Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/ULNxJvM-wJGOuJON7ivPOpKjWvM.roa
File:                     ULNxJvM-wJGOuJON7ivPOpKjWvM.roa (raw, json)
Hash identifier:          4PAm04+UjI196vMzGXZVMv+MQU5u1QViV4G3soVxN0g=
Subject key identifier:   50:B3:71:26:F3:3E:C0:91:8E:B8:93:8D:EE:2B:CF:3A:92:A3:5A:F3
Certificate issuer:       /CN=ed28f57746a005ae75a8f5f9e92f7d22d61c8d34
Certificate serial:       019948DAB383680B8BF79202A6D0730B26F2
Authority key identifier: ED:28:F5:77:46:A0:05:AE:75:A8:F5:F9:E9:2F:7D:22:D6:1C:8D:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Sj1d0agBa51qPX56S99ItYcjTQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/ULNxJvM-wJGOuJON7ivPOpKjWvM.roa
Signing time:             Sun 14 Sep 2025 15:31:56 +0000
ROA not before:           Sun 14 Sep 2025 15:31:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197430
IP address blocks:        2a10:dd02:b00b::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/7Sj1d0agBa51qPX56S99ItYcjTQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/7Sj1d0agBa51qPX56S99ItYcjTQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Sj1d0agBa51qPX56S99ItYcjTQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:42:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:48:da:b3:83:68:0b:8b:f7:92:02:a6:d0:73:0b:26:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed28f57746a005ae75a8f5f9e92f7d22d61c8d34
        Validity
            Not Before: Sep 14 15:31:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=50b37126f33ec0918eb8938dee2bcf3a92a35af3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:e7:ae:0e:87:b1:85:1d:77:e4:f0:c1:77:4e:
                    5a:8a:1b:96:e3:78:db:03:f7:81:ff:a6:e9:56:78:
                    18:92:20:48:2b:d7:48:fd:b2:67:bf:2a:00:4b:55:
                    d7:3f:a9:0f:17:f7:56:6a:2d:4b:ed:c4:6f:e0:0d:
                    3b:a1:67:92:79:bb:4f:f6:5d:b2:73:d5:61:44:c9:
                    f0:7f:dc:dd:4d:fa:9a:07:fe:bd:ea:43:95:9d:06:
                    e0:c6:61:75:36:6f:37:00:9e:c8:54:58:c7:74:99:
                    37:50:10:48:b1:43:99:a6:67:3e:ec:54:36:9a:22:
                    5a:a0:2a:2a:a8:0a:58:29:11:46:33:8d:a3:ae:49:
                    28:91:32:fc:97:8c:10:80:1f:fe:e4:6e:70:70:47:
                    dc:c3:2e:2f:fc:ba:08:72:bc:f5:bd:de:9e:20:30:
                    48:fc:e6:8f:df:03:cf:c3:9d:4e:2b:e3:7e:47:e5:
                    64:fc:e6:02:7e:17:b9:de:95:97:07:f3:42:2b:53:
                    af:9d:e1:a5:eb:46:26:26:a4:a2:ed:cf:10:43:42:
                    de:f5:af:99:59:47:0c:97:e5:84:6b:45:47:3a:7c:
                    e9:b8:30:e6:e2:12:41:9a:3a:c2:5a:bd:6b:40:6f:
                    3a:78:56:83:4f:c4:e3:3a:b0:ec:86:75:fd:34:00:
                    0f:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:B3:71:26:F3:3E:C0:91:8E:B8:93:8D:EE:2B:CF:3A:92:A3:5A:F3
            X509v3 Authority Key Identifier:
