Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ENmvSrLnZ5l3zdl7_SWX-dmV2iw.roa
File:                     ENmvSrLnZ5l3zdl7_SWX-dmV2iw.roa (raw, json)
Hash identifier:          d78rG1JxemNpbntQxK8HRnUpFVFRNZsmtcWweXwXHFA=
Subject key identifier:   10:D9:AF:4A:B2:E7:67:99:77:CD:D9:7B:FD:25:97:F9:D9:95:DA:2C
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019779F12B70022C51D2E383C539871EB22E
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ENmvSrLnZ5l3zdl7_SWX-dmV2iw.roa
Signing time:             Mon 16 Jun 2025 18:12:17 +0000
ROA not before:           Mon 16 Jun 2025 18:12:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        2a10:2ec0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:79:f1:2b:70:02:2c:51:d2:e3:83:c5:39:87:1e:b2:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jun 16 18:12:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10d9af4ab2e7679977cdd97bfd2597f9d995da2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:2a:79:99:38:76:b1:9e:70:aa:c4:db:96:71:
                    fd:38:95:d5:4e:46:d5:4c:86:58:47:35:b4:84:47:
                    ed:5e:b7:d2:64:7b:ab:13:eb:e9:de:bc:7e:af:cf:
                    cd:d3:ed:6a:3b:90:46:26:35:3d:fc:62:49:ba:7f:
                    e5:0b:1b:4d:0f:5f:f0:11:a6:24:9d:37:42:e8:0c:
                    e9:39:58:c7:64:ab:d3:4b:ea:bf:cf:3a:56:0a:62:
                    3b:e7:1e:de:1e:99:da:5c:d9:a8:e8:26:08:c5:00:
                    d7:14:67:35:f5:04:c4:ca:6e:83:fb:88:9d:a3:71:
                    1d:a0:ed:7e:c8:67:3b:cc:49:ef:bf:ab:ec:6c:9b:
                    87:4d:aa:78:d3:d8:24:60:6c:90:f6:e5:6f:1a:e4:
                    c0:b4:03:48:1b:4b:77:27:27:0a:0c:b9:f2:5d:e6:
                    da:88:76:4a:98:41:71:2c:92:4b:6a:1d:de:f9:2e:
                    e7:9f:68:f8:a6:db:dd:e8:3f:b9:e2:c7:3b:88:af:
                    b2:53:02:ea:9f:96:11:c1:66:e6:9c:a4:36:71:44:
                    87:2b:7c:8c:2a:92:fc:45:75:fb:ea:cb:3f:3b:1e:
                    f8:ed:4a:97:af:79:94:76:d5:30:cd:d2:3c:fa:eb:
                    dc:44:78:04:57:08:d4:6d:2c:3a:a9:4e:bb:53:4c:
                    8b:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:D9:AF:4A:B2:E7:67:99:77:CD:D9:7B:FD:25:97:F9:D9:95:DA:2C
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/ENmvSrLnZ5l3zdl7_SWX-dmV2iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:2ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9b:83:65:c3:40:6a:28:7e:83:b4:4f:04:6d:fd:5e:d6:07:ca:
         e6:31:70:0f:73:5d:eb:12:1a:0a:a4:41:4f:22:80:a4:6b:05:
         42:de:22:b5:3c:92:9f:7b:8f:a4:12:9a:d1:00:80:75:86:e0:
         a9:1f:b5:fd:1a:c7:d2:0f:08:b6:e4:d7:a8:ec:7d:87:0e:0c:
         5d:ec:c8:58:2b:6c:02:43:c4:0b:a7:16:72:93:d8:39:74:ac:
         c4:a3:6c:d5:ad:4b:87:4c:9e:00:63:3b:3c:f3:a9:7a:88:d2:
         e2:03:5e:81:0f:bb:00:92:1f:41:5f:be:e5:87:7b:b0:ad:23:
         39:a1:0c:21:d6:8b:a8:4e:23:0c:6a:b5:42:e0:f9:64:7c:4d:
         e0:70:0b:29:40:df:c4:b2:92:d2:13:a3:14:f6:19:e1:94:2d:
         ee:e0:ae:f3:2c:bd:b2:de:1a:40:72:a1:67:60:18:59:56:7d:
         47:1b:ee:e8:08:e4:2a:57:36:84:d1:18:47:91:69:41:5e:96:
         7c:a5:c7:74:0b:d6:b4:dc:45:c1:f0:04:41:18:06:c1:54:e9:
         b3:02:c8:94:9c:a5:68:25:23:7b:b3:5a:94:6f:69:b8:17:a2:
         b3:f0:53:08:fb:cc:30:c4:28:db:ef:c0:69:86:b0:b4:2a:ab:
         50:e9:92:ae
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZd58StwAixR0uODxTmHHrIuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwNjE2MTgxMjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGQ5YWY0YWIyZTc2Nzk5NzdjZGQ5N2JmZDI1OTdmOWQ5OTVkYTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCp5mTh2sZ5wqsTblnH9OJXVTkbV
TIZYRzW0hEftXrfSZHurE+vp3rx+r8/N0+1qO5BGJjU9/GJJun/lCxtND1/wEaYk
nTdC6AzpOVjHZKvTS+q/zzpWCmI75x7eHpnaXNmo6CYIxQDXFGc19QTEym6D+4id
o3EdoO1+yGc7zEnvv6vsbJuHTap409gkYGyQ9uVvGuTAtANIG0t3JycKDLnyXeba
iHZKmEFxLJJLah3e+S7nn2j4ptvd6D+54sc7iK+yUwLqn5YRwWbmnKQ2cUSHK3yM
KpL8RXX76ss/Ox747UqXr3mUdtUwzdI8+uvcRHgEVwjUbSw6qU67U0yL9QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBDZr0qy52eZd83Ze/0ll/nZldosMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvRU5tdlNyTG5aNWwzemRsN19TV1gtZG1WMml3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhAuwDAN
BgkqhkiG9w0BAQsFAAOCAQEAm4Nlw0BqKH6DtE8Ebf1e1gfK5jFwD3Nd6xIaCqRB
TyKApGsFQt4itTySn3uPpBKa0QCAdYbgqR+1/RrH0g8ItuTXqOx9hw4MXezIWCts
AkPEC6cWcpPYOXSsxKNs1a1Lh0yeAGM7PPOpeojS4gNegQ+7AJIfQV++5Yd7sK0j
OaEMIdaLqE4jDGq1QuD5ZHxN4HALKUDfxLKS0hOjFPYZ4ZQt7uCu8yy9st4aQHKh
Z2AYWVZ9Rxvu6AjkKlc2hNEYR5FpQV6WfKXHdAvWtNxFwfAEQRgGwVTpswLIlJyl
aCUje7NalG9puBeis/BTCPvMMMQo2+/AaYawtCqrUOmSrg==
-----END CERTIFICATE-----