Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/5nkDYaL_N3XUm2b3-hRiMXFkDBw.roa
File:                     5nkDYaL_N3XUm2b3-hRiMXFkDBw.roa (raw, json)
Hash identifier:          8ewPaOrQUblN5fck7HDwjkvw7tgSP4FE85e1TfIj58M=
Subject key identifier:   E6:79:03:61:A2:FF:37:75:D4:9B:66:F7:FA:14:62:31:71:64:0C:1C
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019D9621A55E91CC82B92AD338BE98AA6518
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/5nkDYaL_N3XUm2b3-hRiMXFkDBw.roa
Signing time:             Thu 16 Apr 2026 11:51:20 +0000
ROA not before:           Thu 16 Apr 2026 11:51:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        2a0e:d300::/29 maxlen: 29
                          2a13:d1c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:21:a5:5e:91:cc:82:b9:2a:d3:38:be:98:aa:65:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Apr 16 11:51:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e6790361a2ff3775d49b66f7fa14623171640c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:96:93:08:f3:fd:c4:cf:b1:c9:9b:61:82:1b:
                    f4:ed:4d:06:c2:2b:4b:9b:e6:88:4d:91:bf:1c:2e:
                    11:d2:f5:aa:51:94:09:50:30:29:2c:71:15:ab:01:
                    63:6e:45:8d:73:d8:57:04:6b:07:14:fd:4f:fc:85:
                    f6:e9:90:f9:32:b3:1d:ad:60:03:c2:c4:06:00:9e:
                    30:c1:0c:f8:6c:91:03:e4:c2:5c:97:9b:4f:38:fd:
                    a3:cf:e3:b5:fa:c4:35:99:80:94:16:67:57:b0:bb:
                    a1:be:25:45:63:9c:92:ff:19:12:9b:fb:45:9b:63:
                    4d:b5:b5:d5:5a:58:90:33:c2:2b:69:58:7d:d7:15:
                    50:7c:54:6c:dc:07:25:36:d6:42:cb:09:97:83:c7:
                    8d:a4:eb:5b:09:36:a6:1f:ad:07:83:11:00:8c:09:
                    ce:d0:71:93:66:4e:b3:66:ca:82:57:2f:71:be:f7:
                    b3:4c:a8:a7:99:76:85:6c:ca:7a:ce:cc:eb:a9:53:
                    ca:ea:35:8a:fb:13:a1:0b:8d:9a:47:c7:62:06:3b:
                    92:e3:5b:20:45:7b:a2:af:e1:37:df:88:08:cd:e8:
                    57:4b:f7:fb:a7:97:13:10:d9:da:0b:59:3d:9e:ea:
                    32:bf:00:b7:24:10:1b:6b:c8:ad:cf:98:31:c3:b0:
                    b3:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:79:03:61:A2:FF:37:75:D4:9B:66:F7:FA:14:62:31:71:64:0C:1C
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/5nkDYaL_N3XUm2b3-hRiMXFkDBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:d300::/29
                  2a13:d1c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:8f:ac:04:66:66:d7:bc:83:6e:7c:d5:53:1e:7f:b1:15:3d:
         f1:e1:04:fb:19:61:2d:dc:98:10:9b:e9:02:eb:e4:fb:22:de:
         41:cd:84:73:c7:83:34:61:3f:a9:e4:9e:3a:79:34:19:65:9e:
         b9:c4:b1:c6:b3:83:69:7f:2d:e6:d6:07:b4:0b:de:98:2c:6a:
         f6:a2:92:f4:9a:a3:5a:1c:4c:af:23:6b:12:6f:19:9e:ce:4f:
         ed:ba:94:81:fd:d7:07:68:4b:59:27:ff:03:58:88:75:6f:d2:
         21:3e:ae:b6:96:5a:b8:65:e0:cc:f2:cd:de:82:b8:82:c2:9b:
         98:a7:0d:db:aa:8e:85:5b:be:9f:22:5f:73:bc:e1:15:25:f5:
         f4:51:64:6a:00:6d:39:2d:5e:c5:e2:e9:bc:52:83:27:6b:91:
         cb:ba:c5:87:d3:fe:09:3f:dd:8d:7f:84:a2:09:8c:ee:76:70:
         bf:fb:2f:21:69:85:2f:03:15:79:67:e8:90:aa:af:00:1f:96:
         0c:e2:cc:76:0e:9b:4f:d4:bd:ed:1a:e3:ce:e1:c7:7e:26:6e:
         06:b8:1f:38:cf:4e:8e:8b:24:00:01:a2:cf:b6:00:55:d5:17:
         91:f7:da:91:28:6b:72:72:39:a7:66:33:da:de:2d:96:ba:28:
         5e:c4:c1:68
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ2WIaVekcyCuSrTOL6YqmUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwNDE2MTE1MTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjc5MDM2MWEyZmYzNzc1ZDQ5YjY2ZjdmYTE0NjIzMTcxNjQwYzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzJaTCPP9xM+xyZthghv07U0GwitL
m+aITZG/HC4R0vWqUZQJUDApLHEVqwFjbkWNc9hXBGsHFP1P/IX26ZD5MrMdrWAD
wsQGAJ4wwQz4bJED5MJcl5tPOP2jz+O1+sQ1mYCUFmdXsLuhviVFY5yS/xkSm/tF
m2NNtbXVWliQM8IraVh91xVQfFRs3AclNtZCywmXg8eNpOtbCTamH60HgxEAjAnO
0HGTZk6zZsqCVy9xvvezTKinmXaFbMp6zszrqVPK6jWK+xOhC42aR8diBjuS41sg
RXuir+E334gIzehXS/f7p5cTENnaC1k9nuoyvwC3JBAba8itz5gxw7CzCQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOZ5A2Gi/zd11Jtm9/oUYjFxZAwcMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvNW5rRFlhTF9OM1hVbTJiMy1oUmlNWEZrREJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKg7TAAMF
AyoT0cAwDQYJKoZIhvcNAQELBQADggEBAFmPrARmZte8g2581VMef7EVPfHhBPsZ
YS3cmBCb6QLr5Psi3kHNhHPHgzRhP6nknjp5NBllnrnEscazg2l/LebWB7QL3pgs
avaikvSao1ocTK8jaxJvGZ7OT+26lIH91wdoS1kn/wNYiHVv0iE+rraWWrhl4Mzy
zd6CuILCm5inDduqjoVbvp8iX3O84RUl9fRRZGoAbTktXsXi6bxSgydrkcu6xYfT
/gk/3Y1/hKIJjO52cL/7LyFphS8DFXln6JCqrwAflgzizHYOm0/Uve0a487hx34m
bga4HzjPTo6LJAABos+2AFXVF5H32pEoa3JyOadmM9reLZa6KF7EwWg=
-----END CERTIFICATE-----