODI5NTY1OGUwOGQzN2ZlNmVmZWMxM2QwOGYyM2Q3NTdhMGFkZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEXCLwY7PI5yGmMdlYetwNH9Fy+O
HpFhMfjRdTwtWsG/JlYQsKZtzWddwuiIcKi7s2Sz+6RlyyJ7/p19SEsOx+pQFKrj
kZ0oQl3s4HPcrtf97/5kdWIeuj1PNvRdSBbgukrPbWyNMPxZx09kWTJOGiOaptPW
jAUgrHlZufkbO3Y5c7BZUoSjVnR+Et8qkMGyhkZokbIN7W1oL2OTB/WihLr0DZaa
uAZr6Ah2TV/58Gq+d7MaE47hguzaXauYcy6cDV0chow9WoSFRWWps592QVz3PMkL
NMqwFBO6SMAOBQw+s2pCoGvKNyvN9VjtRytqgevY3oiLJGoGkE2GdX4DrQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOgpVljgjTf+bv7BPQjyPXV6Ct8yMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvNkNsV1dPQ05OXzV1X3NFOUNQSTlkWG9LM3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhCpwAMF
AyoTvsAwDQYJKoZIhvcNAQELBQADggEBAAlBUS9cnSjMV1LY1aF36dXWLlc66hsE
1NYy08LUPrJl5DkqU3ZKL1PS99TSbdhY6fEHIi73xqp2cUkUlNiziKewWAkS+vc7
GN34EKeKEDBAB9/DVELYW9swrtgtFcDMe9W0X3r0JjLlIOGvpeqMk6HZ7AUzdIrj
aw/mt5iBWSST6yFLJXmwQLlwhoXe04762bFC/R1M7o3F1CjOsyEhESF+Y0bPAfQX
CGOTHkIPm5tAQD0MCupaSDbdq2OfpcT3B71d/1qNvoUyYxhBTtPS0+kP5/3Ceh5h
2OMOtF7f2FqQMvoy6ZLu5rxLSUgTD644NsLJ6zVmPPYgMVkxq7uIuV8=
-----END CERTIFICATE-----