                keyid:ED:28:F5:77:46:A0:05:AE:75:A8:F5:F9:E9:2F:7D:22:D6:1C:8D:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Sj1d0agBa51qPX56S99ItYcjTQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/ULNxJvM-wJGOuJON7ivPOpKjWvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/753208-a5a4-4b71-8e74-a7eb38d48c78/1/7Sj1d0agBa51qPX56S99ItYcjTQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:dd02:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         4d:ae:3d:e5:b3:94:0c:b6:7a:cc:92:61:28:e4:be:4b:16:e0:
         5e:d4:7e:d1:07:d9:d5:9a:bb:9a:c1:9f:3b:e3:33:1f:bd:26:
         04:ac:b3:a8:b0:68:83:35:63:f5:b4:48:d9:00:f2:2c:43:81:
         9b:93:21:ca:c5:96:63:65:5f:9f:e3:d0:f5:7f:2c:d7:da:9b:
         0c:4e:72:dc:b2:d2:de:5e:d8:0e:a3:b8:aa:2e:ea:e9:19:8d:
         1e:3d:8c:11:b1:07:ef:dc:cf:6e:8b:9a:d0:04:6c:b6:ba:06:
         50:f9:a6:fb:f4:a5:50:08:00:60:dd:4a:ca:ea:8c:3c:49:29:
         09:85:fd:ce:8b:30:7b:ec:18:ea:54:1f:70:4d:0f:79:ec:c9:
         a9:97:f2:0e:b1:94:9a:45:af:d0:ba:0b:bf:1a:3b:72:1a:b2:
         98:65:dc:1e:0c:2e:d7:75:96:af:05:93:ea:60:37:ae:3c:8f:
         3e:00:49:c5:51:1d:60:4f:43:bc:56:84:ac:01:83:a7:0b:c5:
         1a:76:0b:28:45:8f:b7:64:f7:6c:9b:6d:50:f4:12:be:25:d0:
         ff:7c:e2:e3:6d:10:76:5f:b2:3b:09:d5:36:e3:75:e0:06:0d:
         0d:ba:53:a2:37:1d:8b:87:ef:69:45:3d:1f:c9:1d:4a:43:fa:
         c3:2f:15:fb
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZlI2rODaAuL95ICptBzCybyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMjhmNTc3NDZhMDA1YWU3NWE4ZjVmOWU5MmY3ZDIyZDYx
YzhkMzQwHhcNMjUwOTE0MTUzMTU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MGIzNzEyNmYzM2VjMDkxOGViODkzOGRlZTJiY2YzYTkyYTM1YWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtOeuDoexhR135PDBd05aihuW43jb
A/eB/6bpVngYkiBIK9dI/bJnvyoAS1XXP6kPF/dWai1L7cRv4A07oWeSebtP9l2y
c9VhRMnwf9zdTfqaB/696kOVnQbgxmF1Nm83AJ7IVFjHdJk3UBBIsUOZpmc+7FQ2
miJaoCoqqApYKRFGM42jrkkokTL8l4wQgB/+5G5wcEfcwy4v/LoIcrz1vd6eIDBI
/OaP3wPPw51OK+N+R+Vk/OYCfhe53pWXB/NCK1OvneGl60YmJqSi7c8QQ0Le9a+Z
WUcMl+WEa0VHOnzpuDDm4hJBmjrCWr1rQG86eFaDT8TjOrDshnX9NAAPLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFFCzcSbzPsCRjriTje4rzzqSo1rzMB8GA1UdIwQY
MBaAFO0o9XdGoAWudaj1+ekvfSLWHI00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1NqMWQwYWdCYTUxcVBYNTZTOTlJdFljalRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS83NTMyMDgtYTVhNC00YjcxLThlNzQt
YTdlYjM4ZDQ4Yzc4LzEvVUxOeEp2TS13SkdPdUpPTjdpdlBPcEtqV3ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS83NTMyMDgtYTVhNC00YjcxLThlNzQtYTdlYjM4ZDQ4Yzc4
LzEvN1NqMWQwYWdCYTUxcVBYNTZTOTlJdFljalRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDdArAL
MA0GCSqGSIb3DQEBCwUAA4IBAQBNrj3ls5QMtnrMkmEo5L5LFuBe1H7RB9nVmrua
wZ874zMfvSYErLOosGiDNWP1tEjZAPIsQ4GbkyHKxZZjZV+f49D1fyzX2psMTnLc
stLeXtgOo7iqLurpGY0ePYwRsQfv3M9ui5rQBGy2ugZQ+ab79KVQCABg3UrK6ow8
SSkJhf3OizB77BjqVB9wTQ957Mmpl/IOsZSaRa/Qugu/GjtyGrKYZdweDC7XdZav
BZPqYDeuPI8+AEnFUR1gT0O8VoSsAYOnC8UadgsoRY+3ZPdsm21Q9BK+JdD/fOLj
bRB2X7I7CdU243XgBg0NulOiNx2Lh+9pRT0fyR1KQ/rDLxX7
-----END CERTIFICATE-----