Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/sSrTDL6nguTxbh69Ill43irJGLE.roa
File:                     sSrTDL6nguTxbh69Ill43irJGLE.roa (raw, json)
Hash identifier:          e1S86JgpzImCBy74Z+DZRrxSrSDLIoWOZKxkg3oykGM=
Subject key identifier:   B1:2A:D3:0C:BE:A7:82:E4:F1:6E:1E:BD:22:59:78:DE:2A:C9:18:B1
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01996D92D650C131D561831FEF78B29BDFDD
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/sSrTDL6nguTxbh69Ill43irJGLE.roa
Signing time:             Sun 21 Sep 2025 18:39:23 +0000
ROA not before:           Sun 21 Sep 2025 18:39:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211507
IP address blocks:        2a13:bd40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 13:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:6d:92:d6:50:c1:31:d5:61:83:1f:ef:78:b2:9b:df:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Sep 21 18:39:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b12ad30cbea782e4f16e1ebd225978de2ac918b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:22:de:84:39:9f:b6:dc:2e:d7:97:cd:71:e6:
                    f5:9a:4c:41:6e:01:25:57:51:f0:23:57:e2:9b:12:
                    2d:2f:b7:97:29:67:4b:fc:66:81:64:b9:b7:ec:4f:
                    35:9a:1c:00:86:6d:ba:2b:55:6f:36:d1:92:91:6d:
                    41:4b:cf:d6:c2:f3:24:a6:b4:82:e0:93:28:4a:4a:
                    66:2e:cb:be:b7:72:52:cc:f3:ac:d3:19:79:bc:74:
                    84:c6:5b:f1:fc:42:09:1c:f0:6a:fc:c7:6b:07:db:
                    bb:77:58:7b:3c:54:ca:9e:c4:9f:d4:27:1a:65:8e:
                    e3:11:48:ac:0c:51:7c:49:60:5f:78:29:5e:88:f4:
                    36:6c:0b:a4:17:5b:a2:c0:50:17:51:1b:56:7b:02:
                    5d:42:83:7f:6a:6f:9c:67:d1:f0:52:d5:c0:83:cf:
                    ac:ee:8e:72:1a:66:96:2a:28:c4:26:63:94:30:9c:
                    7d:8f:eb:a7:53:01:14:bf:19:27:a2:67:68:b0:ad:
                    13:d0:4c:7c:e1:8a:f9:c2:d4:13:43:99:d0:77:73:
                    b5:0d:99:71:2e:15:b8:88:86:6a:6d:4e:1a:aa:23:
                    78:a7:3a:eb:b6:ca:84:06:29:fd:6a:ec:e9:51:ef:
                    b5:0d:ff:94:58:25:6a:96:60:2b:9e:c6:b6:a0:0a:
                    42:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:2A:D3:0C:BE:A7:82:E4:F1:6E:1E:BD:22:59:78:DE:2A:C9:18:B1
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/sSrTDL6nguTxbh69Ill43irJGLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         65:d3:c8:e3:18:96:84:2f:25:3f:dd:f6:24:5c:15:8d:75:b8:
         34:80:cf:50:50:66:e8:88:db:17:58:1e:78:bd:77:1c:c2:e7:
         22:72:25:57:8a:f7:d3:19:a3:ab:14:c5:11:f4:54:68:ae:1a:
         63:56:fa:6e:3d:7f:eb:ea:b1:63:e9:84:ca:31:1a:5a:7e:e1:
         e0:08:36:ed:ea:43:b4:c6:e1:fb:3b:c5:6b:e8:72:18:c0:98:
         c8:c3:7f:25:33:28:78:0d:73:42:b1:04:be:34:c6:66:93:32:
         78:37:01:91:77:9e:75:60:28:7e:ca:3e:4c:d3:56:86:cc:27:
         cb:5d:be:ab:dd:ec:b8:aa:1e:75:25:36:24:a6:f7:37:57:fd:
         67:04:ed:48:44:e1:fb:5e:db:c4:d7:a4:08:74:7a:22:17:02:
         e8:eb:f0:50:80:42:d9:e6:e9:a1:58:43:4c:26:c4:ca:9c:4c:
         a7:ac:c1:da:31:13:0c:de:a2:55:bf:c4:51:28:9b:bd:b8:aa:
         b8:c0:bc:d4:6a:37:a0:e0:54:e8:f4:32:97:b1:46:3f:ee:1c:
         d6:f5:fd:4f:b2:30:db:ee:a3:61:e5:0c:a8:74:43:40:2b:5d:
         90:b3:41:f4:72:fc:58:1a:05:03:ae:09:b3:7b:ea:17:66:ef:
         eb:e6:12:29
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZltktZQwTHVYYMf73iym9/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwOTIxMTgzOTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTJhZDMwY2JlYTc4MmU0ZjE2ZTFlYmQyMjU5NzhkZTJhYzkxOGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviLehDmfttwu15fNceb1mkxBbgEl
V1HwI1fimxItL7eXKWdL/GaBZLm37E81mhwAhm26K1VvNtGSkW1BS8/WwvMkprSC
4JMoSkpmLsu+t3JSzPOs0xl5vHSExlvx/EIJHPBq/MdrB9u7d1h7PFTKnsSf1Cca
ZY7jEUisDFF8SWBfeCleiPQ2bAukF1uiwFAXURtWewJdQoN/am+cZ9HwUtXAg8+s
7o5yGmaWKijEJmOUMJx9j+unUwEUvxknomdosK0T0Ex84Yr5wtQTQ5nQd3O1DZlx
LhW4iIZqbU4aqiN4pzrrtsqEBin9auzpUe+1Df+UWCVqlmArnsa2oApC8wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFLEq0wy+p4Lk8W4evSJZeN4qyRixMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvc1NyVERMNm5ndVR4Ymg2OUlsbDQzaXJKR0xFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO9QDAN
BgkqhkiG9w0BAQsFAAOCAQEAZdPI4xiWhC8lP932JFwVjXW4NIDPUFBm6IjbF1ge
eL13HMLnInIlV4r30xmjqxTFEfRUaK4aY1b6bj1/6+qxY+mEyjEaWn7h4Ag27epD
tMbh+zvFa+hyGMCYyMN/JTMoeA1zQrEEvjTGZpMyeDcBkXeedWAofso+TNNWhswn
y12+q93suKoedSU2JKb3N1f9ZwTtSETh+17bxNekCHR6IhcC6OvwUIBC2ebpoVhD
TCbEypxMp6zB2jETDN6iVb/EUSibvbiquMC81Go3oOBU6PQyl7FGP+4c1vX9T7Iw
2+6jYeUMqHRDQCtdkLNB9HL8WBoFA64Js3vqF2bv6+YSKQ==
-----END CERTIFICATE-----