Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/TYbQb6nAykgfZpTLM5CDZmBUTI4.roa
File:                     TYbQb6nAykgfZpTLM5CDZmBUTI4.roa (raw, json)
Hash identifier:          4OqfLK4hIuf3nSOYvcQYH+jYj9oCVMStY2FW5J9zU3I=
Subject key identifier:   4D:86:D0:6F:A9:C0:CA:48:1F:66:94:CB:33:90:83:66:60:54:4C:8E
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F0B3045AC72F9E16489117EF030347
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/TYbQb6nAykgfZpTLM5CDZmBUTI4.roa
Signing time:             Wed 07 Feb 2024 05:00:51 +0000
ROA not before:           Wed 07 Feb 2024 05:00:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215642
IP address blocks:        2a0f:b241:14f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:b3:04:5a:c7:2f:9e:16:48:91:17:ef:03:03:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4d86d06fa9c0ca481f6694cb3390836660544c8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:63:8c:0b:8f:b5:f0:17:0d:a8:a2:8e:69:7a:
                    23:18:1f:d5:7e:15:98:32:1b:65:cf:66:7c:5e:6c:
                    c3:5a:74:22:1d:e7:e9:48:45:4b:1c:1c:97:6f:33:
                    3c:ad:99:cc:41:d1:9b:83:b7:5d:77:b1:61:45:29:
                    0e:da:e8:95:f1:d4:f7:be:40:20:4a:9e:83:18:ae:
                    8b:fc:1d:97:7d:a4:80:b1:3c:25:91:3a:0d:9b:40:
                    74:d4:81:9d:7a:5d:ee:4f:6d:d5:a7:a2:6b:eb:1f:
                    1f:ec:79:92:ed:6a:9f:65:f4:91:90:4a:57:f0:2c:
                    13:5c:3b:41:59:3a:b2:32:57:6f:d2:8e:e8:7d:cd:
                    34:53:1c:31:d3:f1:d0:ac:d9:c8:9f:93:14:eb:a8:
                    1c:48:43:84:61:60:54:ad:e4:c9:c8:a2:93:7f:3f:
                    6d:ff:9c:6b:03:5f:f5:eb:46:a1:af:4d:e6:50:2c:
                    26:b3:79:08:ab:8a:75:8c:45:23:56:b9:f6:94:2a:
                    af:59:ff:63:c5:2b:b6:f4:21:7a:b2:60:de:ff:1f:
                    b6:7b:3b:d1:21:98:de:d2:43:d7:9d:40:96:98:f3:
                    84:b5:19:07:e4:bb:0c:2b:d3:ef:a8:8e:ca:82:5e:
                    8b:50:a7:aa:79:b3:02:25:ae:15:84:1e:d9:0f:96:
                    e9:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:86:D0:6F:A9:C0:CA:48:1F:66:94:CB:33:90:83:66:60:54:4C:8E
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/TYbQb6nAykgfZpTLM5CDZmBUTI4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:14f::/48

    Signature Algorithm: sha256WithRSAEncryption
         1c:b2:e6:32:06:a4:f3:7c:ee:e7:8d:85:8f:dc:ef:c9:68:04:
         89:ff:fc:4d:83:43:21:67:c2:5f:a3:ad:56:36:19:36:b9:4d:
         f3:f3:2a:db:9c:46:56:f7:90:65:af:dd:53:45:72:46:7a:f8:
         e2:6c:01:ff:ee:b8:27:15:2b:d7:eb:cc:92:45:f9:24:ed:8e:
         50:b3:f1:8d:15:73:67:f8:05:83:36:67:10:b6:c5:9e:a1:0a:
         de:36:0d:24:a6:5b:74:bf:bb:c4:a9:de:74:00:d4:c4:17:13:
         22:d5:ed:80:07:31:91:c0:e6:2d:fc:7c:55:f8:f6:bf:b8:17:
         eb:e6:55:d4:ff:53:62:fd:5c:27:02:06:92:37:46:52:91:48:
         8c:21:de:5f:5a:1f:dd:ca:54:c4:ea:92:9f:8b:5d:b6:6d:6b:
         55:76:5b:fe:d5:78:17:37:59:e7:85:05:b2:b8:59:89:82:fb:
         59:25:e2:c2:e1:dc:ec:3d:eb:87:2c:4d:b1:65:a5:a1:23:fb:
         ca:56:0f:73:54:da:b9:c8:15:65:e0:14:f1:2d:43:52:35:d1:
         75:4f:da:85:a8:fe:11:f6:0b:39:14:8b:3d:42:c3:dd:a7:6d:
         0d:70:1c:d7:5e:2b:d9:0e:70:41:d1:a1:c1:b5:5c:ff:bd:ee:
         2b:fd:e2:be
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8LMEWscvnhZIkRfvAwNHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDg2ZDA2ZmE5YzBjYTQ4MWY2Njk0Y2IzMzkwODM2NjYwNTQ0YzhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGOMC4+18BcNqKKOaXojGB/VfhWY
Mhtlz2Z8XmzDWnQiHefpSEVLHByXbzM8rZnMQdGbg7ddd7FhRSkO2uiV8dT3vkAg
Sp6DGK6L/B2XfaSAsTwlkToNm0B01IGdel3uT23Vp6Jr6x8f7HmS7WqfZfSRkEpX
8CwTXDtBWTqyMldv0o7ofc00Uxwx0/HQrNnIn5MU66gcSEOEYWBUreTJyKKTfz9t
/5xrA1/160ahr03mUCwms3kIq4p1jEUjVrn2lCqvWf9jxSu29CF6smDe/x+2ezvR
IZje0kPXnUCWmPOEtRkH5LsMK9PvqI7Kgl6LUKeqebMCJa4VhB7ZD5bpcwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFE2G0G+pwMpIH2aUyzOQg2ZgVEyOMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvVFliUWI2bkF5a2dmWnBUTE01Q0RabUJVVEk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQFP
MA0GCSqGSIb3DQEBCwUAA4IBAQAcsuYyBqTzfO7njYWP3O/JaASJ//xNg0MhZ8Jf
o61WNhk2uU3z8yrbnEZW95Blr91TRXJGevjibAH/7rgnFSvX68ySRfkk7Y5Qs/GN
FXNn+AWDNmcQtsWeoQreNg0kplt0v7vEqd50ANTEFxMi1e2ABzGRwOYt/HxV+Pa/
uBfr5lXU/1Ni/VwnAgaSN0ZSkUiMId5fWh/dylTE6pKfi122bWtVdlv+1XgXN1nn
hQWyuFmJgvtZJeLC4dzsPeuHLE2xZaWhI/vKVg9zVNq5yBVl4BTxLUNSNdF1T9qF
qP4R9gs5FIs9QsPdp20NcBzXXivZDnBB0aHBtVz/ve4r/eK+
-----END CERTIFICATE-----