Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sssWP3djtd6l0GWL_I-wmGeoSjI.roa
File:                     sssWP3djtd6l0GWL_I-wmGeoSjI.roa (raw, json)
Hash identifier:          6zyugApApVeFvdjdkS2bSXr4jHljDOC0iTp4kTrBxZ0=
Subject key identifier:   B2:CB:16:3F:77:63:B5:DE:A5:D0:65:8B:FC:8F:B0:98:67:A8:4A:32
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0194B93C558040C4D0235157FAFB51A91A9F
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sssWP3djtd6l0GWL_I-wmGeoSjI.roa
Signing time:             Thu 30 Jan 2025 22:02:06 +0000
ROA not before:           Thu 30 Jan 2025 22:02:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213707
IP address blocks:        2a0f:b244:400::/40 maxlen: 48
                          2a0f:b244:500::/40 maxlen: 48
                          2a0f:b244:2000::/36 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:b9:3c:55:80:40:c4:d0:23:51:57:fa:fb:51:a9:1a:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Jan 30 22:02:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2cb163f7763b5dea5d0658bfc8fb09867a84a32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:aa:44:86:a9:7a:2e:6d:34:34:76:de:e7:5c:
                    66:4f:e0:76:ef:6f:bb:b3:45:de:60:d2:3d:0e:f5:
                    51:b9:87:60:cc:53:56:c7:a3:18:f8:f1:52:70:43:
                    a0:19:e5:45:f6:23:4e:0b:24:3e:03:b2:90:16:ae:
                    26:6f:b4:e9:41:3c:af:d4:41:a9:fe:cb:60:0f:e1:
                    3e:9a:88:41:a5:97:04:92:cc:3a:c0:f0:f5:e1:51:
                    7b:3d:fb:b3:ae:a2:6c:af:2d:d8:3f:35:87:ad:29:
                    df:ba:00:6e:ba:46:45:d3:24:09:40:63:fc:65:89:
                    1c:78:3b:8e:32:12:36:63:e0:01:15:82:01:a7:ac:
                    17:9f:f2:0f:03:82:92:d7:5b:5f:13:7f:47:c5:04:
                    ea:d5:0b:3d:dc:d5:72:f6:b8:18:99:ee:00:5c:a6:
                    04:ce:fe:1a:a7:2d:d6:f4:f6:01:71:42:5b:af:73:
                    8a:72:88:5e:15:df:5d:ae:0e:cf:18:b3:5b:0d:07:
                    0d:34:55:09:46:e7:6c:ed:1e:e9:ad:95:7c:73:9f:
                    1a:00:56:1a:0a:9d:47:8d:a7:2d:ef:d0:4b:c3:10:
                    93:6e:ee:3b:12:22:49:84:49:a6:a5:84:70:28:f4:
                    69:4c:c9:e0:b4:a8:c8:51:00:b4:15:e6:68:9b:99:
                    5f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:CB:16:3F:77:63:B5:DE:A5:D0:65:8B:FC:8F:B0:98:67:A8:4A:32
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/sssWP3djtd6l0GWL_I-wmGeoSjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b244:400::/39
                  2a0f:b244:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         04:14:c3:0d:fc:7f:f4:57:8b:a1:55:f3:da:b8:0a:3e:ef:cc:
         ad:ea:56:73:07:fc:a2:c6:19:5b:9a:ee:84:34:17:a1:62:8d:
         1a:a0:99:41:59:3f:de:b0:46:68:10:6d:3e:e9:2e:83:0d:e8:
         0c:20:96:56:8d:be:bb:ca:a5:f7:b6:3d:1d:22:55:4d:fe:03:
         72:33:8a:27:ef:8f:fd:5c:ff:c6:27:6a:eb:00:eb:1e:4d:a3:
         05:fd:7a:cc:ca:0c:a3:21:49:8a:c7:57:35:21:38:34:92:f7:
         32:fe:ac:cf:79:7f:9d:45:7d:77:49:8a:d4:46:e0:1d:a1:67:
         16:0c:b7:1e:b9:29:70:b9:a0:72:e6:80:4d:f1:3d:e5:b5:85:
         be:a3:80:11:f7:85:56:38:09:42:19:4b:79:95:27:50:ce:a3:
         64:ef:d1:81:d4:68:27:9e:44:4d:44:f5:24:08:61:ed:64:9c:
         f2:c3:d7:e1:58:1a:df:06:3d:c7:e9:da:8a:21:9b:ad:93:f7:
         7a:a5:4e:d9:19:f0:cc:e3:24:1f:a2:59:a2:59:bf:95:ac:7d:
         78:12:4b:ee:de:18:70:9b:ce:25:e5:f9:ed:ea:08:c5:ed:70:
         21:c0:6e:e3:a6:14:32:fa:36:c8:95:9d:c8:65:39:4a:ab:9c:
         ea:e9:6e:80
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgISAZS5PFWAQMTQI1FX+vtRqRqfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwMTMwMjIwMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmNiMTYzZjc3NjNiNWRlYTVkMDY1OGJmYzhmYjA5ODY3YTg0YTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKpEhql6Lm00NHbe51xmT+B272+7
s0XeYNI9DvVRuYdgzFNWx6MY+PFScEOgGeVF9iNOCyQ+A7KQFq4mb7TpQTyv1EGp
/stgD+E+mohBpZcEksw6wPD14VF7PfuzrqJsry3YPzWHrSnfugBuukZF0yQJQGP8
ZYkceDuOMhI2Y+ABFYIBp6wXn/IPA4KS11tfE39HxQTq1Qs93NVy9rgYme4AXKYE
zv4apy3W9PYBcUJbr3OKcoheFd9drg7PGLNbDQcNNFUJRuds7R7prZV8c58aAFYa
Cp1Hjact79BLwxCTbu47EiJJhEmmpYRwKPRpTMngtKjIUQC0FeZom5lfrQIDAQAB
o4ICEzCCAg8wHQYDVR0OBBYEFLLLFj93Y7XepdBli/yPsJhnqEoyMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvc3NzV1AzZGp0ZDZsMEdXTF9JLXdtR2VvU2pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCkGCCsGAQUFBwEHAQH/BBowGDAWBAIAAjAQAwYBKg+yRAQD
BgQqD7JEIDANBgkqhkiG9w0BAQsFAAOCAQEABBTDDfx/9FeLoVXz2rgKPu/MrepW
cwf8osYZW5ruhDQXoWKNGqCZQVk/3rBGaBBtPukugw3oDCCWVo2+u8ql97Y9HSJV
Tf4DcjOKJ++P/Vz/xidq6wDrHk2jBf16zMoMoyFJisdXNSE4NJL3Mv6sz3l/nUV9
d0mK1EbgHaFnFgy3HrkpcLmgcuaATfE95bWFvqOAEfeFVjgJQhlLeZUnUM6jZO/R
gdRoJ55ETUT1JAhh7WSc8sPX4Vga3wY9x+naiiGbrZP3eqVO2RnwzOMkH6JZolm/
lax9eBJL7t4YcJvOJeX57eoIxe1wIcBu46YUMvo2yJWdyGU5Squc6ulugA==
-----END CERTIFICATE-----