Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/1868ee-51a8-4619-9143-188dcff0e405/1/aaJq10NBNFtvWoQuCDfpNSfnYu0.roa
File:                     aaJq10NBNFtvWoQuCDfpNSfnYu0.roa (raw, json)
Hash identifier:          ShW6y/0OofG8gWfm3Z3goLVgotABbmN4Tjp6HEhaoAQ=
Subject key identifier:   69:A2:6A:D7:43:41:34:5B:6F:5A:84:2E:08:37:E9:35:27:E7:62:ED
Certificate issuer:       /CN=06216eec514b07dce29d3013a190b2ee5fcb1f94
Certificate serial:       0199AE31266F35D9029065C1787912C5EB34
Authority key identifier: 06:21:6E:EC:51:4B:07:DC:E2:9D:30:13:A1:90:B2:EE:5F:CB:1F:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BiFu7FFLB9zinTAToZCy7l_LH5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/1868ee-51a8-4619-9143-188dcff0e405/1/aaJq10NBNFtvWoQuCDfpNSfnYu0.roa
Signing time:             Sat 04 Oct 2025 07:48:00 +0000
ROA not before:           Sat 04 Oct 2025 07:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212827
IP address blocks:        2a10:4240::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/1868ee-51a8-4619-9143-188dcff0e405/1/BiFu7FFLB9zinTAToZCy7l_LH5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/1868ee-51a8-4619-9143-188dcff0e405/1/BiFu7FFLB9zinTAToZCy7l_LH5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BiFu7FFLB9zinTAToZCy7l_LH5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ae:31:26:6f:35:d9:02:90:65:c1:78:79:12:c5:eb:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06216eec514b07dce29d3013a190b2ee5fcb1f94
        Validity
            Not Before: Oct  4 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69a26ad74341345b6f5a842e0837e93527e762ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:49:e1:a3:b6:26:8b:ae:79:bf:21:8f:8e:73:
                    96:72:b1:6e:7b:7b:a3:4e:8f:78:5c:2d:39:e4:89:
                    4e:5c:b3:e0:eb:33:be:2e:ff:f5:c6:bb:6f:2b:ef:
                    aa:58:db:41:50:a2:28:f9:e6:0b:b7:b2:2f:5d:34:
                    91:9c:c3:f0:42:cc:97:26:e5:44:c6:01:45:7b:18:
                    b3:5a:57:99:ab:97:a8:d3:f1:a5:d7:5a:4f:74:48:
                    a9:d3:1c:5f:81:0f:2b:b5:81:5e:2c:39:22:25:2e:
                    83:18:34:a2:87:5e:40:82:e2:d7:78:d1:54:5f:fe:
                    f0:ec:33:c5:56:a8:0d:43:a5:d5:c5:7e:31:0d:bc:
                    03:86:d2:eb:c1:c8:05:e1:5c:56:99:53:47:15:0b:
                    93:60:46:1c:f0:d4:12:09:3e:97:10:6d:d0:4e:a1:
                    c4:12:6e:17:d6:7b:a3:2a:3c:8c:10:42:66:2b:6a:
                    4f:49:56:d2:7e:a2:6f:e3:4a:2b:55:d8:5e:b8:2e:
                    54:81:86:8a:a6:f2:9e:39:f6:1f:b4:a5:ad:87:89:
                    06:03:33:6e:fd:9c:41:dc:34:22:fe:ab:f2:16:58:
                    a7:e4:e5:f0:69:8a:ea:da:6a:0d:c2:11:11:0f:62:
                    fb:7a:39:74:5c:2d:cb:9b:09:48:6e:d7:58:a8:b2:
                    be:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:A2:6A:D7:43:41:34:5B:6F:5A:84:2E:08:37:E9:35:27:E7:62:ED
            X509v3 Authority Key Identifier:
