Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3uolABn0aFYHlOyBUDmKIwQybfI.roa
File:                     3uolABn0aFYHlOyBUDmKIwQybfI.roa (raw, json)
Hash identifier:          BafJSpjCqVy0nsDXd47rG7+sPgMLt+Ul1akXbSVS+EY=
Subject key identifier:   DE:EA:25:00:19:F4:68:56:07:94:EC:81:50:39:8A:23:04:32:6D:F2
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       0198011D3ADA1F9C321A2185A14F8222C66F
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3uolABn0aFYHlOyBUDmKIwQybfI.roa
Signing time:             Sun 13 Jul 2025 00:09:09 +0000
ROA not before:           Sun 13 Jul 2025 00:09:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211729
IP address blocks:        2a10:ccc0:d00::/44 maxlen: 48
                          2a10:ccc6:66c0::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:01:1d:3a:da:1f:9c:32:1a:21:85:a1:4f:82:22:c6:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 13 00:09:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=deea250019f468560794ec8150398a2304326df2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:65:57:f4:80:46:17:a4:04:84:72:07:8a:8d:
                    78:c6:c6:27:fa:67:32:8e:91:7d:fb:28:31:98:50:
                    90:78:23:8d:f4:09:06:47:85:98:59:b8:c4:12:e4:
                    1c:3a:ed:3c:0f:39:e2:1d:32:d0:39:f9:9f:e9:df:
                    03:c7:64:7d:be:b2:32:de:58:27:a8:19:05:93:7b:
                    91:a7:26:8e:c9:ca:3b:b3:9d:09:fe:86:57:d7:c6:
                    9d:13:00:38:b6:70:50:ba:d9:d9:fa:2e:97:46:c3:
                    3a:7c:16:fb:8e:3f:be:c6:af:14:6e:eb:9d:27:78:
                    4a:47:5e:0e:0c:46:50:9c:d8:27:83:27:e1:c5:82:
                    68:2a:49:dd:e3:7d:15:bf:a0:c8:8c:9f:bc:02:1a:
                    ad:18:26:a5:7a:63:93:dc:96:88:b1:bc:7e:4b:ac:
                    aa:17:4a:dc:50:b2:20:02:fe:7f:25:1d:3a:35:6f:
                    8d:fb:dd:31:af:f5:ea:9b:3e:01:89:29:4c:0a:30:
                    30:fb:ab:f8:f1:68:99:01:00:9c:24:fb:82:90:b0:
                    f9:cb:bd:7e:6c:1c:a7:b5:77:f9:fb:b2:75:64:45:
                    70:18:a5:69:af:ee:dd:c6:a5:8a:15:06:bd:c0:7e:
                    8d:e4:3f:ff:71:26:25:b9:12:a8:c8:d9:54:ac:7c:
                    89:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:EA:25:00:19:F4:68:56:07:94:EC:81:50:39:8A:23:04:32:6D:F2
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/3uolABn0aFYHlOyBUDmKIwQybfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:ccc0:d00::/44
                  2a10:ccc6:66c0::/44

    Signature Algorithm: sha256WithRSAEncryption
         9e:f5:2d:e6:dc:c0:7e:16:c8:ef:97:2e:0a:99:28:06:e2:ea:
         87:f8:ff:2d:44:e9:40:e7:10:94:93:f3:09:c4:16:4f:b0:d4:
         29:9c:da:8e:ed:8c:26:99:43:49:bb:e0:12:b5:5a:13:86:ca:
         1a:5d:f0:a3:6b:41:cf:97:fc:ed:be:bc:4a:55:3a:ee:12:4e:
         02:1c:58:6b:f5:99:bb:27:7b:dc:c8:d6:74:f8:47:8d:2b:3e:
         c8:ef:41:d5:e5:bf:4e:26:90:09:c4:3a:fb:fd:21:cf:2f:6d:
         ef:d7:46:32:c7:84:01:4e:38:00:14:e0:64:4c:95:25:b7:86:
         9c:18:7d:1e:85:b0:07:b3:23:34:e7:bf:ae:d4:65:ca:e6:af:
         3d:ad:55:7c:10:d1:2f:24:b5:83:0e:e1:fd:a1:f3:cd:17:70:
         e9:f0:a1:4f:b8:29:80:b4:10:98:cc:ca:a2:2f:63:98:30:ef:
         00:f3:ba:b9:95:d4:71:b7:2e:7f:01:42:3a:74:10:6a:78:5f:
         67:0f:04:ca:67:15:36:2c:02:2e:f4:04:12:81:3a:a5:10:7c:
         f4:8a:b6:c7:98:1d:ca:76:4c:9e:20:d8:1c:8f:86:f1:cf:78:
         be:c0:da:bc:51:4d:d9:57:bd:ec:b6:04:98:43:7c:ba:b7:94:
         cf:ed:0b:68
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgBHTraH5wyGiGFoU+CIsZvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjUwNzEzMDAwOTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWVhMjUwMDE5ZjQ2ODU2MDc5NGVjODE1MDM5OGEyMzA0MzI2ZGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9mVX9IBGF6QEhHIHio14xsYn+mcy
jpF9+ygxmFCQeCON9AkGR4WYWbjEEuQcOu08DzniHTLQOfmf6d8Dx2R9vrIy3lgn
qBkFk3uRpyaOyco7s50J/oZX18adEwA4tnBQutnZ+i6XRsM6fBb7jj++xq8Ubuud
J3hKR14ODEZQnNgngyfhxYJoKknd430Vv6DIjJ+8AhqtGCalemOT3JaIsbx+S6yq
F0rcULIgAv5/JR06NW+N+90xr/Xqmz4BiSlMCjAw+6v48WiZAQCcJPuCkLD5y71+
bByntXf5+7J1ZEVwGKVpr+7dxqWKFQa9wH6N5D//cSYluRKoyNlUrHyJgQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN7qJQAZ9GhWB5TsgVA5iiMEMm3yMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvM3VvbEFCbjBhRllIbE95QlVEbUtJd1F5YmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcEKhDMwA0A
AwcEKhDMxmbAMA0GCSqGSIb3DQEBCwUAA4IBAQCe9S3m3MB+Fsjvly4KmSgG4uqH
+P8tROlA5xCUk/MJxBZPsNQpnNqO7YwmmUNJu+AStVoThsoaXfCja0HPl/ztvrxK
VTruEk4CHFhr9Zm7J3vcyNZ0+EeNKz7I70HV5b9OJpAJxDr7/SHPL23v10Yyx4QB
TjgAFOBkTJUlt4acGH0ehbAHsyM057+u1GXK5q89rVV8ENEvJLWDDuH9ofPNF3Dp
8KFPuCmAtBCYzMqiL2OYMO8A87q5ldRxty5/AUI6dBBqeF9nDwTKZxU2LAIu9AQS
gTqlEHz0irbHmB3KdkyeINgcj4bxz3i+wNq8UU3ZV73stgSYQ3y6t5TP7Qto
-----END CERTIFICATE-----