Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UFLLKiZ0Hp9OcaVtAxj1iPFaKD0.roa
File:                     UFLLKiZ0Hp9OcaVtAxj1iPFaKD0.roa (raw, json)
Hash identifier:          lYN5d7LY473tQDrNhGl9JJGy+39BjnigSTk21pn+Qrc=
Subject key identifier:   50:52:CB:2A:26:74:1E:9F:4E:71:A5:6D:03:18:F5:88:F1:5A:28:3D
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01977F428FF11038B3988EF31E6294BA42B6
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UFLLKiZ0Hp9OcaVtAxj1iPFaKD0.roa
Signing time:             Tue 17 Jun 2025 18:59:17 +0000
ROA not before:           Tue 17 Jun 2025 18:59:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202511
IP address blocks:        2a13:be47::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7f:42:8f:f1:10:38:b3:98:8e:f3:1e:62:94:ba:42:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 17 18:59:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5052cb2a26741e9f4e71a56d0318f588f15a283d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:88:eb:e0:27:85:86:5a:cb:2a:ac:9a:8e:fb:
                    1c:c4:b7:65:75:99:ad:04:e5:a6:0c:f5:6e:bf:6b:
                    55:09:2c:30:0f:44:6a:af:2b:b7:de:1b:45:c9:ac:
                    70:00:76:7c:56:68:ad:3d:71:3d:1f:0a:1e:8f:60:
                    59:8e:bf:3f:12:16:b9:e8:e9:4f:11:c8:1b:23:86:
                    14:18:fe:63:cb:64:55:8a:e3:fd:0b:51:70:ea:bd:
                    a4:23:e8:22:67:7f:5a:d5:a4:8f:3e:a3:ca:5a:64:
                    8d:74:b5:a3:7c:74:73:d6:e0:0c:a4:75:95:8d:e0:
                    5c:67:4e:a8:68:d8:a7:a1:95:14:b6:8d:bc:ab:69:
                    22:d5:58:e9:df:b2:60:8f:5d:c9:15:c4:34:c4:a3:
                    6a:69:f5:17:39:19:1e:4e:94:2e:a8:a5:6f:a4:df:
                    3d:6e:70:4f:af:56:4e:84:4e:c9:14:f0:3e:a6:a5:
                    f4:bd:b9:3d:1b:16:77:b9:2a:c7:ba:e3:d3:66:c5:
                    0b:c1:62:81:5a:06:d4:d3:09:a6:6c:e0:11:11:ba:
                    2a:90:61:d2:1b:6d:f3:a8:54:f0:11:ae:87:a5:0a:
                    3c:15:4f:ab:00:84:a9:b3:87:30:61:37:7a:dd:73:
                    8a:17:e1:5b:e0:e2:f1:4a:12:1e:3c:3d:1c:22:5c:
                    26:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:52:CB:2A:26:74:1E:9F:4E:71:A5:6D:03:18:F5:88:F1:5A:28:3D
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/UFLLKiZ0Hp9OcaVtAxj1iPFaKD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:be47::/32

    Signature Algorithm: sha256WithRSAEncryption
         62:09:06:66:89:a5:80:73:7e:a3:8c:6b:01:bc:b3:f1:1b:dd:
         9d:9f:17:1c:9c:77:b3:ab:c3:53:6e:50:89:51:1d:ee:13:15:
         61:9d:bc:aa:a1:22:c2:4c:14:6a:da:e0:cb:54:e2:25:37:28:
         b1:5a:af:34:0f:26:80:45:3a:8f:94:c7:cc:8b:5f:ab:05:8d:
         8d:75:bb:08:74:97:1c:a8:b6:31:df:d2:99:9c:d1:b3:6f:90:
         ee:cf:b9:30:ea:ea:59:ec:89:dc:f1:d0:aa:51:97:05:ff:5b:
         79:12:a7:3a:c2:ad:26:64:84:da:bb:71:13:34:c3:54:4a:5d:
         b3:58:59:ff:2c:f3:2a:63:85:85:d6:13:72:e3:bd:d0:75:ac:
         7d:58:4a:7c:c1:d1:78:ae:64:16:0d:a6:53:ab:27:e0:aa:02:
         f9:94:0f:1c:90:31:9a:02:ac:d5:f3:3e:1c:a2:76:93:6c:dc:
         93:28:bc:2c:aa:d5:55:67:d2:11:ef:9c:5d:e1:ea:62:e9:46:
         3a:26:25:ee:6e:c5:b9:40:7e:f3:1f:48:ea:0e:ea:79:3b:0b:
         42:ac:70:57:74:70:4a:de:92:85:bc:71:c7:f2:e0:5f:d3:18:
         92:08:5b:06:53:06:62:f6:16:d4:af:54:bf:0d:c8:0d:ef:18:
         2c:9c:f4:bb
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd/Qo/xEDizmI7zHmKUukK2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjE3MTg1OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDUyY2IyYTI2NzQxZTlmNGU3MWE1NmQwMzE4ZjU4OGYxNWEyODNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzYjr4CeFhlrLKqyajvscxLdldZmt
BOWmDPVuv2tVCSwwD0Rqryu33htFyaxwAHZ8VmitPXE9Hwoej2BZjr8/Eha56OlP
EcgbI4YUGP5jy2RViuP9C1Fw6r2kI+giZ39a1aSPPqPKWmSNdLWjfHRz1uAMpHWV
jeBcZ06oaNinoZUUto28q2ki1Vjp37Jgj13JFcQ0xKNqafUXORkeTpQuqKVvpN89
bnBPr1ZOhE7JFPA+pqX0vbk9GxZ3uSrHuuPTZsULwWKBWgbU0wmmbOAREboqkGHS
G23zqFTwEa6HpQo8FU+rAISps4cwYTd63XOKF+Fb4OLxShIePD0cIlwm6wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFBSyyomdB6fTnGlbQMY9YjxWig9MB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvVUZMTEtpWjBIcDlPY2FWdEF4ajFpUEZhS0QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhO+RzAN
BgkqhkiG9w0BAQsFAAOCAQEAYgkGZomlgHN+o4xrAbyz8RvdnZ8XHJx3s6vDU25Q
iVEd7hMVYZ28qqEiwkwUatrgy1TiJTcosVqvNA8mgEU6j5THzItfqwWNjXW7CHSX
HKi2Md/SmZzRs2+Q7s+5MOrqWeyJ3PHQqlGXBf9beRKnOsKtJmSE2rtxEzTDVEpd
s1hZ/yzzKmOFhdYTcuO90HWsfVhKfMHReK5kFg2mU6sn4KoC+ZQPHJAxmgKs1fM+
HKJ2k2zckyi8LKrVVWfSEe+cXeHqYulGOiYl7m7FuUB+8x9I6g7qeTsLQqxwV3Rw
St6Shbxxx/LgX9MYkghbBlMGYvYW1K9Uvw3IDe8YLJz0uw==
-----END CERTIFICATE-----