Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/Odch-5dW8WVPx8NUCliwoB1qNgA.roa
File:                     Odch-5dW8WVPx8NUCliwoB1qNgA.roa (raw, json)
Hash identifier:          ZA8c2QYClnA/dThRZN9CqZIJ6QyOfrHCWEvJi0IJm0Q=
Subject key identifier:   39:D7:21:FB:97:56:F1:65:4F:C7:C3:54:0A:58:B0:A0:1D:6A:36:00
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       01973F91EFC0B392C52C0F5E9B73DA8BEE0C
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/Odch-5dW8WVPx8NUCliwoB1qNgA.roa
Signing time:             Thu 05 Jun 2025 10:10:18 +0000
ROA not before:           Thu 05 Jun 2025 10:10:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        2a10:a9c0::/29 maxlen: 29
                          2a13:bec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 07:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3f:91:ef:c0:b3:92:c5:2c:0f:5e:9b:73:da:8b:ee:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun  5 10:10:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=39d721fb9756f1654fc7c3540a58b0a01d6a3600
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:32:c1:b0:a7:1e:16:6d:61:d8:64:c7:71:14:
                    8c:1d:7a:eb:76:74:0b:f1:f6:09:d1:1e:27:29:a3:
                    e6:c8:c3:4d:75:c0:bf:40:01:d8:6d:b7:44:04:c2:
                    f0:25:ec:ef:3a:d3:9a:7d:94:d1:d2:ab:a2:91:dc:
                    89:88:40:e7:93:c1:16:67:47:01:99:17:4a:2f:34:
                    ae:f2:e0:f3:98:af:8c:eb:ed:b1:ad:12:50:92:70:
                    c2:06:1b:39:1a:2f:c4:c4:74:6e:c9:10:1a:05:14:
                    1b:4c:cb:a9:82:2e:d2:b7:20:8d:7d:d4:34:7d:81:
                    cd:91:3a:69:9c:71:cd:b4:25:6b:f0:47:b8:53:02:
                    90:14:43:5c:83:6c:9a:07:c9:03:e1:72:96:d1:47:
                    9a:51:d4:83:98:98:33:97:5a:ea:b2:af:ba:b2:c7:
                    63:d7:10:d4:d5:8e:9c:59:fc:9c:73:57:28:d5:99:
                    e1:77:04:8c:5b:2e:20:37:9f:4e:f6:11:35:18:4b:
                    13:90:11:87:84:d2:da:4c:b1:0f:2a:77:bf:d6:40:
                    c6:4c:70:5b:ad:b4:dc:04:91:27:47:6a:27:04:84:
                    a1:0c:0b:84:ea:fd:f2:a8:a2:6b:1e:23:38:e6:a0:
                    a2:d1:ae:d4:70:8c:2b:10:6f:14:ce:d3:7a:f2:28:
                    86:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:D7:21:FB:97:56:F1:65:4F:C7:C3:54:0A:58:B0:A0:1D:6A:36:00
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/Odch-5dW8WVPx8NUCliwoB1qNgA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:a9c0::/29
                  2a13:bec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         1f:33:83:e8:65:ab:b8:6d:01:c3:fb:1b:e6:ff:9a:3f:bf:e9:
         c2:d8:09:b5:af:ae:81:6b:83:f5:77:60:7b:03:23:64:a3:75:
         36:1f:e2:59:58:f3:e5:10:72:57:16:81:42:f4:67:0a:4a:db:
         4f:d9:2f:8f:71:d4:c6:4b:f6:54:7a:fe:b9:3b:00:15:81:f4:
         66:f0:64:95:3e:f9:72:36:43:b7:09:6d:bc:fd:ca:be:c1:19:
         a3:e4:6f:7b:52:b3:5a:6d:da:8f:88:3d:77:34:f3:04:b9:fa:
         07:80:71:7f:3b:44:83:1b:85:ae:68:75:fb:5b:da:c5:3b:93:
         67:1f:29:0c:6e:70:e9:10:fc:71:bb:16:b5:5c:42:68:8f:8c:
         43:37:16:fc:f6:68:20:d9:3e:d0:65:03:b0:c9:7a:33:c1:0d:
         9d:44:dd:32:79:88:cb:35:5b:aa:70:59:da:ed:c9:03:3f:43:
         95:0f:4e:b1:47:1f:72:7b:df:33:5a:3e:83:d5:f2:2d:e3:86:
         2d:2b:e3:25:f9:47:43:66:19:f5:9c:dc:fd:4c:2c:94:45:6b:
         14:0d:21:33:d6:6d:8c:bf:c0:c4:83:e4:50:c4:7d:1e:e6:04:
         f9:ef:41:e2:3a:b5:69:1f:79:c7:f3:a4:2d:7e:99:1e:4f:20:
         01:03:9d:57
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZc/ke/As5LFLA9em3Pai+4MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjA1MTAxMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWQ3MjFmYjk3NTZmMTY1NGZjN2MzNTQwYTU4YjBhMDFkNmEzNjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzLBsKceFm1h2GTHcRSMHXrrdnQL
8fYJ0R4nKaPmyMNNdcC/QAHYbbdEBMLwJezvOtOafZTR0quikdyJiEDnk8EWZ0cB
mRdKLzSu8uDzmK+M6+2xrRJQknDCBhs5Gi/ExHRuyRAaBRQbTMupgi7StyCNfdQ0
fYHNkTppnHHNtCVr8Ee4UwKQFENcg2yaB8kD4XKW0UeaUdSDmJgzl1rqsq+6ssdj
1xDU1Y6cWfycc1co1ZnhdwSMWy4gN59O9hE1GEsTkBGHhNLaTLEPKne/1kDGTHBb
rbTcBJEnR2onBIShDAuE6v3yqKJrHiM45qCi0a7UcIwrEG8UztN68iiGqwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFDnXIfuXVvFlT8fDVApYsKAdajYAMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvT2RjaC01ZFc4V1ZQeDhOVUNsaXdvQjFxTmdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKhCpwAMF
AyoTvsAwDQYJKoZIhvcNAQELBQADggEBAB8zg+hlq7htAcP7G+b/mj+/6cLYCbWv
roFrg/V3YHsDI2SjdTYf4llY8+UQclcWgUL0ZwpK20/ZL49x1MZL9lR6/rk7ABWB
9GbwZJU++XI2Q7cJbbz9yr7BGaPkb3tSs1pt2o+IPXc08wS5+geAcX87RIMbha5o
dftb2sU7k2cfKQxucOkQ/HG7FrVcQmiPjEM3Fvz2aCDZPtBlA7DJejPBDZ1E3TJ5
iMs1W6pwWdrtyQM/Q5UPTrFHH3J73zNaPoPV8i3jhi0r4yX5R0NmGfWc3P1MLJRF
axQNITPWbYy/wMSD5FDEfR7mBPnvQeI6tWkfecfzpC1+mR5PIAEDnVc=
-----END CERTIFICATE-----