Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sb2r06lxfTTfMKPVTEx0vt1r-0g.roa
File:                     sb2r06lxfTTfMKPVTEx0vt1r-0g.roa (raw, json)
Hash identifier:          5dDyMJ189GNvtSXAZ+TZwVb2T1qx9G0K1HzclsMu1P4=
Subject key identifier:   B1:BD:AB:D3:A9:71:7D:34:DF:30:A3:D5:4C:4C:74:BE:DD:6B:FB:48
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0197C34A2C1853E2B3771337523D7D6F2C0F
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sb2r06lxfTTfMKPVTEx0vt1r-0g.roa
Signing time:             Tue 01 Jul 2025 00:01:47 +0000
ROA not before:           Tue 01 Jul 2025 00:01:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        2a0f:b242:6000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c3:4a:2c:18:53:e2:b3:77:13:37:52:3d:7d:6f:2c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jul  1 00:01:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b1bdabd3a9717d34df30a3d54c4c74bedd6bfb48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c7:30:54:ee:d6:9e:a7:f3:3c:52:49:3b:77:
                    4b:6a:ae:bc:61:90:c7:83:33:91:c0:8b:0c:36:05:
                    48:df:74:35:35:d5:60:c1:59:11:6a:16:6d:95:32:
                    fa:29:f9:74:0d:0c:7e:0f:94:07:7b:05:d4:5e:a8:
                    88:eb:68:3b:38:ba:be:15:d5:94:cd:07:8d:13:30:
                    47:58:78:f4:51:a0:e8:47:38:6a:5f:fd:32:8b:da:
                    4b:dd:49:3d:16:d9:57:05:fc:7a:3b:d8:fd:63:9a:
                    d9:a9:f7:90:4c:8e:30:b6:88:d5:d3:f0:31:5a:08:
                    b7:12:53:4a:92:17:f6:9c:23:48:cb:a5:b0:b0:2f:
                    6a:c8:4f:92:55:01:59:d3:a2:5c:91:b8:cc:ad:44:
                    d3:49:aa:24:bc:07:13:6a:db:68:e8:8f:f7:8a:a2:
                    21:47:a5:f6:cb:18:30:f5:5d:4f:4a:cb:b7:74:0f:
                    f4:0e:7d:cc:50:97:70:92:33:9c:c6:94:01:f2:17:
                    df:63:98:84:7d:b1:cc:cf:4c:15:1b:6f:26:80:dd:
                    5d:41:16:1c:d3:2b:80:53:f2:7e:b3:0c:fb:da:44:
                    76:ea:6f:e7:48:37:f3:71:6e:36:35:3d:63:1f:0b:
                    b6:97:ce:ff:d4:6d:e8:99:74:f6:66:0c:c3:c3:01:
                    58:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:BD:AB:D3:A9:71:7D:34:DF:30:A3:D5:4C:4C:74:BE:DD:6B:FB:48
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sb2r06lxfTTfMKPVTEx0vt1r-0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b242:6000::/36

    Signature Algorithm: sha256WithRSAEncryption
         15:08:33:bf:79:2e:5f:52:6c:1e:81:4a:94:b2:ea:29:e8:7f:
         11:9c:69:dc:d9:17:6d:fc:af:80:6b:5f:11:52:bb:e2:2c:ec:
         6c:7e:84:4e:53:6c:d7:dd:c9:2e:38:ae:4d:54:8d:e9:0a:70:
         27:32:53:a9:7b:ce:48:a1:99:37:c2:25:a2:98:9e:04:f0:97:
         91:d4:cb:ea:20:ba:9d:99:47:ae:13:dc:9e:01:2a:04:d2:45:
         7e:83:9c:a5:2f:95:28:dc:06:da:6d:21:49:fe:00:8f:66:68:
         6a:71:a4:38:99:fb:6a:8c:9b:45:f1:bf:9b:b2:af:31:cc:d8:
         15:a4:aa:56:26:3b:e4:16:1a:dd:26:7e:b7:36:a2:9b:3e:1d:
         2f:52:d9:54:dc:22:ea:7c:fb:7c:9a:92:6c:d1:56:c3:c1:df:
         2a:fb:bf:32:ff:78:3f:19:44:eb:dd:a1:10:38:1a:ec:97:89:
         9e:8d:e4:ff:35:4b:e1:ba:ea:35:9b:40:5e:86:67:7e:2f:03:
         0e:67:6b:f0:9c:73:e3:6e:97:d4:3a:f8:f8:89:06:e2:e2:c6:
         d9:7d:21:bb:7d:48:ac:a6:19:81:d5:26:73:0b:cd:c9:c5:fa:
         f2:78:68:0f:46:a0:ae:c5:0c:e3:d0:d2:99:ff:e7:8a:c2:0d:
         15:cd:e1:3f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZfDSiwYU+KzdxM3Uj19bywPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwNzAxMDAwMTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWJkYWJkM2E5NzE3ZDM0ZGYzMGEzZDU0YzRjNzRiZWRkNmJmYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0scwVO7WnqfzPFJJO3dLaq68YZDH
gzORwIsMNgVI33Q1NdVgwVkRahZtlTL6Kfl0DQx+D5QHewXUXqiI62g7OLq+FdWU
zQeNEzBHWHj0UaDoRzhqX/0yi9pL3Uk9FtlXBfx6O9j9Y5rZqfeQTI4wtojV0/Ax
Wgi3ElNKkhf2nCNIy6WwsC9qyE+SVQFZ06JckbjMrUTTSaokvAcTatto6I/3iqIh
R6X2yxgw9V1PSsu3dA/0Dn3MUJdwkjOcxpQB8hffY5iEfbHMz0wVG28mgN1dQRYc
0yuAU/J+swz72kR26m/nSDfzcW42NT1jHwu2l87/1G3omXT2ZgzDwwFYcwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLG9q9OpcX003zCj1UxMdL7da/tIMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvc2IycjA2bHhmVFRmTUtQVlRFeDB2dDFyLTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg+yQmAw
DQYJKoZIhvcNAQELBQADggEBABUIM795Ll9SbB6BSpSy6inofxGcadzZF238r4Br
XxFSu+Is7Gx+hE5TbNfdyS44rk1UjekKcCcyU6l7zkihmTfCJaKYngTwl5HUy+og
up2ZR64T3J4BKgTSRX6DnKUvlSjcBtptIUn+AI9maGpxpDiZ+2qMm0Xxv5uyrzHM
2BWkqlYmO+QWGt0mfrc2ops+HS9S2VTcIup8+3yakmzRVsPB3yr7vzL/eD8ZROvd
oRA4GuyXiZ6N5P81S+G66jWbQF6GZ34vAw5na/Ccc+Nul9Q6+PiJBuLixtl9Ibt9
SKymGYHVJnMLzcnF+vJ4aA9GoK7FDOPQ0pn/54rCDRXN4T8=
-----END CERTIFICATE-----