Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/x-UkkAB6bBHjnvfgkifHZfsul34.roa
File:                     x-UkkAB6bBHjnvfgkifHZfsul34.roa (raw, json)
Hash identifier:          Z+EoTHR/GmNeC+PGL9FT4NMDxcyauPnVaWgbSwI9JOU=
Subject key identifier:   C7:E5:24:90:00:7A:6C:11:E3:9E:F7:E0:92:27:C7:65:FB:2E:97:7E
Certificate issuer:       /CN=6991c56f11a7171c6153239769f557beba10182d
Certificate serial:       0195630273C26E6D70FBA40037FC2E023282
Authority key identifier: 69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/x-UkkAB6bBHjnvfgkifHZfsul34.roa
Signing time:             Tue 04 Mar 2025 21:14:19 +0000
ROA not before:           Tue 04 Mar 2025 21:14:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8772
IP address blocks:        2a10:eb80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 06:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:63:02:73:c2:6e:6d:70:fb:a4:00:37:fc:2e:02:32:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6991c56f11a7171c6153239769f557beba10182d
        Validity
            Not Before: Mar  4 21:14:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7e52490007a6c11e39ef7e09227c765fb2e977e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:60:b6:9e:b1:95:92:16:ef:df:d8:41:b8:ff:
                    be:5b:f6:5e:b3:b2:ad:2f:1e:f5:89:aa:77:2b:14:
                    e4:29:69:9e:2e:1d:c5:2c:64:28:d7:49:3a:64:2d:
                    72:86:66:18:f3:76:0c:f3:a2:56:c8:02:c5:ee:93:
                    3b:39:9d:99:9e:17:ca:62:9a:c7:57:25:52:b8:e5:
                    2a:d8:e2:b2:63:fd:da:48:39:f1:b5:a3:b0:b2:5a:
                    ef:53:0b:4e:8a:af:60:df:f2:43:f7:9a:e3:27:9f:
                    18:02:d6:bb:d7:ad:87:d7:69:35:8c:2a:4e:5f:de:
                    c6:6e:0e:d1:8d:e2:90:c3:a6:e2:a7:ed:ea:48:d3:
                    10:1b:cc:98:6e:3d:0f:af:e4:c8:fc:60:88:9d:d4:
                    b3:cc:61:9f:80:26:64:74:5a:18:d0:29:14:50:b7:
                    e9:1f:64:e6:76:12:78:93:86:70:b8:27:24:24:4e:
                    ec:81:85:f0:bd:7c:d2:2b:57:13:5e:e4:50:69:2d:
                    9a:d2:ac:a9:33:86:ee:7a:42:d0:a4:f2:4f:09:59:
                    7b:b9:ce:ed:d4:f9:ae:a9:20:49:b5:31:91:31:7c:
                    e8:d6:c9:4c:c6:01:c7:af:c7:c1:1f:7c:17:d2:16:
                    87:74:f7:9c:fa:c5:87:15:7f:8d:29:36:8d:b8:40:
                    09:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:E5:24:90:00:7A:6C:11:E3:9E:F7:E0:92:27:C7:65:FB:2E:97:7E
            X509v3 Authority Key Identifier:
                keyid:69:91:C5:6F:11:A7:17:1C:61:53:23:97:69:F5:57:BE:BA:10:18:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aZHFbxGnFxxhUyOXafVXvroQGC0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/x-UkkAB6bBHjnvfgkifHZfsul34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/428815-02b9-4606-b066-65d1567340fd/1/aZHFbxGnFxxhUyOXafVXvroQGC0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:eb80::/29

