Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/pTWEmcxxbUcq7hN8YLy4UKx8H5o.roa
File:                     pTWEmcxxbUcq7hN8YLy4UKx8H5o.roa (raw, json)
Hash identifier:          NIjS07+RdWb042ouJdf2t90kSuPSNm0zpB6M3O7x/pg=
Subject key identifier:   A5:35:84:99:CC:71:6D:47:2A:EE:13:7C:60:BC:B8:50:AC:7C:1F:9A
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0197C76D5DE6C1B4A24E30A861774230F4D5
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/pTWEmcxxbUcq7hN8YLy4UKx8H5o.roa
Signing time:             Tue 01 Jul 2025 19:18:42 +0000
ROA not before:           Tue 01 Jul 2025 19:18:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214915
IP address blocks:        2a0f:b240:4::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 19:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c7:6d:5d:e6:c1:b4:a2:4e:30:a8:61:77:42:30:f4:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jul  1 19:18:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5358499cc716d472aee137c60bcb850ac7c1f9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1e:de:18:57:30:11:68:57:c3:c2:1a:86:7a:
                    6f:3d:d2:e5:09:b2:bf:ee:ff:d7:5a:7a:8a:ff:ac:
                    1c:c9:4b:3e:d0:42:01:71:19:31:40:76:aa:29:08:
                    54:fc:83:3d:fe:11:ac:a2:3d:20:96:12:4c:40:18:
                    1b:cc:d1:e2:f2:28:9d:fb:cc:1a:d4:b8:20:05:a5:
                    aa:eb:40:a3:f1:40:7c:a7:6c:d9:5f:fe:c1:12:2b:
                    24:fc:f7:1a:2a:60:86:84:1b:ca:4d:3e:18:3f:ce:
                    71:c3:b2:31:07:5d:9a:fc:2a:f6:9e:fa:ad:37:dd:
                    20:82:2d:9b:c3:56:c0:d3:b4:0f:b3:51:81:95:72:
                    1b:e0:d5:7a:28:75:59:ea:5b:c8:5b:94:d1:a4:af:
                    69:f5:96:9f:af:b0:ed:cd:f2:e0:57:d9:90:b5:98:
                    57:e2:70:6b:d0:ed:31:5e:35:f7:9a:f3:05:c7:32:
                    e6:54:54:65:70:44:0a:e3:01:4e:9c:ed:ad:d8:6a:
                    88:92:04:ec:4d:1e:73:47:d7:a0:7d:23:41:9c:22:
                    e2:1f:f3:95:b2:97:cd:87:c8:7e:26:71:c7:43:2b:
                    e5:f3:8d:61:f0:de:45:9a:10:6d:36:e3:e1:cb:66:
                    96:71:01:36:98:f3:5c:25:b9:dd:3a:ed:13:6c:f1:
                    eb:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:35:84:99:CC:71:6D:47:2A:EE:13:7C:60:BC:B8:50:AC:7C:1F:9A
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/pTWEmcxxbUcq7hN8YLy4UKx8H5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:4::/46

    Signature Algorithm: sha256WithRSAEncryption
         01:a5:0f:08:89:f6:4e:6d:79:98:e9:4c:d3:4f:59:a9:1b:21:
         b7:81:f7:73:6c:7d:6d:9d:65:a8:24:2f:a0:53:48:60:91:8f:
         9f:8a:83:5c:b6:e7:45:78:e9:39:40:08:8c:8f:a9:d1:0b:79:
         81:38:fd:8b:ad:5f:40:ee:4b:1e:55:fe:35:5b:a3:f8:b8:f7:
         e2:bd:18:6f:ad:9b:9d:c4:e0:ac:67:0e:0f:31:06:b0:e9:b7:
         3f:fd:7b:18:4a:e6:9f:f6:52:b4:06:4e:44:23:84:ad:7f:bb:
         51:54:3a:90:72:a5:83:d8:60:0d:53:44:22:d4:d2:76:75:5b:
         8a:1b:eb:ed:67:52:ec:d0:b3:22:36:14:91:c9:d0:0e:7a:64:
         d8:13:f8:c3:e5:b7:ac:b7:14:d0:54:19:e3:50:b0:72:11:e9:
         8b:89:1a:50:a2:c8:0f:f8:e9:53:00:54:de:e5:8f:7d:a0:0b:
         da:a2:4d:8e:2c:e5:a5:c7:d6:f2:c6:2d:67:43:d4:7b:42:89:
         7f:17:be:f5:0a:2e:db:c5:db:a4:a0:56:0c:be:92:ca:cd:e0:
         9c:58:ea:11:6b:8b:28:02:2b:d0:01:06:f4:a2:e8:54:07:5e:
         b8:17:10:26:37:53:28:de:ed:7b:8b:3a:f5:d4:f0:74:f5:7d:
         98:cd:47:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZfHbV3mwbSiTjCoYXdCMPTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwNzAxMTkxODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTM1ODQ5OWNjNzE2ZDQ3MmFlZTEzN2M2MGJjYjg1MGFjN2MxZjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqB7eGFcwEWhXw8IahnpvPdLlCbK/
7v/XWnqK/6wcyUs+0EIBcRkxQHaqKQhU/IM9/hGsoj0glhJMQBgbzNHi8iid+8wa
1LggBaWq60Cj8UB8p2zZX/7BEisk/PcaKmCGhBvKTT4YP85xw7IxB12a/Cr2nvqt
N90ggi2bw1bA07QPs1GBlXIb4NV6KHVZ6lvIW5TRpK9p9Zafr7DtzfLgV9mQtZhX
4nBr0O0xXjX3mvMFxzLmVFRlcEQK4wFOnO2t2GqIkgTsTR5zR9egfSNBnCLiH/OV
spfNh8h+JnHHQyvl841h8N5FmhBtNuPhy2aWcQE2mPNcJbndOu0TbPHrfQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKU1hJnMcW1HKu4TfGC8uFCsfB+aMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvcFRXRW1jeHhiVWNxN2hOOFlMeTRVS3g4SDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg+yQAAE
MA0GCSqGSIb3DQEBCwUAA4IBAQABpQ8IifZObXmY6UzTT1mpGyG3gfdzbH1tnWWo
JC+gU0hgkY+fioNctudFeOk5QAiMj6nRC3mBOP2LrV9A7kseVf41W6P4uPfivRhv
rZudxOCsZw4PMQaw6bc//XsYSuaf9lK0Bk5EI4Stf7tRVDqQcqWD2GANU0Qi1NJ2
dVuKG+vtZ1Ls0LMiNhSRydAOemTYE/jD5bestxTQVBnjULByEemLiRpQosgP+OlT
AFTe5Y99oAvaok2OLOWlx9byxi1nQ9R7Qol/F771Ci7bxdukoFYMvpLKzeCcWOoR
a4soAivQAQb0ouhUB164FxAmN1Mo3u17izr11PB09X2YzUe4
-----END CERTIFICATE-----