Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/yeaSVOY_2RKwqxHlxekdt46XnfA.roa
File:                     yeaSVOY_2RKwqxHlxekdt46XnfA.roa (raw, json)
Hash identifier:          IUmDaJ+QQrXKsNeMI6OsxvyPlW0V65tj0hhIVHsFQrs=
Subject key identifier:   C9:E6:92:54:E6:3F:D9:12:B0:AB:11:E5:C5:E9:1D:B7:8E:97:9D:F0
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019CE3185F52DF8F6F69D0D1E4459AD3DB00
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/yeaSVOY_2RKwqxHlxekdt46XnfA.roa
Signing time:             Thu 12 Mar 2026 17:29:11 +0000
ROA not before:           Thu 12 Mar 2026 17:29:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     399486
IP address blocks:        2a13:bd40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e3:18:5f:52:df:8f:6f:69:d0:d1:e4:45:9a:d3:db:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar 12 17:29:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c9e69254e63fd912b0ab11e5c5e91db78e979df0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:12:b1:24:47:fe:44:2d:e5:95:3b:de:f3:68:
                    7f:3c:e2:30:d3:5c:aa:d3:9a:00:a2:dc:8a:5f:54:
                    36:4b:fd:f9:67:3d:65:97:88:c3:de:00:c4:bf:84:
                    9e:38:d3:da:3d:8a:5b:12:5b:9a:c5:7a:cb:f8:22:
                    c1:05:de:b8:eb:6b:ef:29:b4:93:bf:f9:eb:f0:50:
                    5b:cf:eb:a1:ed:5c:0c:a1:36:62:90:12:bf:9f:f4:
                    9c:38:50:25:b0:5c:b1:15:10:e8:45:ea:f8:e4:4f:
                    a5:6d:c7:0a:6b:b6:d0:01:4d:05:f6:9b:45:68:fc:
                    9c:c9:da:16:30:51:9f:61:2a:c7:e9:8a:b2:d2:e3:
                    36:63:38:17:79:40:fa:08:77:e7:8d:b2:24:c5:8b:
                    b1:c7:6c:b1:98:64:55:d6:de:02:05:d2:86:a0:0d:
                    3a:6b:95:84:c9:40:8c:98:15:a7:1a:82:78:65:19:
                    0e:43:7e:e7:3d:e2:18:31:27:a8:73:d8:55:e3:73:
                    9f:97:8d:1a:4a:49:39:92:5b:21:3c:97:41:7c:12:
                    56:ea:b3:29:3f:92:8b:23:7b:58:04:d2:ed:f0:25:
                    9c:a6:e4:3b:df:65:a2:05:a9:87:b3:13:53:1a:8e:
                    28:4e:56:34:33:98:c5:81:07:f2:14:2c:d9:26:9b:
                    9b:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:E6:92:54:E6:3F:D9:12:B0:AB:11:E5:C5:E9:1D:B7:8E:97:9D:F0
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/yeaSVOY_2RKwqxHlxekdt46XnfA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:bd40::/29

    Signature Algorithm: sha256WithRSAEncryption
         0d:e8:a0:df:a6:99:2e:b9:ac:92:43:b9:d3:a3:f4:cd:a9:59:
         3f:02:37:33:69:91:7e:59:3f:cd:b9:30:ec:16:59:09:e4:c2:
         81:32:20:f7:a3:d2:6d:41:40:fc:55:fb:32:b6:6a:2e:de:b2:
         b3:a5:f8:12:e8:f7:d8:f1:c9:d6:f8:1d:3d:4e:96:ed:c5:2e:
         2e:93:18:7f:fa:2c:2e:43:b8:9d:0f:37:2d:62:4d:7f:29:b2:
         62:e8:50:8a:b4:a7:d0:ad:fa:cd:3c:4f:33:27:c2:db:31:1c:
         03:a6:41:cb:0e:89:04:de:49:ef:ae:0d:04:c1:0c:01:f1:24:
         6b:45:34:21:8e:17:1c:ea:3a:97:22:33:40:a0:a7:8e:22:c1:
         2d:df:91:e7:ae:c1:04:8c:47:1c:75:50:ff:a2:82:3b:eb:f6:
         ee:9a:3e:05:dd:8e:35:e6:d1:79:b7:44:80:68:46:af:51:2d:
         f5:fd:79:40:ae:97:30:dc:ab:6a:cc:20:5a:c7:e7:f7:54:7e:
         f6:22:6e:b0:88:98:f5:38:fe:93:ef:8f:54:93:9d:3b:7a:31:
         6c:eb:76:43:7e:b1:f8:64:70:50:4d:07:38:c6:58:2e:6d:09:
         d3:ec:c2:d6:9b:3f:ac:76:e3:2f:45:63:61:a6:e2:6b:74:46:
         f5:f9:53:2c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZzjGF9S349vadDR5EWa09sAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMzEyMTcyOTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWU2OTI1NGU2M2ZkOTEyYjBhYjExZTVjNWU5MWRiNzhlOTc5ZGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxKxJEf+RC3llTve82h/POIw01yq
05oAotyKX1Q2S/35Zz1ll4jD3gDEv4SeONPaPYpbEluaxXrL+CLBBd6462vvKbST
v/nr8FBbz+uh7VwMoTZikBK/n/ScOFAlsFyxFRDoRer45E+lbccKa7bQAU0F9ptF
aPycydoWMFGfYSrH6Yqy0uM2YzgXeUD6CHfnjbIkxYuxx2yxmGRV1t4CBdKGoA06
a5WEyUCMmBWnGoJ4ZRkOQ37nPeIYMSeoc9hV43Ofl40aSkk5klshPJdBfBJW6rMp
P5KLI3tYBNLt8CWcpuQ732WiBamHsxNTGo4oTlY0M5jFgQfyFCzZJpub+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMnmklTmP9kSsKsR5cXpHbeOl53wMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEveWVhU1ZPWV8yUkt3cXhIbHhla2R0NDZYbmZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhO9QDAN
BgkqhkiG9w0BAQsFAAOCAQEADeig36aZLrmskkO506P0zalZPwI3M2mRflk/zbkw
7BZZCeTCgTIg96PSbUFA/FX7MrZqLt6ys6X4Euj32PHJ1vgdPU6W7cUuLpMYf/os
LkO4nQ83LWJNfymyYuhQirSn0K36zTxPMyfC2zEcA6ZByw6JBN5J764NBMEMAfEk
a0U0IY4XHOo6lyIzQKCnjiLBLd+R567BBIxHHHVQ/6KCO+v27po+Bd2ONebRebdE
gGhGr1Et9f15QK6XMNyraswgWsfn91R+9iJusIiY9Tj+k++PVJOdO3oxbOt2Q36x
+GRwUE0HOMZYLm0J0+zC1ps/rHbjL0VjYabia3RG9flTLA==
-----END CERTIFICATE-----