Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/mXI73v44nFPTfiknp49ki8ttAPk.roa
File:                     mXI73v44nFPTfiknp49ki8ttAPk.roa (raw, json)
Hash identifier:          ZmXiEfA96qYtsD10ZDLxVrNKIg+HHbXGUECKw9J2VGY=
Subject key identifier:   99:72:3B:DE:FE:38:9C:53:D3:7E:29:27:A7:8F:64:8B:CB:6D:00:F9
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018D81F0A263B5488A7C6C8AC5A82CC1C1A9
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/mXI73v44nFPTfiknp49ki8ttAPk.roa
Signing time:             Wed 07 Feb 2024 05:00:47 +0000
ROA not before:           Wed 07 Feb 2024 05:00:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210445
IP address blocks:        2a0f:b241:141::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:81:f0:a2:63:b5:48:8a:7c:6c:8a:c5:a8:2c:c1:c1:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb  7 05:00:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=99723bdefe389c53d37e2927a78f648bcb6d00f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:2b:12:4c:1c:4e:5e:85:1d:13:a1:f4:f4:20:
                    76:ef:22:94:de:22:2b:c7:19:94:ae:f0:12:99:18:
                    e1:6b:30:10:d5:0a:32:0c:11:4e:51:c2:9a:b0:a3:
                    f1:c4:34:db:e3:7f:76:7a:e2:c5:59:8e:1a:a9:7e:
                    45:02:de:31:04:79:81:79:b8:bf:32:7e:55:7c:a7:
                    2a:56:96:d0:c6:22:d3:96:19:45:91:9d:dc:6b:a5:
                    23:82:97:df:be:39:d3:f4:40:ef:5a:08:67:cf:9d:
                    ce:0e:28:78:0d:b7:2b:72:49:61:ca:e7:e9:9b:d8:
                    e3:3d:60:60:16:46:dd:68:0c:b8:00:37:9e:46:20:
                    c5:0a:75:93:32:fe:79:8c:d8:9b:98:46:c5:cd:06:
                    99:3a:37:d4:de:45:d0:0a:f5:89:86:de:d4:b7:bd:
                    0c:d3:b2:b9:4a:7e:8c:02:b6:c7:96:7e:be:48:9e:
                    49:2b:ea:ed:01:4f:1d:95:af:40:82:bf:c4:35:32:
                    7a:a3:17:1b:89:af:d3:a9:53:d1:4d:24:41:f6:9c:
                    f6:89:ad:a4:cc:dc:ab:4a:56:9f:d7:3c:37:0c:47:
                    1e:bc:3d:92:23:37:6c:b6:ac:8f:f0:09:ce:f8:d7:
                    47:e1:40:60:0b:62:ea:4a:f1:5d:0e:a2:1a:f4:0c:
                    d5:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:72:3B:DE:FE:38:9C:53:D3:7E:29:27:A7:8F:64:8B:CB:6D:00:F9
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/mXI73v44nFPTfiknp49ki8ttAPk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:141::/48

    Signature Algorithm: sha256WithRSAEncryption
         08:02:6d:aa:14:67:01:aa:39:25:7e:c9:0f:3d:3a:e4:1f:a3:
         82:cf:71:55:69:b0:aa:a6:23:01:1f:fa:db:39:98:d3:3b:fc:
         5a:0c:57:55:fb:5f:77:f3:12:b1:e4:89:82:59:c4:0b:eb:2a:
         94:3c:e0:fa:c0:4d:cc:64:9c:59:c3:ad:3a:95:ef:e6:78:da:
         1c:ee:5d:ee:90:df:26:86:26:8f:1d:bf:3f:0c:3c:3a:69:37:
         68:4e:d7:aa:b8:2e:60:33:28:84:e8:51:32:ea:36:e5:1a:29:
         4c:d0:ed:5b:f0:74:c0:73:4f:5a:b7:eb:b0:67:35:15:79:55:
         bf:8d:5c:b5:17:e6:10:f5:6e:c1:74:82:63:61:90:7f:dc:8b:
         9f:33:cb:73:8c:f7:6b:5c:5f:20:7b:90:9f:d2:b8:3a:69:f2:
         fa:f4:77:8a:d1:a9:2b:5a:9e:93:76:1f:04:8a:ce:d9:35:02:
         ee:7b:22:aa:1b:1d:90:fd:de:5d:71:f6:6e:70:84:60:41:76:
         df:12:6b:85:91:f1:f3:d7:cd:c0:e9:df:6e:0e:8a:fb:2b:2a:
         cd:67:73:9f:0d:0d:59:28:20:9c:e6:29:d3:3a:57:82:83:c2:
         2a:80:a2:69:d2:88:7c:5c:9c:0f:63:6d:72:3f:40:be:2f:9d:
         64:65:8e:55
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2B8KJjtUiKfGyKxagswcGpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjA3MDUwMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTcyM2JkZWZlMzg5YzUzZDM3ZTI5MjdhNzhmNjQ4YmNiNmQwMGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjysSTBxOXoUdE6H09CB27yKU3iIr
xxmUrvASmRjhazAQ1QoyDBFOUcKasKPxxDTb4392euLFWY4aqX5FAt4xBHmBebi/
Mn5VfKcqVpbQxiLTlhlFkZ3ca6UjgpffvjnT9EDvWghnz53ODih4Dbcrcklhyufp
m9jjPWBgFkbdaAy4ADeeRiDFCnWTMv55jNibmEbFzQaZOjfU3kXQCvWJht7Ut70M
07K5Sn6MArbHln6+SJ5JK+rtAU8dla9Agr/ENTJ6oxcbia/TqVPRTSRB9pz2ia2k
zNyrSlaf1zw3DEcevD2SIzdstqyP8AnO+NdH4UBgC2LqSvFdDqIa9AzVZQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJlyO97+OJxT034pJ6ePZIvLbQD5MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvbVhJNzN2NDRuRlBUZmlrbnA0OWtpOHR0QVBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQFB
MA0GCSqGSIb3DQEBCwUAA4IBAQAIAm2qFGcBqjklfskPPTrkH6OCz3FVabCqpiMB
H/rbOZjTO/xaDFdV+1938xKx5ImCWcQL6yqUPOD6wE3MZJxZw606le/meNoc7l3u
kN8mhiaPHb8/DDw6aTdoTtequC5gMyiE6FEy6jblGilM0O1b8HTAc09at+uwZzUV
eVW/jVy1F+YQ9W7BdIJjYZB/3IufM8tzjPdrXF8ge5Cf0rg6afL69HeK0akrWp6T
dh8Eis7ZNQLueyKqGx2Q/d5dcfZucIRgQXbfEmuFkfHz183A6d9uDor7KyrNZ3Of
DQ1ZKCCc5inTOleCg8IqgKJp0oh8XJwPY21yP0C+L51kZY5V
-----END CERTIFICATE-----