Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/L-RSq6IUGYToiYDM4n67WQx8VOg.roa
File:                     L-RSq6IUGYToiYDM4n67WQx8VOg.roa (raw, json)
Hash identifier:          u8ekJ9cjVtYNkxSCsY2smL67ORogBBulUQlW9I6fLOk=
Subject key identifier:   2F:E4:52:AB:A2:14:19:84:E8:89:80:CC:E2:7E:BB:59:0C:7C:54:E8
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019CE39B4AA8A649503FB33E74ABA0AB4EFE
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/L-RSq6IUGYToiYDM4n67WQx8VOg.roa
Signing time:             Thu 12 Mar 2026 19:52:11 +0000
ROA not before:           Thu 12 Mar 2026 19:52:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     400328
IP address blocks:        2a13:b740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:9b:4a:a8:a6:49:50:3f:b3:3e:74:ab:a0:ab:4e:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar 12 19:52:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2fe452aba2141984e88980cce27ebb590c7c54e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3b:11:66:c1:d1:f3:34:e8:63:7c:cc:6d:71:
                    8f:58:60:bc:bd:25:b0:a8:1e:09:c5:42:dc:d1:d6:
                    1d:46:85:2c:3f:62:af:7b:7a:6d:c5:15:03:54:75:
                    4f:66:b8:fc:ae:f1:12:26:a0:9a:85:bf:a3:db:bd:
                    44:68:40:7f:b8:d6:fb:0d:ea:10:a8:56:19:c6:f9:
                    a4:9f:c1:b4:a3:2f:ae:05:1f:f0:82:1d:df:c5:38:
                    92:5c:ba:fb:e1:6f:a7:01:4b:e9:1e:6f:a4:c5:47:
                    41:55:82:7c:a2:4b:60:27:30:b8:aa:90:d9:48:39:
                    f0:d3:0c:7e:0e:63:f9:80:08:22:2e:a9:0e:8a:0b:
                    76:a6:44:24:be:96:5a:6c:80:06:f9:76:d7:36:90:
                    36:4e:11:a7:3b:32:36:a7:b7:cc:e4:e8:c6:5b:71:
                    0d:11:01:2b:80:86:6f:03:c9:94:12:f7:f0:2d:e3:
                    10:cc:27:07:37:8b:8d:51:15:44:b9:87:1f:15:83:
                    f1:4e:2d:71:a2:e4:99:db:52:2d:c1:e2:60:0d:99:
                    11:6b:6c:8a:73:03:ea:56:d0:b2:9e:22:cd:f3:eb:
                    84:47:6a:84:10:97:33:10:0b:ae:69:0b:af:b0:6f:
                    2e:da:cc:1b:13:d9:50:c0:1d:dd:25:fb:f4:5a:3c:
                    c1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:E4:52:AB:A2:14:19:84:E8:89:80:CC:E2:7E:BB:59:0C:7C:54:E8
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/L-RSq6IUGYToiYDM4n67WQx8VOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:b740::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:a0:9c:a0:c8:0e:01:8a:80:a4:96:47:02:3b:f1:80:3f:80:
         12:6c:11:d2:a7:df:2c:13:0f:d0:a4:b6:d2:20:a1:18:3d:20:
         6a:f1:0e:3d:d0:db:21:6d:ee:a4:09:8e:01:55:08:6a:93:08:
         37:97:be:a4:5e:87:ff:f1:5c:5b:76:25:19:db:61:65:34:29:
         a1:6a:70:0d:53:47:4f:7b:cc:12:e0:69:35:d5:7c:eb:91:22:
         80:da:0f:6b:27:11:50:8a:c1:00:e1:16:b6:5c:b1:fc:d2:04:
         94:54:5e:d8:04:8e:0a:19:38:8a:9b:5a:f6:11:a8:64:d8:93:
         15:d0:08:19:ab:a9:a0:de:aa:fd:58:5c:64:f2:69:5c:7a:15:
         08:ed:fa:ca:46:69:a6:91:f9:46:08:44:99:8f:82:b1:f7:ca:
         6e:ff:70:c5:67:f8:86:5c:5c:b7:c9:38:f1:6c:10:1b:7f:6f:
         c9:fb:ca:c8:a3:db:aa:4a:f0:7e:87:64:9e:cb:15:37:53:34:
         76:c9:5c:d7:ed:35:6d:70:c8:21:90:b0:9b:08:ae:9c:b4:a1:
         e2:73:17:10:5c:84:1a:f7:2d:37:fb:b0:51:04:f6:d0:d8:20:
         74:d8:54:b5:e1:7c:39:7f:10:21:12:3f:bf:f6:cd:c4:91:3e:
         fb:91:f5:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzjm0qopklQP7M+dKugq07+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMzEyMTk1MjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZmU0NTJhYmEyMTQxOTg0ZTg4OTgwY2NlMjdlYmI1OTBjN2M1NGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7DsRZsHR8zToY3zMbXGPWGC8vSWw
qB4JxULc0dYdRoUsP2Kve3ptxRUDVHVPZrj8rvESJqCahb+j271EaEB/uNb7DeoQ
qFYZxvmkn8G0oy+uBR/wgh3fxTiSXLr74W+nAUvpHm+kxUdBVYJ8oktgJzC4qpDZ
SDnw0wx+DmP5gAgiLqkOigt2pkQkvpZabIAG+XbXNpA2ThGnOzI2p7fM5OjGW3EN
EQErgIZvA8mUEvfwLeMQzCcHN4uNURVEuYcfFYPxTi1xouSZ21ItweJgDZkRa2yK
cwPqVtCyniLN8+uER2qEEJczEAuuaQuvsG8u2swbE9lQwB3dJfv0WjzBOwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC/kUquiFBmE6ImAzOJ+u1kMfFToMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvTC1SU3E2SVVHWVRvaVlETTRuNjdXUXg4Vk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO3QDAN
BgkqhkiG9w0BAQsFAAOCAQEADaCcoMgOAYqApJZHAjvxgD+AEmwR0qffLBMP0KS2
0iChGD0gavEOPdDbIW3upAmOAVUIapMIN5e+pF6H//FcW3YlGdthZTQpoWpwDVNH
T3vMEuBpNdV865EigNoPaycRUIrBAOEWtlyx/NIElFRe2ASOChk4ipta9hGoZNiT
FdAIGaupoN6q/VhcZPJpXHoVCO36ykZpppH5RghEmY+CsffKbv9wxWf4hlxct8k4
8WwQG39vyfvKyKPbqkrwfodknssVN1M0dslc1+01bXDIIZCwmwiunLSh4nMXEFyE
GvctN/uwUQT20NggdNhUteF8OX8QIRI/v/bNxJE++5H1eg==
-----END CERTIFICATE-----