Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/VdUi8kYGrm_j8LW6wY5Y-TS-oSg.roa
File:                     VdUi8kYGrm_j8LW6wY5Y-TS-oSg.roa (raw, json)
Hash identifier:          A5/xnDtO7Cvp3FOYXZe+v2uK5OKl2IbWmtNBu5aaRm8=
Subject key identifier:   55:D5:22:F2:46:06:AE:6F:E3:F0:B5:BA:C1:8E:58:F9:34:BE:A1:28
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0196641D6637802CFFBE94E8BEB52EBCB31A
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/VdUi8kYGrm_j8LW6wY5Y-TS-oSg.roa
Signing time:             Wed 23 Apr 2025 19:26:10 +0000
ROA not before:           Wed 23 Apr 2025 19:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62513
IP address blocks:        2a0f:b241:8::/46 maxlen: 48
                          2a0f:b243::/32 maxlen: 48
                          2a0f:b247::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:64:1d:66:37:80:2c:ff:be:94:e8:be:b5:2e:bc:b3:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Apr 23 19:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=55d522f24606ae6fe3f0b5bac18e58f934bea128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:67:ff:27:e0:5e:c4:bc:90:5c:95:64:fa:4d:
                    b5:4a:a8:52:bf:fd:b7:f0:0a:d2:bf:56:6a:20:91:
                    be:74:dd:b9:e7:5b:bc:7d:81:46:bc:43:b4:cd:ed:
                    fd:04:fa:69:1e:db:3a:96:c2:0a:df:b4:70:eb:d1:
                    a6:77:dd:f2:4d:40:23:50:2d:70:0d:10:af:23:11:
                    63:01:29:d4:9a:e1:f2:31:66:a5:b8:04:d1:11:0e:
                    f9:15:8f:d5:f9:2f:ba:bc:7b:5b:56:52:b1:ea:26:
                    ba:e5:cc:ad:30:12:28:8c:41:35:ac:0c:07:4d:6c:
                    3b:a9:dc:2a:e1:55:03:46:a0:16:25:b2:33:25:24:
                    82:95:8c:6c:d9:26:2d:68:01:6a:a5:09:18:69:5b:
                    36:9c:a9:f6:ed:f0:ad:1e:ca:c5:4c:0e:fa:72:74:
                    94:bc:fc:ce:61:4b:94:d0:2a:44:05:94:63:b5:d0:
                    79:e3:f0:8b:3e:3d:60:6b:5e:f7:ff:a6:de:61:78:
                    97:be:5d:c3:94:80:b9:6d:47:87:12:dd:e0:87:5d:
                    bf:ca:c9:3e:3f:4b:9c:9c:49:a8:81:ca:8d:9f:2a:
                    df:c3:88:f9:8c:ca:dc:98:bd:7b:ee:30:79:82:12:
                    5b:90:fa:36:8b:a8:b8:f6:b0:e2:20:62:33:51:ee:
                    e2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:D5:22:F2:46:06:AE:6F:E3:F0:B5:BA:C1:8E:58:F9:34:BE:A1:28
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/VdUi8kYGrm_j8LW6wY5Y-TS-oSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:8::/46
                  2a0f:b243::/32
                  2a0f:b247::/32

    Signature Algorithm: sha256WithRSAEncryption
         80:5a:2a:e5:aa:8a:af:86:8d:bd:f9:4d:db:28:28:4d:4a:b6:
         a0:c6:21:22:ec:cf:e0:c4:4f:e2:37:34:89:8d:93:6d:95:ad:
         c8:5e:e9:52:be:55:75:e1:8c:6b:24:9d:bd:51:64:37:ed:3f:
         a7:5a:9a:36:c2:c3:5a:c7:db:73:5d:55:56:d1:ba:bf:98:d9:
         a2:47:d1:67:4e:6f:06:75:c3:8b:fa:11:cb:b0:28:24:0d:de:
         3c:88:08:5c:d4:4f:c0:f0:86:be:51:af:d6:c3:59:29:ed:3b:
         22:32:00:e7:d7:65:6e:94:ba:e1:12:5d:e3:fd:48:80:5b:74:
         a4:c0:89:8f:e0:3a:bf:31:1e:8d:45:6d:2c:12:79:ab:14:79:
         31:89:29:77:78:fb:47:84:ad:ec:b3:08:fe:05:dd:99:ab:da:
         00:9e:70:63:cc:3f:09:42:ef:25:b4:22:b9:23:e8:7b:d3:30:
         6d:ca:c6:77:a8:c3:fe:b9:ff:00:bc:14:1b:7b:e6:ba:da:99:
         9e:26:43:54:ea:1c:a8:ba:be:9c:b3:7f:34:5f:95:34:63:04:
         70:c6:0a:0c:4c:8c:ac:bd:e4:60:30:f6:c6:17:74:71:42:ac:
         4c:79:75:9a:19:b4:fd:8e:5c:81:64:ec:14:72:e1:77:61:84:
         42:24:1a:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZZkHWY3gCz/vpTovrUuvLMaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwNDIzMTkyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWQ1MjJmMjQ2MDZhZTZmZTNmMGI1YmFjMThlNThmOTM0YmVhMTI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuWf/J+BexLyQXJVk+k21SqhSv/23
8ArSv1ZqIJG+dN2551u8fYFGvEO0ze39BPppHts6lsIK37Rw69Gmd93yTUAjUC1w
DRCvIxFjASnUmuHyMWaluATREQ75FY/V+S+6vHtbVlKx6ia65cytMBIojEE1rAwH
TWw7qdwq4VUDRqAWJbIzJSSClYxs2SYtaAFqpQkYaVs2nKn27fCtHsrFTA76cnSU
vPzOYUuU0CpEBZRjtdB54/CLPj1ga173/6beYXiXvl3DlIC5bUeHEt3gh12/ysk+
P0ucnEmogcqNnyrfw4j5jMrcmL177jB5ghJbkPo2i6i49rDiIGIzUe7i+QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFFXVIvJGBq5v4/C1usGOWPk0vqEoMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvVmRVaThrWUdybV9qOExXNndZNVktVFMtb1NnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAdBAIAAjAXAwcCKg+yQQAI
AwUAKg+yQwMFACoPskcwDQYJKoZIhvcNAQELBQADggEBAIBaKuWqiq+Gjb35Tdso
KE1KtqDGISLsz+DET+I3NImNk22Vrche6VK+VXXhjGsknb1RZDftP6damjbCw1rH
23NdVVbRur+Y2aJH0WdObwZ1w4v6EcuwKCQN3jyICFzUT8Dwhr5Rr9bDWSntOyIy
AOfXZW6UuuESXeP9SIBbdKTAiY/gOr8xHo1FbSwSeasUeTGJKXd4+0eEreyzCP4F
3Zmr2gCecGPMPwlC7yW0Irkj6HvTMG3Kxneow/65/wC8FBt75rramZ4mQ1TqHKi6
vpyzfzRflTRjBHDGCgxMjKy95GAw9sYXdHFCrEx5dZoZtP2OXIFk7BRy4XdhhEIk
GvY=
-----END CERTIFICATE-----