Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/UpoRaRKUM_cxz1mUcVdpf2dzj0g.roa
File:                     UpoRaRKUM_cxz1mUcVdpf2dzj0g.roa (raw, json)
Hash identifier:          gkhONxi+R49OF3RZKp/33aStKf4NqX/Hm1mDh0fRR2U=
Subject key identifier:   52:9A:11:69:12:94:33:F7:31:CF:59:94:71:57:69:7F:67:73:8F:48
Certificate issuer:       /CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
Certificate serial:       0198174B938D7B5DB0E7B327FBE8B72235CA
Authority key identifier: F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/UpoRaRKUM_cxz1mUcVdpf2dzj0g.roa
Signing time:             Thu 17 Jul 2025 07:31:25 +0000
ROA not before:           Thu 17 Jul 2025 07:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        2a02:ed1:cc::/48 maxlen: 48
                          2a02:ed1:ee::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:17:4b:93:8d:7b:5d:b0:e7:b3:27:fb:e8:b7:22:35:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
        Validity
            Not Before: Jul 17 07:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=529a1169129433f731cf59947157697f67738f48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d7:5a:e7:e8:1b:c6:3c:77:ca:64:00:85:39:
                    6c:b4:44:74:9e:97:15:15:cd:00:a5:67:50:34:c5:
                    e6:b2:06:9b:b7:e0:fd:fa:6e:94:54:99:f8:9f:34:
                    6a:79:fc:32:1f:e9:c4:7d:d5:69:c2:44:45:58:59:
                    e0:9a:e9:e4:da:59:39:5b:8a:e6:99:ed:cb:5f:be:
                    25:42:27:ae:e5:06:ba:fd:55:c9:4c:84:a0:c6:0f:
                    65:ea:f1:c4:49:45:07:54:c5:fe:a8:1c:a6:bc:26:
                    c1:ee:fe:59:11:eb:74:1b:a6:62:21:5a:ca:04:dc:
                    38:03:72:bf:df:c8:f2:04:f4:c5:e3:39:3e:e1:b9:
                    33:31:22:f5:6e:fe:b2:fa:39:cc:df:44:db:33:38:
                    c1:d1:50:8d:fc:b1:9e:4a:2a:72:87:a7:2b:86:47:
                    e7:9c:a8:cd:74:8a:d0:f8:b4:f6:9e:f7:eb:c9:23:
                    82:60:19:73:57:dd:31:4e:d3:f0:1b:cb:f6:a1:3d:
                    93:13:f8:57:4c:12:23:b3:87:3e:62:9a:00:e9:1b:
                    21:a4:23:c0:a1:e7:73:b8:83:e7:c8:c9:bb:35:e4:
                    79:a2:90:55:40:29:b3:05:3f:54:27:1e:2b:be:b1:
                    7e:c3:ae:96:63:04:7e:ad:fe:42:8e:90:37:47:39:
                    c7:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:9A:11:69:12:94:33:F7:31:CF:59:94:71:57:69:7F:67:73:8F:48
            X509v3 Authority Key Identifier:
                keyid:F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/UpoRaRKUM_cxz1mUcVdpf2dzj0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a02:ed1:cc::/48
                  2a02:ed1:ee::/48

    Signature Algorithm: sha256WithRSAEncryption
         41:d6:1b:ba:10:1a:e8:1f:27:e3:42:8c:80:65:45:f7:40:bd:
         53:66:23:1c:b4:e1:63:06:14:66:d0:67:2f:2d:67:85:1c:56:
         89:dd:78:21:e3:c2:bf:8d:f6:11:a2:74:a1:c3:e4:83:b8:70:
         f7:be:e6:ef:f7:8c:33:f2:48:d2:1c:27:70:a9:4d:ee:a5:cc:
         57:9f:d2:f0:fc:40:f2:fc:7d:75:28:af:91:27:31:4b:3a:1e:
         e1:bc:33:df:89:58:89:aa:59:c4:6f:de:e9:b3:73:06:d0:88:
         91:c1:7d:67:32:df:43:ad:f9:16:13:61:15:93:4f:35:c2:3f:
         ca:54:2a:51:51:6e:79:ff:35:84:4f:7a:8c:8d:6e:c9:e8:fd:
         1e:b8:4a:77:67:a1:6d:b1:79:12:80:c1:5c:5c:ee:9a:90:5a:
         e3:ba:06:cb:e9:11:df:d6:07:ab:62:d3:95:e8:a1:63:45:f9:
         fd:29:f4:55:e1:5c:f5:93:ce:38:18:ff:80:98:45:99:72:f9:
         54:42:ac:ec:a5:9c:ab:68:1a:0b:6b:6f:72:70:de:a0:44:6a:
         ff:18:3f:db:f3:39:5c:bb:dc:0b:0d:34:1e:19:03:48:e2:3d:
         2e:c8:55:bc:1d:dc:53:ac:68:6d:8a:1a:df:4f:57:7f:f7:cc:
         9d:e6:94:0e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZgXS5ONe12w57Mn++i3IjXKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YzBhYTdiM2UzY2JmZjg4MjYyYWRkOTJiMzM5ZTM1MDUx
Y2UxYTAwHhcNMjUwNzE3MDczMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjlhMTE2OTEyOTQzM2Y3MzFjZjU5OTQ3MTU3Njk3ZjY3NzM4ZjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9da5+gbxjx3ymQAhTlstER0npcV
Fc0ApWdQNMXmsgabt+D9+m6UVJn4nzRqefwyH+nEfdVpwkRFWFngmunk2lk5W4rm
me3LX74lQieu5Qa6/VXJTISgxg9l6vHESUUHVMX+qBymvCbB7v5ZEet0G6ZiIVrK
BNw4A3K/38jyBPTF4zk+4bkzMSL1bv6y+jnM30TbMzjB0VCN/LGeSipyh6crhkfn
nKjNdIrQ+LT2nvfrySOCYBlzV90xTtPwG8v2oT2TE/hXTBIjs4c+YpoA6RshpCPA
oedzuIPnyMm7NeR5opBVQCmzBT9UJx4rvrF+w66WYwR+rf5CjpA3RznHjwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFFKaEWkSlDP3Mc9ZlHFXaX9nc49IMB8GA1UdIwQY
MBaAFPTAqns+PL/4gmKt2SsznjUFHOGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEt
ZWE3NWRkZjQ3YjRhLzEvVXBvUmFSS1VNX2N4ejFtVWNWZHBmMmR6ajBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEtZWE3NWRkZjQ3YjRh
LzEvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKgIO0QDM
AwcAKgIO0QDuMA0GCSqGSIb3DQEBCwUAA4IBAQBB1hu6EBroHyfjQoyAZUX3QL1T
ZiMctOFjBhRm0GcvLWeFHFaJ3Xgh48K/jfYRonShw+SDuHD3vubv94wz8kjSHCdw
qU3upcxXn9Lw/EDy/H11KK+RJzFLOh7hvDPfiViJqlnEb97ps3MG0IiRwX1nMt9D
rfkWE2EVk081wj/KVCpRUW55/zWET3qMjW7J6P0euEp3Z6FtsXkSgMFcXO6akFrj
ugbL6RHf1gerYtOV6KFjRfn9KfRV4Vz1k844GP+AmEWZcvlUQqzspZyraBoLa29y
cN6gRGr/GD/b8zlcu9wLDTQeGQNI4j0uyFW8HdxTrGhtihrfT1d/98yd5pQO
-----END CERTIFICATE-----