Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/iHplqt4DUNKw6ZOchFUdjPI3y9w.roa
File:                     iHplqt4DUNKw6ZOchFUdjPI3y9w.roa (raw, json)
Hash identifier:          mQhvd0Sd0kmDl4SEDJMNNOJzjx+Zauw/1H6yRaPtWco=
Subject key identifier:   88:7A:65:AA:DE:03:50:D2:B0:E9:93:9C:84:55:1D:8C:F2:37:CB:DC
Certificate issuer:       /CN=58ad60da52671e9083cf39864eca2aa23241be9e
Certificate serial:       019779DB3251FCAA191054C5B9A74CDAE2AA
Authority key identifier: 58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/iHplqt4DUNKw6ZOchFUdjPI3y9w.roa
Signing time:             Mon 16 Jun 2025 17:48:17 +0000
ROA not before:           Mon 16 Jun 2025 17:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215112
IP address blocks:        2a13:cdc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 09:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:db:32:51:fc:aa:19:10:54:c5:b9:a7:4c:da:e2:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58ad60da52671e9083cf39864eca2aa23241be9e
        Validity
            Not Before: Jun 16 17:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=887a65aade0350d2b0e9939c84551d8cf237cbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:72:4b:fc:70:b5:64:5c:6a:a7:a5:ac:91:db:
                    88:a7:f7:77:b9:ab:1b:31:85:3d:47:5e:95:09:d2:
                    3f:3e:61:b4:e1:7a:6d:65:7f:a6:03:16:83:0a:19:
                    2c:84:b9:37:31:55:b0:f6:19:bf:9b:55:67:c1:30:
                    70:07:3b:c3:d6:c6:48:60:82:4d:f3:e6:d1:a9:f5:
                    13:31:9f:d4:0f:99:93:02:e1:8f:85:de:8b:ba:16:
                    bc:f6:3d:a4:ca:41:1d:af:23:93:44:b7:ff:1a:14:
                    f7:c0:2b:f1:a1:6b:ff:8e:70:f2:90:dd:48:18:45:
                    77:f4:c2:f0:33:9d:fe:12:ef:fd:ae:bd:a0:be:14:
                    10:6b:da:09:5b:27:f2:69:e6:9a:a0:e2:32:68:53:
                    8f:ba:17:d3:36:8e:f0:6c:d5:d6:86:45:d4:57:56:
                    4b:84:65:74:eb:2b:5e:da:eb:ea:d4:e0:01:42:60:
                    9d:b9:46:e1:55:f2:d6:d1:20:bf:f1:64:b2:51:e3:
                    df:74:5f:f3:32:a9:0e:5f:69:c8:af:8f:6e:79:ed:
                    76:e4:a3:f1:69:49:ba:eb:65:7e:34:69:09:70:4d:
                    09:62:dc:56:d7:03:ad:23:e2:0e:ab:31:08:d3:d6:
                    f8:1f:a9:db:5d:fb:38:e5:59:c5:c0:0b:0b:0c:50:
                    82:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:7A:65:AA:DE:03:50:D2:B0:E9:93:9C:84:55:1D:8C:F2:37:CB:DC
            X509v3 Authority Key Identifier:
