Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/hFXW8ucpWcqqH0Sd0AO4hvg8IVU.roa
File:                     hFXW8ucpWcqqH0Sd0AO4hvg8IVU.roa (raw, json)
Hash identifier:          i14z51V9n3TPIm/3TKcml+RZ2zG0pZbS6QKZguK2/qo=
Subject key identifier:   84:55:D6:F2:E7:29:59:CA:AA:1F:44:9D:D0:03:B8:86:F8:3C:21:55
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F08352F7463A33460EE0849807393A
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/hFXW8ucpWcqqH0Sd0AO4hvg8IVU.roa
Signing time:             Wed 07 Feb 2024 05:00:39 +0000
ROA not before:           Wed 07 Feb 2024 05:00:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200454
IP address blocks:        2a0f:b241:10::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:83:52:f7:46:3a:33:46:0e:e0:84:98:07:39:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8455d6f2e72959caaa1f449dd003b886f83c2155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2d:cf:c2:c8:f1:e9:0e:fb:9a:83:3c:9e:65:
                    50:8e:5a:cd:25:f6:7d:60:2c:94:a6:51:dc:96:a6:
                    bc:14:94:e8:a9:d3:9b:3d:8e:74:52:87:74:84:80:
                    e5:55:f1:61:04:cb:e6:26:40:a1:ad:5a:89:cd:16:
                    7d:a6:ca:4c:24:0a:45:4a:5e:9e:4f:a1:f2:e4:3b:
                    7b:7a:8d:c4:82:94:ab:e5:17:1a:c2:e3:42:1a:47:
                    76:f1:1f:bc:a9:46:b6:ee:cb:df:7e:b8:15:7e:55:
                    14:c0:6a:1c:f1:4f:61:d1:43:00:14:4d:0d:29:07:
                    ce:d8:cd:50:2d:e0:62:1f:e6:63:07:3b:41:f3:b8:
                    47:26:33:0c:7e:79:df:c4:df:31:a5:78:db:68:de:
                    0b:88:98:2e:78:0d:7c:3f:0c:46:d9:d2:e5:68:a4:
                    cc:2d:69:56:0d:50:c8:74:95:86:2f:ba:2a:25:46:
                    8d:b8:9f:3f:93:0f:13:0a:38:60:af:58:f1:61:86:
                    ae:45:7a:2b:d7:ce:e0:fb:a7:8e:3e:c0:be:5d:ee:
                    1f:78:17:60:ff:b5:11:c8:c8:bf:41:bf:7d:e4:60:
                    0c:c9:c4:6e:91:b5:7f:de:75:60:01:20:31:96:4e:
                    ec:ce:75:66:cd:08:e6:40:0e:b0:bf:64:fc:bb:a8:
                    c6:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:55:D6:F2:E7:29:59:CA:AA:1F:44:9D:D0:03:B8:86:F8:3C:21:55
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/hFXW8ucpWcqqH0Sd0AO4hvg8IVU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:10::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:8a:e0:e8:72:ca:6a:b5:aa:86:22:9d:d8:5c:8d:a3:f6:71:
         5e:47:90:60:53:4a:4e:eb:aa:b7:76:29:72:73:f4:2c:53:15:
         ea:9e:40:67:73:06:ad:5f:06:2b:41:6d:bb:1b:0b:77:a8:fe:
         d0:01:8d:de:51:f2:38:22:4e:60:61:d6:1c:71:52:fe:17:74:
         31:e0:49:7a:02:0c:df:f0:e9:4a:3d:e7:80:fa:23:05:d7:b3:
         a5:a5:50:7d:19:48:e1:bb:ad:4f:5a:fd:16:44:29:e8:54:85:
         88:56:10:7b:a7:6b:53:ad:9b:95:a0:8b:3e:f1:f5:16:bc:99:
         b3:0d:20:83:e2:49:43:b0:54:95:8f:63:41:b5:b4:bd:1f:2a:
         81:ba:c5:5a:bf:db:38:9a:b8:7f:42:5c:d3:c9:ae:94:45:c5:
         c8:37:a8:f3:35:30:72:f0:96:ec:33:bb:ee:54:c8:21:72:cb:
         93:43:c3:21:91:40:10:bb:da:f7:af:61:74:71:f3:48:0b:31:
         39:68:0c:26:3b:8e:04:dc:ee:d0:44:97:33:c4:10:53:6b:f0:
         fa:6a:5a:13:95:65:d6:4e:fb:ff:60:29:02:ac:6b:91:f5:02:
         22:40:24:97:13:fa:56:ff:f8:8d:67:6d:06:55:68:ec:8a:e1:
         25:0c:09:b8
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8INS90Y6M0YO4ISYBzk6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDU1ZDZmMmU3Mjk1OWNhYWExZjQ0OWRkMDAzYjg4NmY4M2MyMTU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC3Pwsjx6Q77moM8nmVQjlrNJfZ9
YCyUplHclqa8FJToqdObPY50Uod0hIDlVfFhBMvmJkChrVqJzRZ9pspMJApFSl6e
T6Hy5Dt7eo3EgpSr5RcawuNCGkd28R+8qUa27svffrgVflUUwGoc8U9h0UMAFE0N
KQfO2M1QLeBiH+ZjBztB87hHJjMMfnnfxN8xpXjbaN4LiJgueA18PwxG2dLlaKTM
LWlWDVDIdJWGL7oqJUaNuJ8/kw8TCjhgr1jxYYauRXor187g+6eOPsC+Xe4feBdg
/7URyMi/Qb995GAMycRukbV/3nVgASAxlk7sznVmzQjmQA6wv2T8u6jGJwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFIRV1vLnKVnKqh9EndADuIb4PCFVMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvaEZYVzh1Y3BXY3FxSDBTZDBBTzRodmc4SVZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAQ
MA0GCSqGSIb3DQEBCwUAA4IBAQBmiuDocspqtaqGIp3YXI2j9nFeR5BgU0pO66q3
dilyc/QsUxXqnkBncwatXwYrQW27Gwt3qP7QAY3eUfI4Ik5gYdYccVL+F3Qx4El6
Agzf8OlKPeeA+iMF17OlpVB9GUjhu61PWv0WRCnoVIWIVhB7p2tTrZuVoIs+8fUW
vJmzDSCD4klDsFSVj2NBtbS9HyqBusVav9s4mrh/QlzTya6URcXIN6jzNTBy8Jbs
M7vuVMghcsuTQ8MhkUAQu9r3r2F0cfNICzE5aAwmO44E3O7QRJczxBBTa/D6aloT
lWXWTvv/YCkCrGuR9QIiQCSXE/pW//iNZ20GVWjsiuElDAm4
-----END CERTIFICATE-----