Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/lJAS6-eOP2BnAmOzhg1SL6DxUc8.roa
File:                     lJAS6-eOP2BnAmOzhg1SL6DxUc8.roa (raw, json)
Hash identifier:          l/voa6MDRIlBSmuaL1ka5Cuu1YrbnI8ntHxWRqNfJfk=
Subject key identifier:   94:90:12:EB:E7:8E:3F:60:67:02:63:B3:86:0D:52:2F:A0:F1:51:CF
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F0B524F7310D39AA23BAA2B629486E
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/lJAS6-eOP2BnAmOzhg1SL6DxUc8.roa
Signing time:             Wed 07 Feb 2024 05:00:52 +0000
ROA not before:           Wed 07 Feb 2024 05:00:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215743
IP address blocks:        2a0f:b241:53::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:b5:24:f7:31:0d:39:aa:23:ba:a2:b6:29:48:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=949012ebe78e3f60670263b3860d522fa0f151cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1b:06:2f:0e:70:ff:32:09:51:fb:b4:ce:c7:
                    be:a0:a8:50:8b:24:06:2e:28:ce:83:09:50:0a:b9:
                    52:d3:c8:07:f9:48:b5:4c:5e:ee:1d:26:a6:88:6e:
                    65:b8:f0:8a:16:34:ec:01:42:72:39:74:c4:8d:c3:
                    87:4b:d4:87:69:1e:01:46:df:00:05:74:22:b3:e7:
                    e3:64:9d:03:3e:f2:9a:94:1d:1c:1c:03:c7:89:c7:
                    06:dc:e9:d1:f4:6b:95:b5:a1:89:73:51:6a:08:78:
                    17:cf:42:fb:2a:23:e7:2d:e3:ac:f2:21:6f:eb:9c:
                    b3:0f:95:e8:b3:2a:0b:00:e7:44:67:67:1f:23:0d:
                    44:93:3a:b4:21:cd:86:2c:4e:4d:ed:73:e1:01:ea:
                    e9:4b:d7:dd:ab:d9:03:04:25:a4:db:e9:b4:06:7a:
                    f8:31:c0:bf:7e:aa:cf:38:08:a1:16:c8:c3:4c:b7:
                    42:89:84:f5:c9:5f:39:52:8e:75:ce:ed:ad:4f:fb:
                    a2:e5:9e:8e:fb:93:83:9a:05:12:a8:5f:25:b9:d7:
                    f0:fa:e1:8c:9a:ce:9f:bf:46:42:a1:90:9a:dd:c5:
                    81:cf:ba:f6:7a:7b:9d:93:c0:60:79:5e:2c:a7:55:
                    72:97:cc:96:96:ad:3c:88:0e:67:f3:78:96:30:c5:
                    67:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:90:12:EB:E7:8E:3F:60:67:02:63:B3:86:0D:52:2F:A0:F1:51:CF
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/lJAS6-eOP2BnAmOzhg1SL6DxUc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:53::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:0c:7d:d7:ee:4a:ad:3e:56:79:04:1d:6c:c4:34:99:d5:d1:
         2b:fb:18:07:82:1d:d8:0e:6a:72:6f:5c:e3:ee:bd:86:92:cb:
         23:a7:c1:75:3b:f1:f3:8b:a1:62:3a:02:81:bf:e2:a7:44:17:
         d7:17:e9:d7:d5:54:21:02:55:80:1a:6d:25:b3:05:96:31:af:
         48:5a:4f:f2:29:51:f7:10:6c:86:39:26:6e:aa:a3:0e:61:62:
         60:e1:25:53:0b:ce:eb:84:1a:6f:ba:1a:5c:4d:a6:3d:fe:fd:
         bf:51:36:85:55:3f:18:0d:59:81:fa:09:fd:35:a4:d2:33:2b:
         aa:38:65:a9:b4:3d:f6:50:75:8d:54:2b:dd:da:0f:95:1b:4d:
         9e:1e:c3:76:f7:e0:d1:ec:84:c1:ac:32:19:37:1e:08:7f:1e:
         1a:3a:58:c2:3b:1a:23:79:be:b6:4f:7d:e8:e5:24:6a:9e:96:
         cc:f2:de:95:bd:dc:53:b6:b3:65:24:af:4e:30:17:aa:de:dc:
         f5:89:86:97:90:31:6d:93:69:75:16:43:49:7d:45:7c:8e:67:
         d7:3b:a3:b7:5c:2b:b2:83:fe:ac:f1:7a:12:cd:4e:34:98:26:
         07:1f:48:ce:6b:1f:4a:11:35:5f:52:d6:b1:59:b6:ca:a9:8d:
         89:ba:6a:e0
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8LUk9zENOaojuqK2KUhuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDkwMTJlYmU3OGUzZjYwNjcwMjYzYjM4NjBkNTIyZmEwZjE1MWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhsGLw5w/zIJUfu0zse+oKhQiyQG
LijOgwlQCrlS08gH+Ui1TF7uHSamiG5luPCKFjTsAUJyOXTEjcOHS9SHaR4BRt8A
BXQis+fjZJ0DPvKalB0cHAPHiccG3OnR9GuVtaGJc1FqCHgXz0L7KiPnLeOs8iFv
65yzD5XosyoLAOdEZ2cfIw1Ekzq0Ic2GLE5N7XPhAerpS9fdq9kDBCWk2+m0Bnr4
McC/fqrPOAihFsjDTLdCiYT1yV85Uo51zu2tT/ui5Z6O+5ODmgUSqF8ludfw+uGM
ms6fv0ZCoZCa3cWBz7r2enudk8BgeV4sp1Vyl8yWlq08iA5n83iWMMVnGQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJSQEuvnjj9gZwJjs4YNUi+g8VHPMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvbEpBUzYtZU9QMkJuQW1PemhnMVNMNkR4VWM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQBT
MA0GCSqGSIb3DQEBCwUAA4IBAQBiDH3X7kqtPlZ5BB1sxDSZ1dEr+xgHgh3YDmpy
b1zj7r2Gkssjp8F1O/Hzi6FiOgKBv+KnRBfXF+nX1VQhAlWAGm0lswWWMa9IWk/y
KVH3EGyGOSZuqqMOYWJg4SVTC87rhBpvuhpcTaY9/v2/UTaFVT8YDVmB+gn9NaTS
MyuqOGWptD32UHWNVCvd2g+VG02eHsN29+DR7ITBrDIZNx4Ifx4aOljCOxojeb62
T33o5SRqnpbM8t6VvdxTtrNlJK9OMBeq3tz1iYaXkDFtk2l1FkNJfUV8jmfXO6O3
XCuyg/6s8XoSzU40mCYHH0jOax9KETVfUtaxWbbKqY2Jumrg
-----END CERTIFICATE-----