    Signature Algorithm: sha256WithRSAEncryption
         a9:61:64:8a:24:94:c3:a0:81:74:43:9d:83:a3:71:3e:83:d4:
         ee:af:6c:e7:4e:e8:ba:d2:e2:2e:e2:41:f3:8c:e9:7a:7e:b3:
         c0:db:bc:f0:ef:0d:98:24:4f:8c:1b:0c:d2:96:63:b0:bf:ca:
         dc:66:fa:26:08:4e:6f:4a:63:85:30:27:99:2c:12:18:9c:f3:
         47:a6:8f:9c:6c:90:88:5e:86:f9:ae:22:ac:30:4e:5a:05:ff:
         63:31:06:3b:cd:28:15:bd:6f:cc:e0:81:54:43:46:16:f7:27:
         13:0d:d4:ae:fe:a5:6f:e2:cd:b2:19:db:17:bf:26:79:4c:81:
         3f:eb:cf:5a:6e:c2:57:b8:7c:9c:ac:20:16:44:5a:e3:46:28:
         6c:4d:cf:69:a5:cf:68:d4:3e:cf:25:e0:b6:07:6e:26:6a:e3:
         c8:cf:65:42:bf:3b:bf:7e:e5:4e:92:4a:f5:be:1c:08:ef:7b:
         ab:a2:db:5a:63:bd:90:63:e9:26:d4:5d:ce:b6:a5:fe:f7:f9:
         6c:6e:80:5c:ad:7c:63:0f:bd:01:26:51:81:b1:a9:93:23:af:
         2e:23:9c:98:26:f5:b4:3a:d6:70:ff:61:1b:a6:63:a4:75:8f:
         fb:0c:3f:e1:24:47:7b:fe:94:2e:c1:6d:05:77:19:b6:a4:cf:
         8d:08:bb:5a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZVjAnPCbm1w+6QAN/wuAjKCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY5OTFjNTZmMTFhNzE3MWM2MTUzMjM5NzY5ZjU1N2JlYmEx
MDE4MmQwHhcNMjUwMzA0MjExNDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2U1MjQ5MDAwN2E2YzExZTM5ZWY3ZTA5MjI3Yzc2NWZiMmU5NzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2C2nrGVkhbv39hBuP++W/Zes7Kt
Lx71iap3KxTkKWmeLh3FLGQo10k6ZC1yhmYY83YM86JWyALF7pM7OZ2ZnhfKYprH
VyVSuOUq2OKyY/3aSDnxtaOwslrvUwtOiq9g3/JD95rjJ58YAta7162H12k1jCpO
X97Gbg7RjeKQw6bip+3qSNMQG8yYbj0Pr+TI/GCIndSzzGGfgCZkdFoY0CkUULfp
H2TmdhJ4k4ZwuCckJE7sgYXwvXzSK1cTXuRQaS2a0qypM4buekLQpPJPCVl7uc7t
1PmuqSBJtTGRMXzo1slMxgHHr8fBH3wX0haHdPec+sWHFX+NKTaNuEAJFwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFMflJJAAemwR45734JInx2X7Lpd+MB8GA1UdIwQY
MBaAFGmRxW8RpxccYVMjl2n1V766EBgtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYt
NjVkMTU2NzM0MGZkLzEveC1Va2tBQjZiQkhqbnZmZ2tpZkhaZnN1bDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80Mjg4MTUtMDJiOS00NjA2LWIwNjYtNjVkMTU2NzM0MGZk
LzEvYVpIRmJ4R25GeHhoVXlPWGFmVlh2cm9RR0MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhDrgDAN
BgkqhkiG9w0BAQsFAAOCAQEAqWFkiiSUw6CBdEOdg6NxPoPU7q9s507outLiLuJB
84zpen6zwNu88O8NmCRPjBsM0pZjsL/K3Gb6JghOb0pjhTAnmSwSGJzzR6aPnGyQ
iF6G+a4irDBOWgX/YzEGO80oFb1vzOCBVENGFvcnEw3Urv6lb+LNshnbF78meUyB
P+vPWm7CV7h8nKwgFkRa40YobE3PaaXPaNQ+zyXgtgduJmrjyM9lQr87v37lTpJK
9b4cCO97q6LbWmO9kGPpJtRdzral/vf5bG6AXK18Yw+9ASZRgbGpkyOvLiOcmCb1
tDrWcP9hG6ZjpHWP+ww/4SRHe/6ULsFtBXcZtqTPjQi7Wg==
-----END CERTIFICATE-----