Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/Ui6ZcVR5VSgOavfnIix1oy38mjY.roa
File:                     Ui6ZcVR5VSgOavfnIix1oy38mjY.roa (raw, json)
Hash identifier:          yRTuvXTUZnIOOWWsEOiOGa2OWkTQmK3kH5dqt1VxT5k=
Subject key identifier:   52:2E:99:71:54:79:55:28:0E:6A:F7:E7:22:2C:75:A3:2D:FC:9A:36
Certificate issuer:       /CN=f2a253cdf507a03e1f579d202d8df11d68f5c3d7
Certificate serial:       01963A9D9F6A7381556817BDF86295D2D813
Authority key identifier: F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/Ui6ZcVR5VSgOavfnIix1oy38mjY.roa
Signing time:             Tue 15 Apr 2025 18:02:10 +0000
ROA not before:           Tue 15 Apr 2025 18:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     64286
IP address blocks:        2001:3500::/29 maxlen: 32
                          2001:3500::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3a:9d:9f:6a:73:81:55:68:17:bd:f8:62:95:d2:d8:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2a253cdf507a03e1f579d202d8df11d68f5c3d7
        Validity
            Not Before: Apr 15 18:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=522e9971547955280e6af7e7222c75a32dfc9a36
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fc:44:9f:21:36:2f:36:f5:92:2f:f6:b0:7a:
                    37:bb:6c:41:b7:f7:38:23:5a:51:76:64:db:3b:0b:
                    6e:5d:8b:8c:ec:64:41:ca:cf:f9:3f:3b:c0:43:19:
                    eb:ec:5f:5d:d8:0b:04:f4:0b:e1:38:2f:98:d2:13:
                    12:02:6a:33:09:3b:ef:a4:c6:70:d5:cb:12:6e:3a:
                    e7:04:01:90:e4:fd:b2:f5:8f:3f:a6:47:cc:75:37:
                    d0:24:ac:50:0b:bd:39:e9:4d:1e:46:0b:32:2e:6f:
                    eb:16:45:1f:c1:05:0c:81:2a:41:4d:e6:ac:82:6f:
                    9e:df:30:61:3a:af:dd:dd:1b:ec:ea:58:6a:18:d7:
                    78:06:8c:76:95:58:56:f1:03:4c:d3:2f:bb:96:8a:
                    f7:9d:c6:2b:26:8e:11:67:fc:63:74:05:2b:9f:50:
                    92:c8:76:12:81:bf:c5:ff:6e:67:62:b4:e7:68:dc:
                    20:78:1f:c4:f4:a4:b6:26:e6:d9:40:b5:fd:47:d0:
                    03:67:8c:92:03:47:d7:ca:7a:9d:f3:bd:61:6a:07:
                    51:b5:96:5f:d5:67:c7:cb:e4:c5:02:05:59:a4:18:
                    c0:c4:89:5d:ab:78:63:03:a5:dd:61:13:78:2e:65:
                    f2:2e:32:8e:cf:f3:41:bb:79:59:a4:a5:8b:d4:f0:
                    62:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:2E:99:71:54:79:55:28:0E:6A:F7:E7:22:2C:75:A3:2D:FC:9A:36
            X509v3 Authority Key Identifier:
                keyid:F2:A2:53:CD:F5:07:A0:3E:1F:57:9D:20:2D:8D:F1:1D:68:F5:C3:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8qJTzfUHoD4fV50gLY3xHWj1w9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/Ui6ZcVR5VSgOavfnIix1oy38mjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/10ebec-2784-4daa-8df7-be4d5d09d710/1/8qJTzfUHoD4fV50gLY3xHWj1w9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:3500::/29

