Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/BNdkSfhBSecauy53ZOEypfpFi8Q.roa
File:                     BNdkSfhBSecauy53ZOEypfpFi8Q.roa (raw, json)
Hash identifier:          NED4WrJoQ9D9gYBmgW5s45DEmszMtbuVKTt5quSCAEg=
Subject key identifier:   04:D7:64:49:F8:41:49:E7:1A:BB:2E:77:64:E1:32:A5:FA:45:8B:C4
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018E7D8D75897890057BAE6D7ECC745A5A5C
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/BNdkSfhBSecauy53ZOEypfpFi8Q.roa
Signing time:             Wed 27 Mar 2024 01:36:46 +0000
ROA not before:           Wed 27 Mar 2024 01:36:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212149
IP address blocks:        2a0f:b241:b00b::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:46:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7d:8d:75:89:78:90:05:7b:ae:6d:7e:cc:74:5a:5a:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Mar 27 01:36:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=04d76449f84149e71abb2e7764e132a5fa458bc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:25:d1:0f:e3:f9:5d:11:ef:a8:fd:0f:ac:e1:
                    b4:6a:33:d1:5a:ad:47:5c:6e:ec:a9:9d:b1:68:5a:
                    e0:35:dc:e4:52:7b:49:b2:8d:6c:1e:0d:80:c3:fb:
                    31:d2:8a:fb:97:04:41:1c:50:29:c2:98:83:a4:cd:
                    9c:59:45:4a:72:93:23:86:1c:e3:1d:7f:76:cf:21:
                    99:40:1e:f6:da:87:2a:63:90:3e:78:61:bd:6d:34:
                    ac:b3:55:de:5c:33:3b:08:29:f1:32:cb:e3:e8:28:
                    f4:9a:40:65:f6:5f:f0:68:81:96:e3:ec:e1:ea:17:
                    3a:6b:a0:38:b5:e4:77:fd:1d:9a:5e:1e:81:1a:a9:
                    b7:f2:ab:67:bf:9c:2a:54:4b:c1:f7:07:70:0c:74:
                    1d:13:9e:98:64:17:ea:9b:3e:c9:64:f7:a0:3e:8d:
                    d3:1d:3f:b9:48:bf:c2:73:63:62:32:c3:28:d5:8b:
                    25:61:2d:19:c4:68:84:0b:8d:d3:7e:78:5d:e8:0d:
                    e2:64:ef:ad:ba:48:d6:a3:cd:ac:f3:20:ab:53:c2:
                    85:be:6e:0c:15:0a:8f:97:e7:74:ab:9d:d4:a5:6f:
                    7d:ff:f9:75:2f:93:e9:34:97:0b:3f:dc:23:53:21:
                    86:3a:19:ca:6a:ee:58:5d:4c:b4:c8:4a:2c:98:f6:
                    26:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:D7:64:49:F8:41:49:E7:1A:BB:2E:77:64:E1:32:A5:FA:45:8B:C4
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/BNdkSfhBSecauy53ZOEypfpFi8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:b00b::/48

    Signature Algorithm: sha256WithRSAEncryption
         55:89:1d:5c:61:a6:5d:49:07:10:b0:a1:79:b0:a5:37:f2:52:
         7d:56:39:55:04:3c:5a:35:8c:11:34:92:e4:56:10:64:da:7b:
         0c:5e:b9:09:c1:c9:c4:bd:70:3a:1d:05:fa:f6:17:a9:e7:b0:
         5b:65:fa:8d:8f:ed:5a:cc:5f:36:1a:e7:3c:ba:83:d9:59:6e:
         68:ce:6c:cf:c6:60:1d:ac:3e:18:23:4d:34:a6:ea:5b:28:54:
         10:1a:d8:52:ee:2e:51:02:cf:8d:8b:9b:77:60:e9:1e:75:be:
         14:7a:46:60:c2:78:2a:df:a1:6a:f9:fb:8e:27:12:20:10:dd:
         1f:4a:c9:2a:f2:c2:ef:a8:f7:f3:bc:ed:f0:97:81:8a:bc:f3:
         c8:80:c3:87:2a:59:37:47:2f:01:ac:7d:d9:e6:78:03:c3:94:
         de:db:06:c9:3f:54:9e:6f:93:e6:48:c6:40:15:ac:f4:3b:44:
         91:35:27:04:69:ba:53:6c:3d:2e:30:12:74:c8:3d:43:84:6b:
         7b:5c:16:55:04:a2:ed:e0:ab:3c:30:29:31:01:14:ec:ff:ed:
         6e:a1:8c:12:95:06:ed:e9:69:6e:3b:5b:da:5c:55:83:21:ad:
         7f:3a:7c:94:ed:80:92:8a:40:34:4b:8e:72:ea:e5:08:d8:38:
         3e:c4:d3:3c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY59jXWJeJAFe65tfsx0WlpcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMzI3MDEzNjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNGQ3NjQ0OWY4NDE0OWU3MWFiYjJlNzc2NGUxMzJhNWZhNDU4YmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiXRD+P5XRHvqP0PrOG0ajPRWq1H
XG7sqZ2xaFrgNdzkUntJso1sHg2Aw/sx0or7lwRBHFApwpiDpM2cWUVKcpMjhhzj
HX92zyGZQB722ocqY5A+eGG9bTSss1XeXDM7CCnxMsvj6Cj0mkBl9l/waIGW4+zh
6hc6a6A4teR3/R2aXh6BGqm38qtnv5wqVEvB9wdwDHQdE56YZBfqmz7JZPegPo3T
HT+5SL/Cc2NiMsMo1YslYS0ZxGiEC43Tfnhd6A3iZO+tukjWo82s8yCrU8KFvm4M
FQqPl+d0q53UpW99//l1L5PpNJcLP9wjUyGGOhnKau5YXUy0yEosmPYmqwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFATXZEn4QUnnGrsud2ThMqX6RYvEMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvQk5ka1NmaEJTZWNhdXk1M1pPRXlwZnBGaThRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQbAL
MA0GCSqGSIb3DQEBCwUAA4IBAQBViR1cYaZdSQcQsKF5sKU38lJ9VjlVBDxaNYwR
NJLkVhBk2nsMXrkJwcnEvXA6HQX69hep57BbZfqNj+1azF82Guc8uoPZWW5ozmzP
xmAdrD4YI000pupbKFQQGthS7i5RAs+Ni5t3YOkedb4UekZgwngq36Fq+fuOJxIg
EN0fSskq8sLvqPfzvO3wl4GKvPPIgMOHKlk3Ry8BrH3Z5ngDw5Te2wbJP1Seb5Pm
SMZAFaz0O0SRNScEabpTbD0uMBJ0yD1DhGt7XBZVBKLt4Ks8MCkxARTs/+1uoYwS
lQbt6WluO1vaXFWDIa1/OnyU7YCSikA0S45y6uUI2Dg+xNM8
-----END CERTIFICATE-----