                keyid:06:21:6E:EC:51:4B:07:DC:E2:9D:30:13:A1:90:B2:EE:5F:CB:1F:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BiFu7FFLB9zinTAToZCy7l_LH5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1868ee-51a8-4619-9143-188dcff0e405/1/aaJq10NBNFtvWoQuCDfpNSfnYu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/1868ee-51a8-4619-9143-188dcff0e405/1/BiFu7FFLB9zinTAToZCy7l_LH5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:4240::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:94:47:e8:cc:83:98:6c:0f:2c:ec:cb:bc:e8:84:8f:3b:a0:
         78:da:d5:5b:a5:ec:26:4f:99:76:78:f0:c0:b7:2e:a1:8b:ac:
         19:b8:f7:00:16:75:26:31:1c:9d:76:be:66:9f:db:97:b1:2b:
         d3:0e:0f:fa:2f:69:94:ae:4c:73:be:79:e7:5e:95:ff:91:7c:
         95:de:f5:89:2b:a5:e8:35:81:f6:24:69:87:15:9b:8e:63:54:
         59:62:b0:fc:d2:7f:d5:96:44:c8:24:d8:f3:bd:b9:f1:8a:39:
         e0:64:ab:e2:d5:c5:69:56:8f:c2:84:45:f6:c6:bf:fb:8f:ba:
         50:d5:c0:54:28:d2:aa:62:f7:e1:c0:74:47:55:7e:a4:fb:60:
         06:9c:f5:b6:6d:fe:21:99:96:70:cd:51:23:99:09:14:29:db:
         b5:8e:79:e1:e5:2f:d7:f4:9c:a4:26:b0:fd:ff:56:29:fa:dc:
         b7:f6:3c:04:4b:4c:20:b5:e9:a1:05:ec:2a:f7:26:c7:bb:33:
         97:29:69:3d:b4:44:23:db:9b:70:40:04:cb:a1:b1:a1:a7:6a:
         22:29:72:e9:ff:1b:dd:cc:81:71:f1:e0:0e:4a:80:83:e7:a7:
         b5:ba:b9:3b:56:48:07:e1:e6:71:15:b5:34:8c:78:e1:7a:02:
         f2:ad:59:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZmuMSZvNdkCkGXBeHkSxes0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2MjE2ZWVjNTE0YjA3ZGNlMjlkMzAxM2ExOTBiMmVlNWZj
YjFmOTQwHhcNMjUxMDA0MDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWEyNmFkNzQzNDEzNDViNmY1YTg0MmUwODM3ZTkzNTI3ZTc2MmVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA10nho7Ymi655vyGPjnOWcrFue3uj
To94XC055IlOXLPg6zO+Lv/1xrtvK++qWNtBUKIo+eYLt7IvXTSRnMPwQsyXJuVE
xgFFexizWleZq5eo0/Gl11pPdEip0xxfgQ8rtYFeLDkiJS6DGDSih15AguLXeNFU
X/7w7DPFVqgNQ6XVxX4xDbwDhtLrwcgF4VxWmVNHFQuTYEYc8NQSCT6XEG3QTqHE
Em4X1nujKjyMEEJmK2pPSVbSfqJv40orVdheuC5UgYaKpvKeOfYftKWth4kGAzNu
/ZxB3DQi/qvyFlin5OXwaYrq2moNwhERD2L7ejl0XC3LmwlIbtdYqLK+lwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFGmiatdDQTRbb1qELgg36TUn52LtMB8GA1UdIwQY
MBaAFAYhbuxRSwfc4p0wE6GQsu5fyx+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmlGdTdGRkxCOXppblRBVG9aQ3k3bF9MSDVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8xODY4ZWUtNTFhOC00NjE5LTkxNDMt
MTg4ZGNmZjBlNDA1LzEvYWFKcTEwTkJORnR2V29RdUNEZnBOU2ZuWXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8xODY4ZWUtNTFhOC00NjE5LTkxNDMtMTg4ZGNmZjBlNDA1
LzEvQmlGdTdGRkxCOXppblRBVG9aQ3k3bF9MSDVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUDKhBCQDAN
BgkqhkiG9w0BAQsFAAOCAQEAK5RH6MyDmGwPLOzLvOiEjzugeNrVW6XsJk+Zdnjw
wLcuoYusGbj3ABZ1JjEcnXa+Zp/bl7Er0w4P+i9plK5Mc755516V/5F8ld71iSul
6DWB9iRphxWbjmNUWWKw/NJ/1ZZEyCTY87258Yo54GSr4tXFaVaPwoRF9sa/+4+6
UNXAVCjSqmL34cB0R1V+pPtgBpz1tm3+IZmWcM1RI5kJFCnbtY554eUv1/ScpCaw
/f9WKfrct/Y8BEtMILXpoQXsKvcmx7szlylpPbREI9ubcEAEy6GxoadqIily6f8b
3cyBcfHgDkqAg+entbq5O1ZIB+HmcRW1NIx44XoC8q1Z2w==
-----END CERTIFICATE-----