    Signature Algorithm: sha256WithRSAEncryption
         4f:2c:50:3e:ba:5b:1a:92:87:90:60:36:a0:cf:41:7a:72:81:
         f5:ca:cf:b0:ca:af:49:a1:a4:06:11:e3:28:83:de:7a:c3:58:
         6f:5d:9a:de:4a:2c:63:8a:72:bc:a4:10:c9:24:11:27:25:62:
         17:a5:9d:ec:de:74:8d:c7:37:91:2b:29:eb:b1:ce:85:db:c5:
         1c:0a:b2:e3:f9:12:1f:85:66:71:9f:1f:4b:7b:b9:e0:62:72:
         a4:c9:e7:85:60:40:48:1e:68:87:aa:50:d6:36:c3:b5:b5:e4:
         52:d4:18:9d:ee:d0:3e:21:cf:c1:85:5e:9e:ab:e4:05:d6:4d:
         89:a4:f4:17:53:c4:d3:96:3a:54:9d:64:57:1b:4e:02:66:07:
         e6:a4:92:2b:c1:3a:f6:83:84:d6:70:da:41:34:e0:69:39:1c:
         ce:53:4a:ba:8e:2a:3c:5b:eb:9d:54:d4:a6:40:64:06:0b:a4:
         9b:77:7b:3a:4b:7b:e0:b0:ec:17:b5:66:3c:51:50:b7:54:40:
         9c:6e:24:5b:05:5b:ee:e9:06:3d:8b:90:d1:14:5b:0f:12:68:
         af:0a:a3:73:1e:f4:86:d6:b6:76:9d:97:91:76:ec:22:58:32:
         06:04:09:5a:21:09:bb:95:71:59:bc:15:f7:0b:93:36:79:9f:
         67:dd:cf:e5
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZY6nZ9qc4FVaBe9+GKV0tgTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyYTI1M2NkZjUwN2EwM2UxZjU3OWQyMDJkOGRmMTFkNjhm
NWMzZDcwHhcNMjUwNDE1MTgwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjJlOTk3MTU0Nzk1NTI4MGU2YWY3ZTcyMjJjNzVhMzJkZmM5YTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/xEnyE2Lzb1ki/2sHo3u2xBt/c4
I1pRdmTbOwtuXYuM7GRBys/5PzvAQxnr7F9d2AsE9AvhOC+Y0hMSAmozCTvvpMZw
1csSbjrnBAGQ5P2y9Y8/pkfMdTfQJKxQC7056U0eRgsyLm/rFkUfwQUMgSpBTeas
gm+e3zBhOq/d3Rvs6lhqGNd4Box2lVhW8QNM0y+7lor3ncYrJo4RZ/xjdAUrn1CS
yHYSgb/F/25nYrTnaNwgeB/E9KS2JubZQLX9R9ADZ4ySA0fXynqd871hagdRtZZf
1WfHy+TFAgVZpBjAxIldq3hjA6XdYRN4LmXyLjKOz/NBu3lZpKWL1PBiWwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFFIumXFUeVUoDmr35yIsdaMt/Jo2MB8GA1UdIwQY
MBaAFPKiU831B6A+H1edIC2N8R1o9cPXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHFKVHpmVUhvRDRmVjUwZ0xZM3hIV2oxdzljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8xMGViZWMtMjc4NC00ZGFhLThkZjct
YmU0ZDVkMDlkNzEwLzEvVWk2WmNWUjVWU2dPYXZmbklpeDFveTM4bWpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8xMGViZWMtMjc4NC00ZGFhLThkZjctYmU0ZDVkMDlkNzEw
LzEvOHFKVHpmVUhvRDRmVjUwZ0xZM3hIV2oxdzljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDIAE1ADAN
BgkqhkiG9w0BAQsFAAOCAQEATyxQPrpbGpKHkGA2oM9BenKB9crPsMqvSaGkBhHj
KIPeesNYb12a3kosY4pyvKQQySQRJyViF6Wd7N50jcc3kSsp67HOhdvFHAqy4/kS
H4VmcZ8fS3u54GJypMnnhWBASB5oh6pQ1jbDtbXkUtQYne7QPiHPwYVenqvkBdZN
iaT0F1PE05Y6VJ1kVxtOAmYH5qSSK8E69oOE1nDaQTTgaTkczlNKuo4qPFvrnVTU
pkBkBgukm3d7Okt74LDsF7VmPFFQt1RAnG4kWwVb7ukGPYuQ0RRbDxJorwqjcx70
hta2dp2XkXbsIlgyBgQJWiEJu5VxWbwV9wuTNnmfZ93P5Q==
-----END CERTIFICATE-----