Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/YkHapNEo4OI8xewnq6pxlJRfV1Y.roa
File:                     YkHapNEo4OI8xewnq6pxlJRfV1Y.roa (raw, json)
Hash identifier:          M6yVqLT/Hjx4US+H2ZaQ18eaXeIIlgZ5G6tiV8pOI0I=
Subject key identifier:   62:41:DA:A4:D1:28:E0:E2:3C:C5:EC:27:AB:AA:71:94:94:5F:57:56
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F07465DA51D35CB94BF6165EBA9C3B
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/YkHapNEo4OI8xewnq6pxlJRfV1Y.roa
Signing time:             Wed 07 Feb 2024 05:00:35 +0000
ROA not before:           Wed 07 Feb 2024 05:00:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198981
IP address blocks:        2a0f:b241:7e::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:74:65:da:51:d3:5c:b9:4b:f6:16:5e:ba:9c:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6241daa4d128e0e23cc5ec27abaa7194945f5756
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:91:f2:bc:14:51:d3:7d:85:34:c3:37:ab:ca:
                    6c:b3:98:70:f7:ae:02:10:c7:3b:1c:33:8f:bd:38:
                    6b:78:92:91:59:81:8e:5e:34:8d:38:53:2d:21:4c:
                    13:e7:7b:13:07:f0:cf:c3:45:c0:78:85:4d:25:54:
                    b6:84:9b:3c:8c:06:59:9b:a6:b3:a1:75:7f:7f:30:
                    c8:cc:01:7c:43:d2:a9:d4:83:c5:72:7f:89:01:c0:
                    94:c1:56:01:4c:a7:24:5b:7b:a3:a3:ea:00:8c:8a:
                    82:8e:72:ac:c6:c6:04:0d:25:66:00:31:af:6c:26:
                    c3:b5:0d:97:ed:b6:8d:ed:01:73:e1:32:cf:74:4d:
                    ab:b2:3f:0c:76:a2:36:f9:ff:76:ca:bb:e6:80:06:
                    89:4d:b6:b2:3d:3b:59:8a:98:df:ec:68:db:12:68:
                    b0:72:2f:8e:de:5c:a7:17:4a:aa:4f:51:86:42:58:
                    31:d2:0c:2f:b1:97:af:4d:08:3e:e1:0f:f0:e3:ce:
                    fa:6a:d1:67:61:e8:f8:f7:41:15:33:5b:e8:6d:88:
                    a6:b0:87:49:de:70:d1:1c:fb:e7:2a:81:ad:36:08:
                    e4:b6:20:11:f7:0a:d9:52:4a:7e:24:a9:5f:9d:ec:
                    74:5e:21:96:bb:72:74:c8:43:9c:75:21:a2:31:c7:
                    69:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:41:DA:A4:D1:28:E0:E2:3C:C5:EC:27:AB:AA:71:94:94:5F:57:56
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/YkHapNEo4OI8xewnq6pxlJRfV1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:7e::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:cd:41:52:b0:e0:57:bd:5c:7c:06:cf:66:32:7e:3f:18:e1:
         d8:df:43:34:08:aa:f5:52:22:97:50:46:22:2c:60:5b:bf:6e:
         f6:88:9b:b0:aa:e7:db:d7:46:38:82:0e:d7:39:65:9a:18:83:
         84:d4:c2:1f:b3:e2:27:35:6a:58:2d:a9:67:44:b3:e8:8a:48:
         2e:ef:75:d9:bc:91:64:39:bc:fe:38:08:3b:c1:ae:41:ca:38:
         df:d9:87:53:70:51:f2:41:02:bc:aa:cf:8a:fd:54:ae:e4:0f:
         82:56:7d:0e:92:aa:1b:bd:b7:2e:0f:ef:71:98:36:98:3b:a6:
         a3:a1:db:8f:bd:23:3e:78:1d:92:76:e1:b1:0c:52:8a:fe:a8:
         c2:50:5c:78:2a:9e:ac:46:a6:07:f5:a3:1b:4d:da:e1:7e:be:
         7a:12:47:89:7e:5b:a6:91:6c:63:d5:b4:da:c4:8c:1f:aa:dd:
         5d:4b:fe:b5:8b:06:95:da:66:d9:e5:b9:64:4e:df:f3:81:30:
         dc:df:04:0e:10:7a:59:a4:ce:e6:8f:c7:36:4c:ae:72:47:ac:
         68:fd:f1:4c:76:e9:8b:67:24:28:e8:5f:f2:d9:64:3a:b7:b8:
         19:32:15:7c:35:f1:aa:c7:35:ce:ed:9d:78:b6:17:80:7a:7a:
         33:2b:d7:2f
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8HRl2lHTXLlL9hZeupw7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjQxZGFhNGQxMjhlMGUyM2NjNWVjMjdhYmFhNzE5NDk0NWY1NzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJHyvBRR032FNMM3q8pss5hw964C
EMc7HDOPvThreJKRWYGOXjSNOFMtIUwT53sTB/DPw0XAeIVNJVS2hJs8jAZZm6az
oXV/fzDIzAF8Q9Kp1IPFcn+JAcCUwVYBTKckW3ujo+oAjIqCjnKsxsYEDSVmADGv
bCbDtQ2X7baN7QFz4TLPdE2rsj8MdqI2+f92yrvmgAaJTbayPTtZipjf7GjbEmiw
ci+O3lynF0qqT1GGQlgx0gwvsZevTQg+4Q/w4876atFnYej490EVM1vobYimsIdJ
3nDRHPvnKoGtNgjktiAR9wrZUkp+JKlfnex0XiGWu3J0yEOcdSGiMcdpJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGJB2qTRKODiPMXsJ6uqcZSUX1dWMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvWWtIYXBORW80T0k4eGV3bnE2cHhsSlJmVjFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQB+
MA0GCSqGSIb3DQEBCwUAA4IBAQA2zUFSsOBXvVx8Bs9mMn4/GOHY30M0CKr1UiKX
UEYiLGBbv272iJuwqufb10Y4gg7XOWWaGIOE1MIfs+InNWpYLalnRLPoikgu73XZ
vJFkObz+OAg7wa5Byjjf2YdTcFHyQQK8qs+K/VSu5A+CVn0OkqobvbcuD+9xmDaY
O6ajoduPvSM+eB2SduGxDFKK/qjCUFx4Kp6sRqYH9aMbTdrhfr56EkeJflumkWxj
1bTaxIwfqt1dS/61iwaV2mbZ5blkTt/zgTDc3wQOEHpZpM7mj8c2TK5yR6xo/fFM
dumLZyQo6F/y2WQ6t7gZMhV8NfGqxzXO7Z14theAenozK9cv
-----END CERTIFICATE-----