                keyid:58:AD:60:DA:52:67:1E:90:83:CF:39:86:4E:CA:2A:A2:32:41:BE:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WK1g2lJnHpCDzzmGTsoqojJBvp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/iHplqt4DUNKw6ZOchFUdjPI3y9w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/7a1988-2736-49dc-a907-11b3cf3fd4e1/1/WK1g2lJnHpCDzzmGTsoqojJBvp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a13:cdc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:7b:92:4e:4c:9b:27:d3:eb:2e:68:b8:c8:21:90:c2:0a:8b:
         93:b4:83:7d:35:9d:81:43:c8:83:81:db:ff:0b:bb:9c:fa:fa:
         b6:14:2e:e8:7b:3a:90:3b:eb:cc:8d:65:3f:10:2d:d8:3f:5b:
         a2:28:4e:e4:70:ab:2b:ec:99:a0:09:61:e3:69:a2:e9:ac:4c:
         14:d8:f9:11:5d:85:a6:04:85:07:7f:46:1d:be:93:91:1f:a8:
         f0:4e:d7:54:6d:9f:02:94:46:f3:45:21:e5:74:17:95:80:c8:
         07:57:a9:e8:7c:e8:60:e4:a7:45:0c:f1:8f:55:39:17:f3:64:
         08:dc:03:e9:06:d6:12:4f:bd:0b:15:a3:ef:93:a7:4d:8a:43:
         e1:65:36:b8:74:ec:06:3c:5c:22:9b:a9:3d:9c:40:fd:25:7a:
         93:80:78:16:42:01:86:49:78:85:3c:cf:88:61:6f:58:c7:d4:
         6e:16:8c:04:c3:67:59:40:fe:28:82:f8:cf:f9:3d:33:c5:f1:
         40:a1:a9:cc:6c:c8:49:ff:22:16:9d:0a:90:f8:14:6a:49:08:
         39:4d:92:75:b8:39:77:0c:8c:9f:71:53:e4:3e:8a:09:f8:8b:
         a7:77:12:86:b8:d9:3b:9a:62:97:18:fe:08:86:ce:c9:7f:33:
         b7:e4:0c:8e
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd52zJR/KoZEFTFuadM2uKqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4YWQ2MGRhNTI2NzFlOTA4M2NmMzk4NjRlY2EyYWEyMzI0
MWJlOWUwHhcNMjUwNjE2MTc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODdhNjVhYWRlMDM1MGQyYjBlOTkzOWM4NDU1MWQ4Y2YyMzdjYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqXJL/HC1ZFxqp6WskduIp/d3uasb
MYU9R16VCdI/PmG04XptZX+mAxaDChkshLk3MVWw9hm/m1VnwTBwBzvD1sZIYIJN
8+bRqfUTMZ/UD5mTAuGPhd6Luha89j2kykEdryOTRLf/GhT3wCvxoWv/jnDykN1I
GEV39MLwM53+Eu/9rr2gvhQQa9oJWyfyaeaaoOIyaFOPuhfTNo7wbNXWhkXUV1ZL
hGV06yte2uvq1OABQmCduUbhVfLW0SC/8WSyUePfdF/zMqkOX2nIr49uee125KPx
aUm662V+NGkJcE0JYtxW1wOtI+IOqzEI09b4H6nbXfs45VnFwAsLDFCCVQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFIh6ZareA1DSsOmTnIRVHYzyN8vcMB8GA1UdIwQY
MBaAFFitYNpSZx6Qg885hk7KKqIyQb6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDct
MTFiM2NmM2ZkNGUxLzEvaUhwbHF0NERVTkt3NlpPY2hGVWRqUEkzeTl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy83YTE5ODgtMjczNi00OWRjLWE5MDctMTFiM2NmM2ZkNGUx
LzEvV0sxZzJsSm5IcENEenptR1Rzb3FvakpCdnA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhPNwDAN
BgkqhkiG9w0BAQsFAAOCAQEAinuSTkybJ9PrLmi4yCGQwgqLk7SDfTWdgUPIg4Hb
/wu7nPr6thQu6Hs6kDvrzI1lPxAt2D9boihO5HCrK+yZoAlh42mi6axMFNj5EV2F
pgSFB39GHb6TkR+o8E7XVG2fApRG80Uh5XQXlYDIB1ep6HzoYOSnRQzxj1U5F/Nk
CNwD6QbWEk+9CxWj75OnTYpD4WU2uHTsBjxcIpupPZxA/SV6k4B4FkIBhkl4hTzP
iGFvWMfUbhaMBMNnWUD+KIL4z/k9M8XxQKGpzGzISf8iFp0KkPgUakkIOU2Sdbg5
dwyMn3FT5D6KCfiLp3cShrjZO5pilxj+CIbOyX8zt+QMjg==
-----END CERTIFICATE-----