Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/P88LnN5x-3K_L5Fhq6iwwdNQg8E.roa
File:                     P88LnN5x-3K_L5Fhq6iwwdNQg8E.roa (raw, json)
Hash identifier:          61YEGdCjCwNO9W5cpMFdELcW5q/oe/4xbaWjcimhT9U=
Subject key identifier:   3F:CF:0B:9C:DE:71:FB:72:BF:2F:91:61:AB:A8:B0:C1:D3:50:83:C1
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019D3950CC8E5DBD3D49244F6928852CAE2D
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/P88LnN5x-3K_L5Fhq6iwwdNQg8E.roa
Signing time:             Sun 29 Mar 2026 11:18:09 +0000
ROA not before:           Sun 29 Mar 2026 11:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9304
IP address blocks:        2a07:f240::/29 maxlen: 32
                          2a0b:b480::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Apr 2026 20:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:39:50:cc:8e:5d:bd:3d:49:24:4f:69:28:85:2c:ae:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Mar 29 11:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3fcf0b9cde71fb72bf2f9161aba8b0c1d35083c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:51:bb:8e:a5:cb:ff:b6:f3:4f:35:94:f6:2c:
                    76:9c:b7:4d:9a:fe:cf:6b:e2:2b:0c:15:a4:d6:70:
                    27:e1:43:74:fd:f9:98:dd:61:41:61:9f:7c:82:17:
                    03:8c:a6:e9:fd:78:d1:0e:04:cc:19:87:f6:be:84:
                    b8:d6:70:0f:bd:b2:4e:a1:87:be:ac:e8:88:95:83:
                    1a:fd:83:0b:78:7d:7f:01:c3:b2:95:37:b8:2e:70:
                    a2:4c:bc:11:ff:a6:0c:8e:8f:db:9e:57:23:16:e3:
                    b0:a0:2a:ce:69:67:76:d4:ab:22:3f:df:31:f6:f5:
                    90:3f:51:70:47:e3:82:a6:21:68:cd:f8:43:21:e0:
                    7a:d4:b9:3d:a9:cb:24:b2:f2:af:5d:15:c9:7d:01:
                    76:a0:c1:aa:02:19:8a:f9:cf:32:ed:98:b6:c8:0c:
                    dd:3c:e8:51:84:f0:4e:27:dd:44:d3:d9:9b:25:87:
                    e0:82:d9:b6:36:53:10:67:0d:f7:f9:ec:4f:bb:04:
                    9d:2e:dd:5f:9e:ed:8e:50:8f:4d:22:97:ab:ef:ca:
                    01:1a:a6:98:63:78:da:92:01:76:e2:7f:be:b3:8a:
                    84:31:a7:90:3b:8f:c2:6c:c4:13:22:bf:69:c3:e6:
                    32:be:2e:c4:5c:fb:b8:cd:8c:1e:29:8d:7c:00:3e:
                    83:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:CF:0B:9C:DE:71:FB:72:BF:2F:91:61:AB:A8:B0:C1:D3:50:83:C1
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/P88LnN5x-3K_L5Fhq6iwwdNQg8E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:f240::/29
                  2a0b:b480::/29

    Signature Algorithm: sha256WithRSAEncryption
         5a:2b:6a:45:54:9f:f2:4f:8a:cf:dd:30:8b:49:5c:13:fc:dc:
         a1:ef:85:f7:93:54:cd:43:d7:d9:a4:b6:5f:7e:e9:cc:c1:15:
         93:2f:5a:7d:de:02:43:b3:6a:9b:90:6e:a7:92:2f:d1:77:5c:
         84:4f:6f:07:b0:5d:e5:20:3c:d0:f4:f0:72:4e:94:0f:82:10:
         72:a4:d8:de:88:96:86:b2:b3:12:81:e4:6e:f2:34:1e:63:e8:
         30:5f:7c:8f:79:6d:45:ae:b4:31:a2:75:56:98:6f:57:0a:f2:
         0b:d4:9c:cc:0d:ab:d0:79:cc:b1:e7:06:bd:00:7e:9e:e2:21:
         b4:fd:15:bb:85:c7:bc:15:33:70:13:72:48:61:5d:f9:45:39:
         9b:b9:09:c5:fb:77:e8:69:92:ac:99:cb:45:f9:d7:74:a4:b4:
         b1:81:9f:69:bf:ef:7f:60:2a:94:2a:10:cc:dd:4c:ef:e3:3f:
         84:9b:78:b9:45:75:de:e3:ac:09:f7:f8:e7:7f:6a:48:1f:33:
         96:cb:58:e4:8d:14:bd:08:0d:85:6a:75:5e:d1:c7:cf:2b:b9:
         24:f9:b7:b9:f4:ac:a4:0a:36:06:ae:2e:86:3f:79:c6:b9:a8:
         47:bc:52:58:e7:63:6a:2a:3d:bc:2b:b7:74:75:57:60:1d:30:
         23:e9:18:2b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZ05UMyOXb09SSRPaSiFLK4tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjYwMzI5MTExODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmNmMGI5Y2RlNzFmYjcyYmYyZjkxNjFhYmE4YjBjMWQzNTA4M2MxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1G7jqXL/7bzTzWU9ix2nLdNmv7P
a+IrDBWk1nAn4UN0/fmY3WFBYZ98ghcDjKbp/XjRDgTMGYf2voS41nAPvbJOoYe+
rOiIlYMa/YMLeH1/AcOylTe4LnCiTLwR/6YMjo/bnlcjFuOwoCrOaWd21KsiP98x
9vWQP1FwR+OCpiFozfhDIeB61Lk9qcsksvKvXRXJfQF2oMGqAhmK+c8y7Zi2yAzd
POhRhPBOJ91E09mbJYfggtm2NlMQZw33+exPuwSdLt1fnu2OUI9NIper78oBGqaY
Y3jakgF24n++s4qEMaeQO4/CbMQTIr9pw+Yyvi7EXPu4zYweKY18AD6DXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFD/PC5zecftyvy+RYauosMHTUIPBMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvUDg4TG5ONXgtM0tfTDVGaHE2aXd3ZE5RZzhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAAjAOAwUDKgfyQAMF
AyoLtIAwDQYJKoZIhvcNAQELBQADggEBAForakVUn/JPis/dMItJXBP83KHvhfeT
VM1D19mktl9+6czBFZMvWn3eAkOzapuQbqeSL9F3XIRPbwewXeUgPND08HJOlA+C
EHKk2N6IloaysxKB5G7yNB5j6DBffI95bUWutDGidVaYb1cK8gvUnMwNq9B5zLHn
Br0Afp7iIbT9FbuFx7wVM3ATckhhXflFOZu5CcX7d+hpkqyZy0X513SktLGBn2m/
739gKpQqEMzdTO/jP4SbeLlFdd7jrAn3+Od/akgfM5bLWOSNFL0IDYVqdV7Rx88r
uST5t7n0rKQKNgauLoY/eca5qEe8UljnY2oqPbwrt3R1V2AdMCPpGCs=
-----END CERTIFICATE-----