Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/IB7jGdsbrYbojEj61iXg0jZxN9s.roa
File:                     IB7jGdsbrYbojEj61iXg0jZxN9s.roa (raw, json)
Hash identifier:          Xy5JuRc2hlRPY3NNLYZ/D4DGPQuXIDXZ1/I0yi8ym6w=
Subject key identifier:   20:1E:E3:19:DB:1B:AD:86:E8:8C:48:FA:D6:25:E0:D2:36:71:37:DB
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199A4A4B8E62A8AB24681225695E6F1B796
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/IB7jGdsbrYbojEj61iXg0jZxN9s.roa
Signing time:             Thu 02 Oct 2025 11:18:02 +0000
ROA not before:           Thu 02 Oct 2025 11:18:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213768
IP address blocks:        2a0f:b240:800::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 Oct 2025 15:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:a4:b8:e6:2a:8a:b2:46:81:22:56:95:e6:f1:b7:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  2 11:18:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=201ee319db1bad86e88c48fad625e0d2367137db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c4:14:47:b4:ed:39:e9:96:4d:97:1c:d9:2a:
                    68:5b:ee:be:87:13:ea:bc:a0:b1:0e:1a:ab:56:6a:
                    d4:c4:2c:35:39:8f:68:61:bb:c8:9c:0f:53:2e:95:
                    fe:28:3b:ff:76:d5:e8:e6:6d:a2:e3:79:43:c0:43:
                    06:d9:c8:dd:33:2e:e0:6e:de:a2:e7:ad:2a:dc:ca:
                    2e:af:25:bc:a4:d0:21:1f:de:ab:0e:ab:f3:62:41:
                    51:ac:94:3e:bb:f0:55:68:97:14:0e:8e:c3:40:6d:
                    29:f9:ab:5a:e3:40:70:43:a6:fb:22:eb:00:40:cb:
                    ab:b3:39:7b:9b:75:99:33:54:03:da:93:7d:7a:d5:
                    52:b2:05:72:9c:e0:8d:35:7d:14:d0:3e:8d:54:4c:
                    a3:ef:b7:5a:9c:c5:4c:dd:34:e5:d0:2d:66:ef:a9:
                    49:34:27:d5:c7:f6:70:d6:c6:d2:b6:79:e8:6b:44:
                    e2:a8:0f:f5:63:66:a1:79:b2:c8:ee:01:76:0a:d6:
                    65:65:89:17:1f:6f:8e:3c:84:7a:26:53:11:4c:a1:
                    ed:4d:81:0f:21:b4:3f:e4:60:8b:31:fc:09:c8:6c:
                    6e:b1:ed:7e:37:d7:bd:b6:15:bd:1c:1f:c4:56:2c:
                    38:39:d5:ec:58:77:95:1f:78:1c:9b:26:76:a9:ab:
                    35:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:1E:E3:19:DB:1B:AD:86:E8:8C:48:FA:D6:25:E0:D2:36:71:37:DB
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/IB7jGdsbrYbojEj61iXg0jZxN9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:800::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:d7:40:8e:90:0f:8e:fa:7b:6e:4d:a2:90:c4:32:ae:df:f3:
         51:16:bf:db:b0:82:2a:d7:9b:76:4b:b4:54:c9:9b:b3:ba:71:
         4e:de:98:91:3e:d9:6d:7b:58:ab:60:0b:48:37:61:9e:fd:b9:
         2f:1c:1c:0e:2d:32:a5:05:fb:dd:1b:65:bc:ce:94:09:bc:19:
         87:82:12:9d:2d:4a:d8:54:5d:ed:77:f8:83:d2:b3:16:23:c3:
         4f:d9:bc:c9:bf:80:78:3d:9c:95:5b:85:83:04:fa:8a:70:31:
         9a:cc:f3:45:49:b2:51:a1:ad:a4:c3:2d:84:fe:24:33:36:3a:
         29:f0:98:24:7f:ba:8d:d0:f4:8f:ad:36:3f:37:4d:17:1d:cb:
         48:ec:60:34:97:c6:74:be:07:66:6e:2e:33:05:97:b2:11:24:
         84:68:1f:0f:3d:56:fc:0d:6b:b9:dc:5b:fe:33:00:5a:ed:59:
         06:90:fd:7f:f9:36:5b:67:1b:1f:25:b9:37:82:24:57:28:f3:
         d7:5f:07:5b:0f:44:68:72:8a:3d:17:7a:23:dc:6c:70:4a:36:
         d1:9d:69:3e:3a:10:9e:cb:80:a4:4c:2b:0c:54:35:eb:c9:55:
         51:9e:41:c2:fd:e0:a6:8f:42:79:fc:a6:b5:fb:ed:c9:06:6d:
         40:d3:18:0a
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmkpLjmKoqyRoEiVpXm8beWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAyMTExODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDFlZTMxOWRiMWJhZDg2ZTg4YzQ4ZmFkNjI1ZTBkMjM2NzEzN2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcQUR7TtOemWTZcc2SpoW+6+hxPq
vKCxDhqrVmrUxCw1OY9oYbvInA9TLpX+KDv/dtXo5m2i43lDwEMG2cjdMy7gbt6i
560q3MouryW8pNAhH96rDqvzYkFRrJQ+u/BVaJcUDo7DQG0p+ata40BwQ6b7IusA
QMurszl7m3WZM1QD2pN9etVSsgVynOCNNX0U0D6NVEyj77danMVM3TTl0C1m76lJ
NCfVx/Zw1sbStnnoa0TiqA/1Y2ahebLI7gF2CtZlZYkXH2+OPIR6JlMRTKHtTYEP
IbQ/5GCLMfwJyGxuse1+N9e9thW9HB/EViw4OdXsWHeVH3gcmyZ2qas1HwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCAe4xnbG62G6IxI+tYl4NI2cTfbMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvSUI3akdkc2JyWWJvakVqNjFpWGcwalp4TjlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQAgw
DQYJKoZIhvcNAQELBQADggEBAB7XQI6QD476e25NopDEMq7f81EWv9uwgirXm3ZL
tFTJm7O6cU7emJE+2W17WKtgC0g3YZ79uS8cHA4tMqUF+90bZbzOlAm8GYeCEp0t
SthUXe13+IPSsxYjw0/ZvMm/gHg9nJVbhYME+opwMZrM80VJslGhraTDLYT+JDM2
OinwmCR/uo3Q9I+tNj83TRcdy0jsYDSXxnS+B2ZuLjMFl7IRJIRoHw89VvwNa7nc
W/4zAFrtWQaQ/X/5NltnGx8luTeCJFco89dfB1sPRGhyij0XeiPcbHBKNtGdaT46
EJ7LgKRMKwxUNevJVVGeQcL94KaPQnn8prX77ckGbUDTGAo=
-----END CERTIFICATE-----