Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/pSPQssN5kDIUCVU97gVJ5sRDFrA.roa
File:                     pSPQssN5kDIUCVU97gVJ5sRDFrA.roa (raw, json)
Hash identifier:          2T2Pj/Lur1RrWbVnX6sEjqE6EYLVtljOc+B0vUZ0Otg=
Subject key identifier:   A5:23:D0:B2:C3:79:90:32:14:09:55:3D:EE:05:49:E6:C4:43:16:B0
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01977F428F05E60A5C60AD5B8848E689AAD8
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/pSPQssN5kDIUCVU97gVJ5sRDFrA.roa
Signing time:             Tue 17 Jun 2025 18:59:17 +0000
ROA not before:           Tue 17 Jun 2025 18:59:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42881
IP address blocks:        2a13:dfc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 12:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7f:42:8f:05:e6:0a:5c:60:ad:5b:88:48:e6:89:aa:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 17 18:59:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a523d0b2c37990321409553dee0549e6c44316b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:8c:87:5f:2e:48:71:74:3b:ad:15:d6:e2:72:
                    ab:90:ad:f2:70:ce:69:be:a2:0e:48:73:f2:15:09:
                    87:21:a9:c3:92:0b:f8:22:61:0a:88:6a:3e:a9:66:
                    25:fa:ef:5d:8f:a8:25:3f:d0:80:31:d8:9c:90:6d:
                    9a:f6:d1:4e:21:59:5e:5c:97:32:d2:f1:92:56:a6:
                    c0:80:7c:12:36:18:c1:1b:ee:61:85:97:fe:62:05:
                    ff:e6:70:f6:86:1b:19:ef:dc:c8:b6:d8:8b:86:b5:
                    77:e2:46:e1:6c:e9:20:a3:b9:21:16:bd:d8:01:f5:
                    08:94:42:4b:3d:e3:7d:4d:50:b5:79:c1:d4:dc:44:
                    de:dc:16:5c:bd:6a:42:2b:7b:f6:7a:46:ec:bb:76:
                    08:db:bb:92:9e:ac:af:3f:6a:6b:6c:68:91:c7:4b:
                    33:3f:38:b7:93:d9:31:6f:78:db:d6:16:15:6a:72:
                    86:9c:c0:d6:f6:7a:24:27:60:57:2f:86:fa:fc:32:
                    3e:6b:f6:67:63:20:9c:e6:6e:5f:3d:87:17:95:51:
                    d7:29:10:f8:cd:0a:f8:54:fc:8a:d5:ec:d9:f3:44:
                    27:f1:cf:9b:47:24:d3:68:9b:32:df:f1:c8:d2:f5:
                    ad:4e:c3:71:26:93:a7:bd:f1:db:72:61:1e:49:d9:
                    d9:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:23:D0:B2:C3:79:90:32:14:09:55:3D:EE:05:49:E6:C4:43:16:B0
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/pSPQssN5kDIUCVU97gVJ5sRDFrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:dfc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         25:9d:b5:86:6a:d3:ca:01:ab:ee:14:43:de:e2:5f:ec:20:b0:
         80:b7:07:45:de:97:9e:0b:ca:85:f0:3c:ab:ea:c6:a6:4b:e7:
         9f:de:ba:bf:08:b3:4a:d2:30:70:3b:e7:92:97:c3:5b:36:c0:
         3f:96:57:cd:18:ad:9f:e2:68:8f:11:63:01:c4:1a:bb:c5:26:
         e2:d4:52:1d:e5:e1:43:01:88:58:32:51:a3:35:80:19:61:e4:
         21:fe:f3:e1:eb:c7:fc:86:ef:0f:3c:df:ae:d6:46:1f:aa:3d:
         55:12:4b:6c:8a:2d:29:5c:e4:ca:0c:95:89:a0:79:cf:ab:4d:
         c6:4c:e3:02:f3:35:d5:a6:5d:53:81:77:c4:fb:d7:88:ef:17:
         97:c9:84:f6:c0:18:4b:96:e0:9e:e1:2c:fc:58:b6:66:9b:e8:
         e1:c7:27:38:28:10:5e:86:4b:24:f3:0d:1a:b6:f1:6e:7a:8f:
         a2:99:c0:be:9d:d4:f3:49:f2:21:9f:56:fb:5b:d1:6e:e3:23:
         67:e5:9f:51:a1:74:de:a4:e8:a9:5d:7d:bc:44:b3:7d:73:25:
         83:b2:5c:e0:09:59:78:f5:ce:71:f3:c9:83:ac:aa:e0:a9:4b:
         54:35:df:f5:f4:dc:13:4d:af:ed:11:8b:a4:59:17:06:68:92:
         2d:33:a5:9a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd/Qo8F5gpcYK1biEjmiarYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjE3MTg1OTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTIzZDBiMmMzNzk5MDMyMTQwOTU1M2RlZTA1NDllNmM0NDMxNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxYyHXy5IcXQ7rRXW4nKrkK3ycM5p
vqIOSHPyFQmHIanDkgv4ImEKiGo+qWYl+u9dj6glP9CAMdickG2a9tFOIVleXJcy
0vGSVqbAgHwSNhjBG+5hhZf+YgX/5nD2hhsZ79zIttiLhrV34kbhbOkgo7khFr3Y
AfUIlEJLPeN9TVC1ecHU3ETe3BZcvWpCK3v2ekbsu3YI27uSnqyvP2prbGiRx0sz
Pzi3k9kxb3jb1hYVanKGnMDW9nokJ2BXL4b6/DI+a/ZnYyCc5m5fPYcXlVHXKRD4
zQr4VPyK1ezZ80Qn8c+bRyTTaJsy3/HI0vWtTsNxJpOnvfHbcmEeSdnZhQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKUj0LLDeZAyFAlVPe4FSebEQxawMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvcFNQUXNzTjVrRElVQ1ZVOTdnVko1c1JERnJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPfwDAN
BgkqhkiG9w0BAQsFAAOCAQEAJZ21hmrTygGr7hRD3uJf7CCwgLcHRd6XngvKhfA8
q+rGpkvnn966vwizStIwcDvnkpfDWzbAP5ZXzRitn+JojxFjAcQau8Um4tRSHeXh
QwGIWDJRozWAGWHkIf7z4evH/IbvDzzfrtZGH6o9VRJLbIotKVzkygyViaB5z6tN
xkzjAvM11aZdU4F3xPvXiO8Xl8mE9sAYS5bgnuEs/Fi2Zpvo4ccnOCgQXoZLJPMN
GrbxbnqPopnAvp3U80nyIZ9W+1vRbuMjZ+WfUaF03qToqV19vESzfXMlg7Jc4AlZ
ePXOcfPJg6yq4KlLVDXf9fTcE02v7RGLpFkXBmiSLTOlmg==
-----END CERTIFICATE-----