Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/pTFWP5ts7dNfHyhFc9nDm9T7Shk.roa
File:                     pTFWP5ts7dNfHyhFc9nDm9T7Shk.roa (raw, json)
Hash identifier:          KrXatMakUf7FEk5x5p0WIjNpbDIla1OfAVog24ZN1j0=
Subject key identifier:   A5:31:56:3F:9B:6C:ED:D3:5F:1F:28:45:73:D9:C3:9B:D4:FB:4A:19
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0194282575DBD2F15EA60BDD995E229EEF03
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/pTFWP5ts7dNfHyhFc9nDm9T7Shk.roa
Signing time:             Thu 02 Jan 2025 17:52:11 +0000
ROA not before:           Thu 02 Jan 2025 17:52:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210445
IP address blocks:        2a0f:b241:141::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:75:db:d2:f1:5e:a6:0b:dd:99:5e:22:9e:ef:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jan  2 17:52:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a531563f9b6cedd35f1f284573d9c39bd4fb4a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:aa:4e:2a:3b:c6:8e:25:99:45:da:49:b9:3d:
                    28:2b:4b:48:0a:5e:c8:b0:d1:30:98:83:6d:e8:fa:
                    66:28:73:70:d9:78:0a:12:04:d4:8d:f5:6c:28:2b:
                    f1:10:4e:cf:c1:e3:8c:2d:38:27:65:fe:df:6c:fe:
                    ef:f0:2b:21:b4:57:b7:02:43:25:e4:a7:ac:74:4c:
                    42:76:4d:5c:b8:05:d1:d1:38:8b:98:73:68:bd:b6:
                    a6:1b:de:f4:26:ee:ea:98:0d:ff:f9:5d:c8:d3:c0:
                    db:81:25:ad:11:9e:93:03:1a:ad:cd:3c:0b:ed:b1:
                    df:49:ea:79:48:47:2b:82:b1:8f:a7:ee:6c:4e:93:
                    46:b1:b4:c6:14:29:8a:31:b4:c1:60:71:0b:d9:ee:
                    52:ce:cf:9e:b0:a4:6b:d6:ff:cc:cc:cb:bf:21:fb:
                    d7:38:bf:3a:ad:5d:ee:45:4e:60:52:a9:f3:d0:d6:
                    dc:5e:55:b8:5e:89:88:12:e8:0e:97:b5:0f:33:17:
                    5f:3a:0e:80:e4:dc:f7:c9:56:56:10:ef:7e:9c:35:
                    0c:55:f8:98:ab:a1:86:07:5a:c6:50:2f:55:09:5f:
                    e5:00:8d:af:8b:06:6b:36:18:19:1b:41:7c:ea:7b:
                    0c:11:22:b2:a7:82:5c:6a:c0:f1:f4:6a:74:d1:15:
                    ea:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:31:56:3F:9B:6C:ED:D3:5F:1F:28:45:73:D9:C3:9B:D4:FB:4A:19
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/pTFWP5ts7dNfHyhFc9nDm9T7Shk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:141::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:80:5e:da:82:00:0f:cd:df:40:e7:46:1f:68:a9:b1:46:0e:
         dc:ad:3b:55:97:b4:23:3b:b5:1d:9f:c1:0f:b1:11:8b:79:da:
         ec:61:ad:b6:06:2a:39:64:c2:3c:13:f3:96:d0:54:2d:a8:92:
         fb:72:3a:3f:86:7d:0b:ed:02:58:42:f3:47:c7:09:f3:31:0c:
         29:e8:f3:bc:1a:37:6b:28:b1:b0:8a:8a:43:5c:a8:9f:be:4b:
         06:00:f5:bb:39:7c:3f:4d:fe:85:50:37:33:86:e4:d4:f7:c8:
         59:20:a0:4f:b2:5e:41:96:99:64:f8:d5:80:88:00:c6:38:67:
         1b:f8:ed:54:78:ab:30:bd:72:f3:f6:48:36:40:d9:0f:a4:b2:
         f3:81:a0:da:2d:90:12:d7:06:9d:5b:34:fb:2e:19:02:0e:11:
         36:ae:5b:7a:e1:66:a6:4b:77:2d:c4:1f:f4:26:e2:98:13:dc:
         66:3a:83:c1:9a:92:10:65:a7:d9:91:91:4a:f1:d4:04:95:dd:
         e7:31:b8:67:3d:88:00:d5:ed:57:f9:c4:ef:66:d0:c7:20:62:
         10:b0:82:12:60:e9:68:4d:ba:41:22:bb:be:42:81:da:c3:1c:
         c2:13:e0:ed:94:00:c8:35:55:46:2d:96:a7:b5:0f:1a:1a:48:
         62:29:dd:ee
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQoJXXb0vFepgvdmV4inu8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwMTAyMTc1MjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTMxNTYzZjliNmNlZGQzNWYxZjI4NDU3M2Q5YzM5YmQ0ZmI0YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwapOKjvGjiWZRdpJuT0oK0tICl7I
sNEwmINt6PpmKHNw2XgKEgTUjfVsKCvxEE7PweOMLTgnZf7fbP7v8CshtFe3AkMl
5KesdExCdk1cuAXR0TiLmHNovbamG970Ju7qmA3/+V3I08DbgSWtEZ6TAxqtzTwL
7bHfSep5SEcrgrGPp+5sTpNGsbTGFCmKMbTBYHEL2e5Szs+esKRr1v/MzMu/IfvX
OL86rV3uRU5gUqnz0NbcXlW4XomIEugOl7UPMxdfOg6A5Nz3yVZWEO9+nDUMVfiY
q6GGB1rGUC9VCV/lAI2viwZrNhgZG0F86nsMESKyp4JcasDx9Gp00RXqLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFKUxVj+bbO3TXx8oRXPZw5vU+0oZMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvcFRGV1A1dHM3ZE5mSHloRmM5bkRtOVQ3U2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQFB
MA0GCSqGSIb3DQEBCwUAA4IBAQBDgF7aggAPzd9A50YfaKmxRg7crTtVl7QjO7Ud
n8EPsRGLedrsYa22Bio5ZMI8E/OW0FQtqJL7cjo/hn0L7QJYQvNHxwnzMQwp6PO8
GjdrKLGwiopDXKifvksGAPW7OXw/Tf6FUDczhuTU98hZIKBPsl5Blplk+NWAiADG
OGcb+O1UeKswvXLz9kg2QNkPpLLzgaDaLZAS1wadWzT7LhkCDhE2rlt64WamS3ct
xB/0JuKYE9xmOoPBmpIQZafZkZFK8dQEld3nMbhnPYgA1e1X+cTvZtDHIGIQsIIS
YOloTbpBIru+QoHawxzCE+DtlADINVVGLZantQ8aGkhiKd3u
-----END CERTIFICATE-----