Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/xmtjwxeBLOAWcHZqUbjEPq2TVyA.roa
File:                     xmtjwxeBLOAWcHZqUbjEPq2TVyA.roa (raw, json)
Hash identifier:          6LvCGqyMBfudMs9Yh6sSAhcgOZ+ICy/M8PUt4CxnzIg=
Subject key identifier:   C6:6B:63:C3:17:81:2C:E0:16:70:76:6A:51:B8:C4:3E:AD:93:57:20
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019CE39B4A5BEB661C7CC64DA13D224FF17B
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/xmtjwxeBLOAWcHZqUbjEPq2TVyA.roa
Signing time:             Thu 12 Mar 2026 19:52:11 +0000
ROA not before:           Thu 12 Mar 2026 19:52:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200216
IP address blocks:        2a13:bcc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:9b:4a:5b:eb:66:1c:7c:c6:4d:a1:3d:22:4f:f1:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar 12 19:52:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c66b63c317812ce01670766a51b8c43ead935720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:44:fa:e5:ae:18:2a:27:ae:18:55:c4:91:12:
                    76:95:e0:5d:12:ab:7c:6a:b3:21:1f:57:6d:77:bf:
                    4e:fd:e9:39:4d:8c:97:31:07:18:f0:5f:7f:ef:4f:
                    01:0a:cb:23:61:17:73:4c:33:21:45:fa:38:43:fd:
                    05:44:db:e9:23:f6:d7:4b:1d:5b:bb:92:d9:d5:55:
                    f5:e5:01:ba:24:37:98:fa:9c:f6:f3:39:30:05:e7:
                    e4:0a:10:ee:3f:ad:db:ce:08:bf:02:1c:fc:a1:51:
                    06:8b:f9:b8:e3:bb:41:e0:de:85:e1:a9:84:53:e8:
                    dc:01:e6:60:e1:22:73:26:09:74:77:a1:35:6b:2d:
                    6e:7f:88:0d:35:f5:e5:d1:ce:cb:73:16:2a:14:43:
                    81:55:ae:fb:d6:5b:40:a4:e2:6e:eb:6c:bb:57:ef:
                    b3:63:98:b0:05:7a:c7:fc:5d:06:e6:53:5d:ec:c3:
                    b2:86:4a:21:ed:a6:e7:4a:9b:a4:2b:7e:16:9c:35:
                    83:72:23:3b:62:96:e4:c6:d5:62:cb:ce:c4:a3:8f:
                    97:b8:49:02:00:08:55:72:37:18:04:99:be:c2:7f:
                    e9:33:4c:57:ca:b0:20:e4:1b:6d:59:5f:88:be:82:
                    63:c4:13:b6:30:e1:85:0a:c6:3d:51:bb:55:68:4f:
                    9c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:6B:63:C3:17:81:2C:E0:16:70:76:6A:51:B8:C4:3E:AD:93:57:20
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/xmtjwxeBLOAWcHZqUbjEPq2TVyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         b8:4f:71:4c:f2:24:67:89:f1:b3:d3:c9:84:5e:2d:bd:a5:9b:
         62:94:fb:cf:96:ba:01:6f:73:dc:ba:58:1a:36:3f:97:f5:ac:
         86:4c:5e:20:03:05:dd:af:75:fc:8b:3f:d8:5f:45:11:35:b8:
         48:e4:52:db:3b:4f:82:d8:85:95:ce:05:5e:ab:c4:9b:b9:00:
         9e:78:2f:9c:2d:f9:ca:62:d9:77:22:39:89:ed:e6:22:86:b8:
         dd:46:71:92:12:9c:df:44:80:88:46:1d:78:d7:76:0a:d6:5f:
         70:ca:ec:c3:65:64:23:95:5e:54:47:bc:15:ed:34:5e:a9:61:
         c1:a0:43:ad:25:ba:57:2e:80:17:90:bd:bc:81:63:29:40:77:
         62:37:83:78:db:f6:54:27:bf:af:0f:48:46:b3:08:8f:75:93:
         86:b5:d6:23:fb:8e:90:d9:a9:08:a9:63:72:90:eb:97:cf:f9:
         45:12:71:5b:a7:73:02:63:d7:6f:58:4e:4e:23:2a:ca:3f:a9:
         a8:dd:b5:83:20:cd:c7:bc:60:1e:0a:de:e6:92:c3:1e:d4:30:
         57:6a:f3:94:81:d8:9f:2f:63:67:a6:b1:f4:1c:89:0f:62:d5:
         6b:e1:78:01:64:9f:c3:ba:d9:03:b4:7c:a9:ab:61:85:25:33:
         a5:1b:f6:8c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzjm0pb62YcfMZNoT0iT/F7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMzEyMTk1MjExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjZiNjNjMzE3ODEyY2UwMTY3MDc2NmE1MWI4YzQzZWFkOTM1NzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ET65a4YKieuGFXEkRJ2leBdEqt8
arMhH1dtd79O/ek5TYyXMQcY8F9/708BCssjYRdzTDMhRfo4Q/0FRNvpI/bXSx1b
u5LZ1VX15QG6JDeY+pz28zkwBefkChDuP63bzgi/Ahz8oVEGi/m447tB4N6F4amE
U+jcAeZg4SJzJgl0d6E1ay1uf4gNNfXl0c7LcxYqFEOBVa771ltApOJu62y7V++z
Y5iwBXrH/F0G5lNd7MOyhkoh7abnSpukK34WnDWDciM7YpbkxtViy87Eo4+XuEkC
AAhVcjcYBJm+wn/pM0xXyrAg5BttWV+IvoJjxBO2MOGFCsY9UbtVaE+cSQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMZrY8MXgSzgFnB2alG4xD6tk1cgMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEveG10and4ZUJMT0FXY0hacVViakVQcTJUVnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO8wDAN
BgkqhkiG9w0BAQsFAAOCAQEAuE9xTPIkZ4nxs9PJhF4tvaWbYpT7z5a6AW9z3LpY
GjY/l/WshkxeIAMF3a91/Is/2F9FETW4SORS2ztPgtiFlc4FXqvEm7kAnngvnC35
ymLZdyI5ie3mIoa43UZxkhKc30SAiEYdeNd2CtZfcMrsw2VkI5VeVEe8Fe00Xqlh
waBDrSW6Vy6AF5C9vIFjKUB3YjeDeNv2VCe/rw9IRrMIj3WThrXWI/uOkNmpCKlj
cpDrl8/5RRJxW6dzAmPXb1hOTiMqyj+pqN21gyDNx7xgHgre5pLDHtQwV2rzlIHY
ny9jZ6ax9ByJD2LVa+F4AWSfw7rZA7R8qathhSUzpRv2jA==
-----END CERTIFICATE-----