Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/XYYDIXiK6DLY6uUmH1bLSCpurpI.roa
File:                     XYYDIXiK6DLY6uUmH1bLSCpurpI.roa (raw, json)
Hash identifier:          2nb9BodFkoof3d5aJD3mP2QX8Y82jT6IwRaoI0HoLFA=
Subject key identifier:   5D:86:03:21:78:8A:E8:32:D8:EA:E5:26:1F:56:CB:48:2A:6E:AE:92
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0195B9B34A5935E9F83380665625F38F5D06
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/XYYDIXiK6DLY6uUmH1bLSCpurpI.roa
Signing time:             Fri 21 Mar 2025 17:14:49 +0000
ROA not before:           Fri 21 Mar 2025 17:14:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        2a0f:b241:1000::/36 maxlen: 48
                          2a0f:b241:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b9:b3:4a:59:35:e9:f8:33:80:66:56:25:f3:8f:5d:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Mar 21 17:14:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5d860321788ae832d8eae5261f56cb482a6eae92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:f6:0b:08:66:7f:da:3b:bf:0f:b7:3a:8b:62:
                    94:e3:a1:38:48:6c:54:66:ac:e5:15:3b:f3:51:c2:
                    47:87:70:33:3e:27:12:f1:d4:3b:e4:b4:10:09:09:
                    f3:a2:73:cf:cb:7e:b9:88:3b:f5:ba:5b:d5:7b:cf:
                    75:1e:e8:68:17:f2:fd:f5:36:0b:5d:1e:7b:f2:5f:
                    6e:20:8a:b1:da:c0:fd:53:86:28:71:f5:ae:c7:d3:
                    8c:7b:5f:31:22:0e:03:83:71:26:9b:f2:30:15:9d:
                    4b:04:47:57:97:93:67:6f:d1:07:2f:92:ab:0b:0e:
                    84:bc:8b:1d:8e:37:14:26:fd:12:80:b3:0e:9e:38:
                    f2:08:39:93:86:98:e1:a1:cf:97:74:23:32:4a:0e:
                    0e:45:5e:40:9f:dd:c7:45:3b:85:04:6f:cc:f9:bd:
                    5f:b4:d8:14:76:29:44:9d:4b:82:35:df:82:ed:71:
                    bf:43:c8:1d:22:62:12:0c:12:11:4f:dc:ff:a2:30:
                    8e:01:9e:97:72:47:57:f6:2b:90:f4:c1:a5:61:62:
                    64:d4:5e:8c:b2:aa:df:2c:34:49:29:80:71:57:3f:
                    e9:b1:28:aa:03:c7:c0:c8:9a:4d:9f:d6:f2:cd:40:
                    b8:7d:14:49:7f:9f:d1:a6:db:e1:2a:c4:af:7a:bf:
                    aa:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:86:03:21:78:8A:E8:32:D8:EA:E5:26:1F:56:CB:48:2A:6E:AE:92
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/XYYDIXiK6DLY6uUmH1bLSCpurpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:1000::-2a0f:b241:2fff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         1b:18:72:aa:18:ef:25:af:42:44:72:aa:49:42:95:e7:42:33:
         83:78:07:63:e4:22:97:fb:d5:13:be:75:a7:b7:2e:83:f4:d3:
         f2:d7:76:2a:b0:24:3d:64:0c:67:bb:69:ad:ab:23:88:f5:67:
         95:bd:f6:48:b3:06:a2:40:4d:d0:64:f1:ea:4e:bc:f0:2d:d2:
         f7:4f:51:fb:a0:a5:72:c4:fd:b9:01:4e:d0:a6:ff:02:19:d3:
         6d:47:0e:25:bc:4b:cd:ff:f7:7d:e2:d1:96:64:85:9b:99:ff:
         a4:b1:29:5a:6a:d3:b4:b7:4d:da:6c:c8:5e:96:7d:67:68:ac:
         d9:34:79:72:de:ca:19:e7:24:29:e1:ad:30:98:66:c0:04:e4:
         6b:d7:02:88:f6:73:b7:cf:00:32:d9:04:01:1e:ab:f1:4e:9a:
         d4:9d:c7:02:b8:ea:38:ea:66:88:45:68:24:42:c1:8e:1f:60:
         f7:39:b9:f3:4c:ad:34:e7:e7:82:1d:4a:38:75:30:10:9f:7c:
         d6:c5:0d:0c:ba:ca:ee:70:9c:a8:bc:d9:85:0e:1b:ac:0c:19:
         7a:3d:94:79:08:bb:1b:70:4f:23:05:1b:7a:58:20:b1:39:a4:
         82:d8:fc:e9:d8:7e:f8:0f:2a:3d:a9:e4:82:fe:dc:f2:b4:ac:
         8c:95:9c:a4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZW5s0pZNen4M4BmViXzj10GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwMzIxMTcxNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDg2MDMyMTc4OGFlODMyZDhlYWU1MjYxZjU2Y2I0ODJhNmVhZTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuvYLCGZ/2ju/D7c6i2KU46E4SGxU
ZqzlFTvzUcJHh3AzPicS8dQ75LQQCQnzonPPy365iDv1ulvVe891HuhoF/L99TYL
XR578l9uIIqx2sD9U4YocfWux9OMe18xIg4Dg3Emm/IwFZ1LBEdXl5Nnb9EHL5Kr
Cw6EvIsdjjcUJv0SgLMOnjjyCDmThpjhoc+XdCMySg4ORV5An93HRTuFBG/M+b1f
tNgUdilEnUuCNd+C7XG/Q8gdImISDBIRT9z/ojCOAZ6XckdX9iuQ9MGlYWJk1F6M
sqrfLDRJKYBxVz/psSiqA8fAyJpNn9byzUC4fRRJf5/RptvhKsSver+qdQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF2GAyF4iugy2OrlJh9Wy0gqbq6SMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvWFlZRElYaUs2RExZNnVVbUgxYkxTQ3B1cnBJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASMBADBgQqD7JB
EAMGBCoPskEgMA0GCSqGSIb3DQEBCwUAA4IBAQAbGHKqGO8lr0JEcqpJQpXnQjOD
eAdj5CKX+9UTvnWnty6D9NPy13YqsCQ9ZAxnu2mtqyOI9WeVvfZIswaiQE3QZPHq
TrzwLdL3T1H7oKVyxP25AU7Qpv8CGdNtRw4lvEvN//d94tGWZIWbmf+ksSlaatO0
t03abMheln1naKzZNHly3soZ5yQp4a0wmGbABORr1wKI9nO3zwAy2QQBHqvxTprU
nccCuOo46maIRWgkQsGOH2D3ObnzTK005+eCHUo4dTAQn3zWxQ0MusrucJyovNmF
DhusDBl6PZR5CLsbcE8jBRt6WCCxOaSC2Pzp2H74Dyo9qeSC/tzytKyMlZyk
-----END CERTIFICATE-----