Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/qEE8SDYU5JIB-O7Trc1We8cjPEs.roa
File:                     qEE8SDYU5JIB-O7Trc1We8cjPEs.roa (raw, json)
Hash identifier:          XHzHtADLaVp1ioqOh7kQak2u8fbeDr9tEqrlOIWlYXY=
Subject key identifier:   A8:41:3C:48:36:14:E4:92:01:F8:EE:D3:AD:CD:56:7B:C7:23:3C:4B
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       01944896554AE7064CFA8A39FB4195225149
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/qEE8SDYU5JIB-O7Trc1We8cjPEs.roa
Signing time:             Thu 09 Jan 2025 01:03:19 +0000
ROA not before:           Thu 09 Jan 2025 01:03:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     922
IP address blocks:        2a0f:b241::/48 maxlen: 48
                          2a0f:b244:100::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:48:96:55:4a:e7:06:4c:fa:8a:39:fb:41:95:22:51:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jan  9 01:03:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8413c483614e49201f8eed3adcd567bc7233c4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e3:16:61:71:75:82:8d:bd:58:92:35:2d:a0:
                    52:37:46:4a:ad:eb:f8:c1:2a:d9:c2:af:02:09:4a:
                    18:91:8b:3f:b5:ed:97:61:e9:a7:aa:53:08:b1:34:
                    ff:05:ee:54:6d:72:2b:a2:d8:e5:21:a6:18:8d:93:
                    b3:ef:89:b0:95:e9:30:e5:ac:b6:d8:89:f5:a6:8d:
                    08:6f:a4:03:7b:55:91:2b:df:50:1f:2c:b6:41:e7:
                    ab:c0:80:87:9e:4c:a1:59:b4:9a:ba:a4:48:a9:4a:
                    ff:3e:90:64:46:1d:d9:ce:a8:35:d7:34:57:e1:34:
                    63:74:2f:35:bd:54:96:e9:0e:08:c1:20:97:a9:ae:
                    f7:86:c1:8c:cf:b2:b0:e1:c5:b3:70:39:df:b2:b2:
                    9f:be:c9:13:27:27:40:f7:44:27:8c:5e:b6:46:9a:
                    8a:7a:3e:fa:84:00:54:cd:34:b1:78:e9:9a:6d:83:
                    3a:38:73:ca:58:0e:85:3f:79:c8:a1:92:fc:c0:51:
                    97:f6:c9:7e:a4:97:a8:68:5e:b5:c1:e5:cd:ee:e7:
                    77:51:93:a4:44:a6:76:e2:2f:55:9e:dd:02:90:13:
                    a4:72:6a:5e:b7:02:ab:50:cb:64:57:8a:e8:5d:a1:
                    7f:ae:5c:a5:1b:17:b2:d7:ce:6e:83:51:b2:d6:40:
                    a6:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:41:3C:48:36:14:E4:92:01:F8:EE:D3:AD:CD:56:7B:C7:23:3C:4B
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/qEE8SDYU5JIB-O7Trc1We8cjPEs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241::/48
                  2a0f:b244:100::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:de:6e:7e:78:90:33:4f:03:61:69:76:7c:6c:ac:06:54:b1:
         72:de:f0:91:2a:50:88:ab:71:b9:3a:ee:42:b7:66:cc:4b:1e:
         e6:6f:80:ae:6b:d4:6d:e8:e4:e6:5a:9d:88:1b:77:00:83:9a:
         5d:82:ff:6e:cd:15:4f:83:57:8c:79:55:33:20:85:31:f5:7d:
         ee:21:70:42:d6:df:d2:e4:0a:89:30:bb:62:ac:ad:f8:96:56:
         67:24:c6:c8:44:82:58:f8:0d:1d:b7:97:c9:1a:04:e3:cb:5f:
         d8:1f:03:76:e2:df:b7:70:04:4b:2d:e4:c0:39:d6:cc:0d:2b:
         31:9f:ee:8d:49:fc:ae:d0:0e:8f:6e:92:f1:b8:bd:0b:0d:69:
         cb:77:d1:2a:9b:6e:04:89:4a:dc:a5:c2:be:3f:81:d9:c0:3a:
         6e:35:e3:ab:fc:01:11:e3:55:05:43:fb:94:4e:b1:11:39:bc:
         e0:51:d7:73:6d:c1:df:ab:d9:71:3e:3e:19:3f:4b:79:3b:52:
         e7:0a:97:74:e5:70:6f:75:f3:d4:8f:fa:79:9c:4c:ab:4d:fa:
         c4:7d:05:2a:e3:6d:77:ce:bc:1a:7f:b6:4f:bf:c1:8c:3e:8d:
         f8:48:50:38:9b:b2:aa:75:8a:f3:54:77:59:d7:5f:c9:2f:8d:
         95:71:7a:fa
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZRIllVK5wZM+oo5+0GVIlFJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwMTA5MDEwMzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQxM2M0ODM2MTRlNDkyMDFmOGVlZDNhZGNkNTY3YmM3MjMzYzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+MWYXF1go29WJI1LaBSN0ZKrev4
wSrZwq8CCUoYkYs/te2XYemnqlMIsTT/Be5UbXIrotjlIaYYjZOz74mwlekw5ay2
2In1po0Ib6QDe1WRK99QHyy2QeerwICHnkyhWbSauqRIqUr/PpBkRh3Zzqg11zRX
4TRjdC81vVSW6Q4IwSCXqa73hsGMz7Kw4cWzcDnfsrKfvskTJydA90QnjF62RpqK
ej76hABUzTSxeOmabYM6OHPKWA6FP3nIoZL8wFGX9sl+pJeoaF61weXN7ud3UZOk
RKZ24i9Vnt0CkBOkcmpetwKrUMtkV4roXaF/rlylGxey185ug1Gy1kCm9wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKhBPEg2FOSSAfju063NVnvHIzxLMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvcUVFOFNEWVU1SklCLU83VHJjMVdlOGNqUEVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+yQQAA
AwcAKg+yRAEAMA0GCSqGSIb3DQEBCwUAA4IBAQBM3m5+eJAzTwNhaXZ8bKwGVLFy
3vCRKlCIq3G5Ou5Ct2bMSx7mb4Cua9Rt6OTmWp2IG3cAg5pdgv9uzRVPg1eMeVUz
IIUx9X3uIXBC1t/S5AqJMLtirK34llZnJMbIRIJY+A0dt5fJGgTjy1/YHwN24t+3
cARLLeTAOdbMDSsxn+6NSfyu0A6PbpLxuL0LDWnLd9Eqm24EiUrcpcK+P4HZwDpu
NeOr/AER41UFQ/uUTrERObzgUddzbcHfq9lxPj4ZP0t5O1LnCpd05XBvdfPUj/p5
nEyrTfrEfQUq4213zrwaf7ZPv8GMPo34SFA4m7KqdYrzVHdZ11/JL42VcXr6
-----END CERTIFICATE-----