Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sBsS28tJy9Sqsfc5WcAZo8J-YP0.roa
File:                     sBsS28tJy9Sqsfc5WcAZo8J-YP0.roa (raw, json)
Hash identifier:          JSoKf8HfVEMVYyu1HGyhp+rG1JDqq62FPV7i2Ig9wO4=
Subject key identifier:   B0:1B:12:DB:CB:49:CB:D4:AA:B1:F7:39:59:C0:19:A3:C2:7E:60:FD
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018ECA6A4947EC7764B8E0D3C450390D64C6
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sBsS28tJy9Sqsfc5WcAZo8J-YP0.roa
Signing time:             Wed 10 Apr 2024 23:49:06 +0000
ROA not before:           Wed 10 Apr 2024 23:49:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215122
IP address blocks:        2a0f:b241:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ca:6a:49:47:ec:77:64:b8:e0:d3:c4:50:39:0d:64:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Apr 10 23:49:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b01b12dbcb49cbd4aab1f73959c019a3c27e60fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:1f:a3:2f:d6:32:ae:a5:14:64:e0:53:ac:58:
                    1a:b1:3b:1d:7b:b4:0c:5b:37:5f:d2:c2:cb:08:c5:
                    08:45:2b:0c:38:1e:df:3d:f9:cd:ff:7c:70:d6:06:
                    12:66:eb:19:12:54:65:e8:72:f3:a4:81:27:da:54:
                    c7:f7:55:d8:8b:bc:1b:8b:79:62:1d:2f:fa:a3:6a:
                    17:00:63:5a:b1:af:78:27:ab:8c:32:96:ab:53:79:
                    f2:fc:0f:00:78:e4:26:64:7d:d9:e6:ca:85:d7:5c:
                    c0:8d:cc:89:2f:24:92:d6:f0:c6:ef:84:27:e2:7f:
                    73:e6:0c:ca:62:06:00:20:96:79:2a:75:4a:32:f4:
                    b9:71:f7:1c:b7:a8:36:77:ff:d7:88:2d:13:e7:3f:
                    a3:9f:f5:7f:a1:7b:e3:7a:c9:22:f1:c2:8a:a3:4d:
                    c9:1b:df:e9:e3:df:ed:ca:45:86:ce:72:99:33:66:
                    1e:1e:85:6a:c9:37:f3:1a:95:76:5d:a3:88:75:4f:
                    54:1a:4c:6e:f5:ad:3a:01:e3:56:6e:22:db:0e:fe:
                    95:14:ea:2b:f1:a8:06:5e:18:81:88:9e:1d:61:3b:
                    d1:8c:d0:49:22:6b:df:d3:31:93:4b:ca:db:17:23:
                    09:44:fb:9d:cd:0a:07:57:e1:25:ff:ef:8d:06:d3:
                    c1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:1B:12:DB:CB:49:CB:D4:AA:B1:F7:39:59:C0:19:A3:C2:7E:60:FD
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sBsS28tJy9Sqsfc5WcAZo8J-YP0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         0f:2d:3b:78:81:c6:d5:41:eb:b8:93:37:ed:e0:fe:92:f2:0b:
         cf:ca:33:03:23:9d:5a:a4:5d:2a:72:18:ad:1c:c3:09:7a:99:
         bc:d1:5a:e4:c3:46:9c:67:64:21:a8:6f:d3:88:b2:78:fd:e9:
         72:c1:3a:ac:31:39:75:94:b5:1d:1b:30:9e:e5:95:72:19:d9:
         a0:16:41:66:93:63:01:f6:0c:b1:9c:6f:3e:3d:44:74:96:8b:
         7f:62:d7:78:cf:fd:87:02:3c:47:dd:cb:22:c6:93:6f:7e:c4:
         cb:7d:40:38:f3:4e:db:52:86:64:26:07:02:3f:bd:b6:8a:3e:
         97:d2:bb:4f:b2:fa:39:e3:12:c4:0d:7c:41:5f:34:80:aa:25:
         3a:8d:e7:f8:42:69:55:ca:e8:cb:5e:5c:56:30:a8:8d:86:ef:
         73:ac:b3:59:a5:30:76:0d:ed:f9:17:c8:01:3f:ee:da:95:d4:
         b0:17:88:75:77:c4:fa:44:49:66:d9:91:94:82:3d:57:05:f2:
         4f:57:d3:2e:1b:5e:5b:77:ad:51:a2:82:20:c9:a9:46:5d:06:
         f4:e6:60:aa:91:83:c5:74:31:63:9c:ea:d4:33:75:8e:ee:5f:
         a1:c9:7a:83:c6:2f:44:fb:dd:89:7f:87:26:af:ec:04:7e:54:
         b8:52:a0:b3
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY7KaklH7HdkuODTxFA5DWTGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwNDEwMjM0OTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDFiMTJkYmNiNDljYmQ0YWFiMWY3Mzk1OWMwMTlhM2MyN2U2MGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhx+jL9YyrqUUZOBTrFgasTsde7QM
Wzdf0sLLCMUIRSsMOB7fPfnN/3xw1gYSZusZElRl6HLzpIEn2lTH91XYi7wbi3li
HS/6o2oXAGNasa94J6uMMparU3ny/A8AeOQmZH3Z5sqF11zAjcyJLySS1vDG74Qn
4n9z5gzKYgYAIJZ5KnVKMvS5cfcct6g2d//XiC0T5z+jn/V/oXvjeski8cKKo03J
G9/p49/tykWGznKZM2YeHoVqyTfzGpV2XaOIdU9UGkxu9a06AeNWbiLbDv6VFOor
8agGXhiBiJ4dYTvRjNBJImvf0zGTS8rbFyMJRPudzQoHV+El/++NBtPBAQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLAbEtvLScvUqrH3OVnAGaPCfmD9MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvc0JzUzI4dEp5OVNxc2ZjNVdjQVpvOEotWVAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAB
MA0GCSqGSIb3DQEBCwUAA4IBAQAPLTt4gcbVQeu4kzft4P6S8gvPyjMDI51apF0q
chitHMMJepm80Vrkw0acZ2QhqG/TiLJ4/elywTqsMTl1lLUdGzCe5ZVyGdmgFkFm
k2MB9gyxnG8+PUR0lot/Ytd4z/2HAjxH3csixpNvfsTLfUA4807bUoZkJgcCP722
ij6X0rtPsvo54xLEDXxBXzSAqiU6jef4QmlVyujLXlxWMKiNhu9zrLNZpTB2De35
F8gBP+7aldSwF4h1d8T6RElm2ZGUgj1XBfJPV9MuG15bd61RooIgyalGXQb05mCq
kYPFdDFjnOrUM3WO7l+hyXqDxi9E+92Jf4cmr+wEflS4UqCz
-----END CERTIFICATE-----