Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/rGOYtq_Thi1bHxPEPh_-1162hwE.roa
File:                     rGOYtq_Thi1bHxPEPh_-1162hwE.roa (raw, json)
Hash identifier:          sMSgNyPNu+dXEEK26rDJLJvw6klu2nxdHF72XJN9xsY=
Subject key identifier:   AC:63:98:B6:AF:D3:86:2D:5B:1F:13:C4:3E:1F:FE:D7:5E:B6:87:01
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       01954F5AB632E96DA86E54C07D892B9E6EA7
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/rGOYtq_Thi1bHxPEPh_-1162hwE.roa
Signing time:             Sat 01 Mar 2025 01:38:19 +0000
ROA not before:           Sat 01 Mar 2025 01:38:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214016
IP address blocks:        2a0f:b244:1000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4f:5a:b6:32:e9:6d:a8:6e:54:c0:7d:89:2b:9e:6e:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Mar  1 01:38:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac6398b6afd3862d5b1f13c43e1ffed75eb68701
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:31:03:0b:9a:f0:87:6e:34:89:be:73:49:22:
                    0f:93:9d:29:08:bf:47:3d:0a:fe:c9:3d:50:c7:3a:
                    99:16:c5:cc:a9:5e:24:db:aa:a3:00:5d:21:16:f2:
                    19:34:a6:dd:3e:4d:f6:76:df:da:3b:26:69:ce:98:
                    a7:b6:e6:ad:16:a9:5b:2f:91:77:ab:87:ea:ee:bc:
                    ca:c3:15:4d:37:a1:af:78:80:ce:2d:ab:ce:db:82:
                    4b:aa:cb:18:de:25:d2:5f:05:ee:53:8e:15:06:03:
                    89:07:e8:55:91:5b:01:5d:95:6c:2f:bf:2c:d1:8a:
                    4a:94:e9:c6:3a:8d:e1:fa:03:e0:2d:72:75:c6:a5:
                    78:10:16:1a:2d:27:cf:e8:4e:e3:a5:71:ca:ec:b6:
                    b9:2b:f6:bd:7c:6c:55:33:eb:6d:90:7c:66:7f:c1:
                    3d:32:ca:24:dc:2c:c8:40:2f:8d:ae:b4:4c:ab:4e:
                    a0:b4:33:39:be:d2:0a:5c:0d:51:79:de:69:fd:24:
                    a7:a9:03:2e:d7:ec:b7:95:a3:6f:11:63:e4:3f:66:
                    78:e2:fa:0c:27:c6:17:a4:e8:38:ce:f9:ec:0c:c0:
                    79:1d:a3:c2:95:40:9e:01:44:b7:59:64:ff:82:15:
                    48:31:43:b2:32:0d:45:68:66:4c:63:bc:89:79:5e:
                    7c:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:63:98:B6:AF:D3:86:2D:5B:1F:13:C4:3E:1F:FE:D7:5E:B6:87:01
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/rGOYtq_Thi1bHxPEPh_-1162hwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b244:1000::/36

    Signature Algorithm: sha256WithRSAEncryption
         09:6f:7e:e5:13:99:a4:41:3d:b7:e7:33:56:af:d2:41:d9:4b:
         54:6d:21:d2:78:bd:23:4f:ac:ce:f2:02:f1:e1:14:90:2d:f4:
         91:cd:b8:4b:9a:0d:bb:14:9b:6a:b3:58:7c:b7:dd:89:c9:8e:
         76:42:85:8a:b6:dc:d0:aa:cb:d6:0c:a8:51:5d:26:c2:0c:a7:
         6b:3a:26:44:04:2c:04:1d:60:a2:22:77:9b:f5:03:91:6b:fb:
         5b:05:59:0f:b0:1e:4e:29:44:68:c7:84:1e:9f:92:6f:a8:c2:
         8b:fd:1c:e8:63:26:a1:1c:2b:16:0a:eb:ce:6f:4a:75:f6:d5:
         4f:44:c1:2c:85:3a:31:b0:d9:60:b8:c3:0b:95:a6:e3:64:c0:
         71:c9:dc:ae:35:40:14:ee:77:48:3a:47:19:bd:bf:67:c2:13:
         9f:05:f8:90:8f:f3:41:57:7c:75:84:7e:9c:bf:f1:9b:1b:e0:
         fd:a6:28:90:ba:c0:32:9f:b1:90:ff:28:fa:a2:58:61:b7:37:
         ef:b1:80:df:cc:d2:fb:c8:46:a2:81:39:61:72:fc:50:ce:80:
         6b:bb:57:d4:79:a0:4b:2e:c9:0a:99:b1:78:01:cb:42:22:f6:
         3f:10:27:b0:2a:02:22:bf:9a:b5:87:96:12:ab:90:4f:69:03:
         5c:66:1f:ce
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZVPWrYy6W2oblTAfYkrnm6nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwMzAxMDEzODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzYzOThiNmFmZDM4NjJkNWIxZjEzYzQzZTFmZmVkNzVlYjY4NzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvjEDC5rwh240ib5zSSIPk50pCL9H
PQr+yT1QxzqZFsXMqV4k26qjAF0hFvIZNKbdPk32dt/aOyZpzpintuatFqlbL5F3
q4fq7rzKwxVNN6GveIDOLavO24JLqssY3iXSXwXuU44VBgOJB+hVkVsBXZVsL78s
0YpKlOnGOo3h+gPgLXJ1xqV4EBYaLSfP6E7jpXHK7La5K/a9fGxVM+ttkHxmf8E9
Msok3CzIQC+NrrRMq06gtDM5vtIKXA1Red5p/SSnqQMu1+y3laNvEWPkP2Z44voM
J8YXpOg4zvnsDMB5HaPClUCeAUS3WWT/ghVIMUOyMg1FaGZMY7yJeV58VwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKxjmLav04YtWx8TxD4f/tdetocBMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvckdPWXRxX1RoaTFiSHhQRVBoXy0xMTYyaHdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYEKg+yRBAw
DQYJKoZIhvcNAQELBQADggEBAAlvfuUTmaRBPbfnM1av0kHZS1RtIdJ4vSNPrM7y
AvHhFJAt9JHNuEuaDbsUm2qzWHy33YnJjnZChYq23NCqy9YMqFFdJsIMp2s6JkQE
LAQdYKIid5v1A5Fr+1sFWQ+wHk4pRGjHhB6fkm+owov9HOhjJqEcKxYK685vSnX2
1U9EwSyFOjGw2WC4wwuVpuNkwHHJ3K41QBTud0g6Rxm9v2fCE58F+JCP80FXfHWE
fpy/8Zsb4P2mKJC6wDKfsZD/KPqiWGG3N++xgN/M0vvIRqKBOWFy/FDOgGu7V9R5
oEsuyQqZsXgBy0Ii9j8QJ7AqAiK/mrWHlhKrkE9pA1xmH84=
-----END CERTIFICATE-----