Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZbHp2Q0SQCE3MMYBAQ4MOMTgPEM.roa
File:                     ZbHp2Q0SQCE3MMYBAQ4MOMTgPEM.roa (raw, json)
Hash identifier:          TQP4ZxqijWk9XzygHeIy2mb/KtPqcpn8/1/3cIo31Ss=
Subject key identifier:   65:B1:E9:D9:0D:12:40:21:37:30:C6:01:01:0E:0C:38:C4:E0:3C:43
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019428257321192E937F93119598CAE3BF1A
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZbHp2Q0SQCE3MMYBAQ4MOMTgPEM.roa
Signing time:             Thu 02 Jan 2025 17:52:10 +0000
ROA not before:           Thu 02 Jan 2025 17:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59678
IP address blocks:        2a0f:b241:15::/48 maxlen: 48
                          2a0f:b241:123::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 21:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:73:21:19:2e:93:7f:93:11:95:98:ca:e3:bf:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jan  2 17:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=65b1e9d90d1240213730c601010e0c38c4e03c43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8a:5f:ae:2e:c4:d5:bb:36:cf:ad:39:db:fe:
                    c4:a9:e1:0a:cc:e3:9b:f8:a1:43:fc:dd:02:8f:df:
                    1d:86:cf:02:72:e7:13:7c:51:79:f2:66:07:38:04:
                    f5:be:17:3f:bd:e4:00:cf:b7:57:e3:ee:bd:d6:cc:
                    da:b1:2a:df:15:8d:a2:0c:ea:55:d0:2f:4a:80:4d:
                    bb:19:c4:ff:f1:24:08:bd:af:3d:83:10:3f:97:6a:
                    5e:e7:52:86:11:77:e6:c8:4d:61:6d:85:4d:8d:99:
                    da:bf:09:7c:4a:bd:12:ab:66:77:af:3b:8d:41:dc:
                    f5:e3:55:13:0f:bb:6b:25:32:8d:f9:f8:fc:62:be:
                    86:f8:41:97:2e:9d:e6:b9:e8:70:d5:70:a2:22:8b:
                    0b:74:38:6b:3a:2b:14:7a:65:5b:50:b8:bc:0d:8a:
                    5a:f6:7d:03:7a:db:74:3d:ab:33:97:b0:01:36:80:
                    24:ae:d0:b6:7d:73:e3:9b:4b:0b:b5:93:b8:f2:59:
                    08:c5:1e:45:94:2a:aa:78:85:a5:09:25:fe:09:cd:
                    88:78:d8:51:4d:be:95:a9:d9:79:74:82:07:91:2c:
                    8a:69:28:db:64:ee:d0:0e:be:d5:16:54:78:20:67:
                    7c:34:a1:8f:9e:b7:f6:f4:e9:b7:e2:81:5e:c4:76:
                    33:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:B1:E9:D9:0D:12:40:21:37:30:C6:01:01:0E:0C:38:C4:E0:3C:43
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ZbHp2Q0SQCE3MMYBAQ4MOMTgPEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:15::/48
                  2a0f:b241:123::/48

    Signature Algorithm: sha256WithRSAEncryption
         69:b9:80:fc:9a:a6:1f:7c:b4:c8:21:e5:9f:6a:5a:b9:94:36:
         48:0f:bd:bb:ea:6b:ac:46:4e:55:da:30:f7:2c:a6:20:75:f2:
         3e:c2:61:51:6f:93:ab:e6:d2:28:62:10:78:b2:39:24:37:f0:
         43:87:d2:f4:41:61:05:c3:3a:92:d5:9c:ab:c7:27:3a:c7:b2:
         f7:23:27:88:a9:40:2c:18:1a:cb:d7:02:e2:5a:2f:a6:55:08:
         d7:5b:c5:48:8d:39:1c:25:b4:f6:94:04:17:e9:06:74:4f:30:
         de:a9:d7:e0:0d:21:c2:3f:af:14:c8:1f:ba:9f:b6:3b:84:ee:
         b2:a0:b1:1a:70:0d:2f:19:e2:b4:62:e5:b3:d9:65:eb:0f:f0:
         30:9f:bd:1e:da:df:48:72:9f:e2:0f:74:0a:fc:23:88:9a:f8:
         fb:ea:39:ec:86:de:ff:35:62:38:84:b4:ef:46:5f:ee:2b:85:
         5c:2a:48:7c:df:b7:3c:54:f1:3f:04:e5:7b:91:7d:b1:b9:1b:
         fb:e3:30:30:e0:1e:7a:60:03:6a:18:3e:70:eb:3c:82:33:c7:
         3a:5b:39:2d:0f:b9:f9:f4:9e:3d:ba:45:dc:d6:02:bd:2d:fc:
         28:9e:96:90:19:a8:f7:06:26:cb:fa:fb:b9:2a:d5:70:10:79:
         46:31:68:20
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQoJXMhGS6Tf5MRlZjK478aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwMTAyMTc1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWIxZTlkOTBkMTI0MDIxMzczMGM2MDEwMTBlMGMzOGM0ZTAzYzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5opfri7E1bs2z6052/7EqeEKzOOb
+KFD/N0Cj98dhs8CcucTfFF58mYHOAT1vhc/veQAz7dX4+691szasSrfFY2iDOpV
0C9KgE27GcT/8SQIva89gxA/l2pe51KGEXfmyE1hbYVNjZnavwl8Sr0Sq2Z3rzuN
Qdz141UTD7trJTKN+fj8Yr6G+EGXLp3muehw1XCiIosLdDhrOisUemVbULi8DYpa
9n0Dett0Paszl7ABNoAkrtC2fXPjm0sLtZO48lkIxR5FlCqqeIWlCSX+Cc2IeNhR
Tb6Vqdl5dIIHkSyKaSjbZO7QDr7VFlR4IGd8NKGPnrf29Om34oFexHYzNQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGWx6dkNEkAhNzDGAQEODDjE4DxDMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvWmJIcDJRMFNRQ0UzTU1ZQkFRNE1PTVRnUEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+yQQAV
AwcAKg+yQQEjMA0GCSqGSIb3DQEBCwUAA4IBAQBpuYD8mqYffLTIIeWfalq5lDZI
D7276musRk5V2jD3LKYgdfI+wmFRb5Or5tIoYhB4sjkkN/BDh9L0QWEFwzqS1Zyr
xyc6x7L3IyeIqUAsGBrL1wLiWi+mVQjXW8VIjTkcJbT2lAQX6QZ0TzDeqdfgDSHC
P68UyB+6n7Y7hO6yoLEacA0vGeK0YuWz2WXrD/Awn70e2t9Icp/iD3QK/COImvj7
6jnsht7/NWI4hLTvRl/uK4VcKkh837c8VPE/BOV7kX2xuRv74zAw4B56YANqGD5w
6zyCM8c6WzktD7n59J49ukXc1gK9LfwonpaQGaj3BibL+vu5KtVwEHlGMWgg
-----END CERTIFICATE-----