Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/AX8BlTRT6cyA-hbrHSjerE9tcEg.roa
File:                     AX8BlTRT6cyA-hbrHSjerE9tcEg.roa (raw, json)
Hash identifier:          TNhzICy1LRNCVxrWytbR/UE5yKjagpfkp4U27R7CF7o=
Subject key identifier:   01:7F:01:95:34:53:E9:CC:80:FA:16:EB:1D:28:DE:AC:4F:6D:70:48
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019779DDF23D0089E1E1BE66BC21F853B38C
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/AX8BlTRT6cyA-hbrHSjerE9tcEg.roa
Signing time:             Mon 16 Jun 2025 17:51:18 +0000
ROA not before:           Mon 16 Jun 2025 17:51:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215210
IP address blocks:        2a0b:8440::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 04:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:dd:f2:3d:00:89:e1:e1:be:66:bc:21:f8:53:b3:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 16 17:51:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=017f01953453e9cc80fa16eb1d28deac4f6d7048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:af:d0:82:3f:01:c1:c0:71:2a:fc:b5:69:1d:
                    91:cf:52:5d:c4:aa:5a:17:64:e1:61:6d:20:f8:7c:
                    40:06:5a:ca:db:49:a6:0d:7a:81:f2:bd:3c:43:af:
                    7b:b9:36:b9:c7:9f:1b:f3:4a:52:d1:8f:e1:b0:04:
                    7d:6e:fb:9c:bc:7f:5d:23:d9:e8:3c:eb:dd:c4:80:
                    e7:3d:00:17:89:4f:2b:02:39:21:95:57:91:6e:28:
                    5e:64:1e:b6:94:f6:70:b7:8f:c7:9b:d7:8c:ce:b9:
                    a6:b4:7f:76:74:80:75:0b:71:83:81:29:cf:b7:ca:
                    c4:2d:53:82:94:f8:ff:d3:cf:87:9a:ea:db:7d:86:
                    cf:f6:18:02:5a:c8:6d:b3:5b:e7:90:89:77:ac:d3:
                    be:42:72:36:bb:ff:e3:18:86:28:fd:d6:80:c1:bf:
                    d2:a3:29:22:32:63:24:98:06:2e:3d:9d:f3:cf:c7:
                    a2:06:91:f5:31:0f:94:91:cc:9c:0b:b8:74:59:c0:
                    05:9d:ad:3f:8b:31:22:cd:3a:ce:b7:85:f7:cf:3f:
                    87:dd:ff:c6:66:90:b0:b5:21:9d:5a:96:31:c4:6c:
                    20:63:04:8b:d9:c2:20:bf:87:23:ac:2b:9e:a0:a8:
                    d9:4b:42:a8:fa:59:d4:47:ac:1c:c8:0c:e5:d7:27:
                    52:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:7F:01:95:34:53:E9:CC:80:FA:16:EB:1D:28:DE:AC:4F:6D:70:48
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/AX8BlTRT6cyA-hbrHSjerE9tcEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0b:8440::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:a9:ab:b4:68:7d:e5:27:be:6a:39:d5:6b:fb:21:60:48:30:
         8a:0e:4d:77:a8:cf:ae:8a:11:09:4c:55:c3:b3:d4:d8:02:cd:
         de:74:0c:53:03:e1:de:fd:90:31:64:dd:65:8d:2e:07:38:ae:
         88:c4:62:55:36:df:66:d6:d8:23:96:0e:43:23:1b:26:2f:33:
         29:e7:7b:56:2e:41:5a:c2:af:93:e4:de:c3:d9:47:02:67:b1:
         30:76:e0:b1:80:1a:9f:82:09:4e:be:03:e0:de:20:0e:76:46:
         e4:2d:b6:be:1e:9e:72:77:d2:38:9e:3b:45:71:97:81:95:61:
         58:69:bb:57:eb:98:a7:9b:01:67:1f:af:09:e3:5c:75:e2:b2:
         02:30:99:44:91:c4:af:a2:06:e1:db:64:0e:89:bc:dd:9c:55:
         2b:ad:89:91:07:4a:09:29:d3:3f:54:f1:4d:c0:fc:97:62:88:
         41:ce:2b:26:a5:b8:5b:ff:ba:3a:84:4d:44:e2:a0:39:1c:a8:
         34:f4:ab:27:14:f4:6c:83:e6:e6:e9:d6:99:de:6a:14:99:36:
         44:9e:d9:73:d5:5b:0a:df:c4:09:c8:10:22:90:74:a8:bd:3d:
         d4:1f:f3:95:80:dc:c8:9e:4b:8d:18:f6:f3:c3:79:86:b2:72:
         24:27:98:52
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd53fI9AInh4b5mvCH4U7OMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjE2MTc1MTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTdmMDE5NTM0NTNlOWNjODBmYTE2ZWIxZDI4ZGVhYzRmNmQ3MDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArK/Qgj8BwcBxKvy1aR2Rz1JdxKpa
F2ThYW0g+HxABlrK20mmDXqB8r08Q697uTa5x58b80pS0Y/hsAR9bvucvH9dI9no
POvdxIDnPQAXiU8rAjkhlVeRbiheZB62lPZwt4/Hm9eMzrmmtH92dIB1C3GDgSnP
t8rELVOClPj/08+HmurbfYbP9hgCWshts1vnkIl3rNO+QnI2u//jGIYo/daAwb/S
oykiMmMkmAYuPZ3zz8eiBpH1MQ+UkcycC7h0WcAFna0/izEizTrOt4X3zz+H3f/G
ZpCwtSGdWpYxxGwgYwSL2cIgv4cjrCueoKjZS0Ko+lnUR6wcyAzl1ydS0QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFAF/AZU0U+nMgPoW6x0o3qxPbXBIMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvQVg4QmxUUlQ2Y3lBLWhickhTamVyRTl0Y0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKguEQDAN
BgkqhkiG9w0BAQsFAAOCAQEAk6mrtGh95Se+ajnVa/shYEgwig5Nd6jProoRCUxV
w7PU2ALN3nQMUwPh3v2QMWTdZY0uBziuiMRiVTbfZtbYI5YOQyMbJi8zKed7Vi5B
WsKvk+Tew9lHAmexMHbgsYAan4IJTr4D4N4gDnZG5C22vh6ecnfSOJ47RXGXgZVh
WGm7V+uYp5sBZx+vCeNcdeKyAjCZRJHEr6IG4dtkDom83ZxVK62JkQdKCSnTP1Tx
TcD8l2KIQc4rJqW4W/+6OoRNROKgORyoNPSrJxT0bIPm5unWmd5qFJk2RJ7Zc9Vb
Ct/ECcgQIpB0qL091B/zlYDcyJ5LjRj288N5hrJyJCeYUg==
-----END CERTIFICATE-----