Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/t71YI4KSbaGkCmB-MEJdsGSfQaA.roa
File:                     t71YI4KSbaGkCmB-MEJdsGSfQaA.roa (raw, json)
Hash identifier:          R/e5LF3J+CRodiuFWfzBq7cj+1ew0e07ualksOT+5xk=
Subject key identifier:   B7:BD:58:23:82:92:6D:A1:A4:0A:60:7E:30:42:5D:B0:64:9F:41:A0
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018DA44ACD4ADB06EFFC3B33AB8840E94A7B
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/t71YI4KSbaGkCmB-MEJdsGSfQaA.roa
Signing time:             Tue 13 Feb 2024 21:06:22 +0000
ROA not before:           Tue 13 Feb 2024 21:06:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212858
IP address blocks:        2a0f:b241:16::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a4:4a:cd:4a:db:06:ef:fc:3b:33:ab:88:40:e9:4a:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Feb 13 21:06:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b7bd582382926da1a40a607e30425db0649f41a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:c4:8e:79:6d:fe:e2:1a:47:26:0f:aa:5d:e0:
                    44:2f:40:4b:7c:b0:73:24:11:8f:eb:50:5c:33:34:
                    83:12:98:b9:c6:ea:43:47:66:c3:17:0e:36:46:45:
                    4c:71:0c:6a:b3:44:27:47:b4:0c:d6:ac:5e:c9:54:
                    90:d3:c2:40:d8:ae:97:bf:15:d6:6b:3e:0b:8d:8d:
                    ff:4a:d4:d5:f8:1c:3e:d5:fe:fc:44:90:32:61:73:
                    15:64:d2:46:9e:be:3f:26:dd:80:61:f7:1d:6b:aa:
                    ab:59:7e:f7:99:b6:ed:36:c0:d8:ad:2f:ef:c8:2d:
                    9f:62:1a:2d:5c:49:c5:d1:db:65:22:dc:19:e6:a3:
                    a5:76:c8:3c:99:d6:fa:dd:96:cc:b1:cc:fb:0c:f4:
                    09:80:05:00:ae:55:ff:fb:c6:fc:f6:5e:52:11:4e:
                    32:6d:95:1e:c8:bc:ce:5a:50:17:03:ee:0e:50:be:
                    c6:7c:bd:4c:d6:01:4c:14:9f:0a:1d:14:0c:bb:5f:
                    d1:41:c8:14:91:01:37:1f:8b:af:fb:c3:7d:50:d2:
                    0d:64:97:9f:cb:35:69:40:d9:49:8d:2b:d3:b7:51:
                    6c:99:32:47:d6:a0:4d:c5:33:b2:7f:2e:b3:26:f5:
                    69:b3:0f:cf:07:b3:8f:c4:e0:a4:ea:68:1c:0f:ed:
                    c5:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:BD:58:23:82:92:6D:A1:A4:0A:60:7E:30:42:5D:B0:64:9F:41:A0
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/t71YI4KSbaGkCmB-MEJdsGSfQaA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:16::/48

    Signature Algorithm: sha256WithRSAEncryption
         2e:8f:dd:5b:3f:bc:44:8d:01:d0:e0:ea:36:94:2e:c2:c8:70:
         73:09:02:08:1d:4d:bc:a1:c3:07:ea:c8:8f:0e:e1:f3:48:66:
         6d:fa:e9:95:64:3f:1c:47:38:0d:50:f6:af:d8:5c:1f:25:49:
         b7:c7:aa:da:bc:43:84:ab:43:e3:c3:55:28:d8:96:b3:6b:d2:
         da:0e:10:65:ea:d4:79:a8:83:b5:16:85:f5:de:c5:a9:d3:77:
         2e:f7:f7:0e:41:36:e6:e0:b1:b9:9a:4f:5b:58:46:ff:63:56:
         50:5a:27:a7:ae:10:02:46:3c:1e:21:05:91:a9:bc:b8:d6:8d:
         af:19:35:a1:01:dc:d6:ad:ab:f9:f5:1f:f7:7f:1f:c5:b1:6f:
         c5:55:7b:1e:8f:18:ac:b1:7f:3f:4c:64:fd:72:98:7f:d0:f6:
         cd:2a:52:1d:e7:57:71:6b:c5:4a:f1:95:a1:be:1b:d2:bc:a5:
         0b:08:08:04:07:03:59:db:b6:1c:26:c6:5b:03:10:95:8a:bb:
         de:f0:af:c3:82:49:fd:15:0e:d9:54:30:86:2f:ce:50:cf:1b:
         db:81:6c:db:66:a2:f8:2a:d3:9d:9f:92:d1:5a:5d:49:8c:de:
         05:d4:aa:b2:24:35:33:16:89:1c:c1:c5:92:1f:0d:14:1e:93:
         cd:c1:8d:09
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAY2kSs1K2wbv/Dszq4hA6Up7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMjEzMjEwNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiN2JkNTgyMzgyOTI2ZGExYTQwYTYwN2UzMDQyNWRiMDY0OWY0MWEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlMSOeW3+4hpHJg+qXeBEL0BLfLBz
JBGP61BcMzSDEpi5xupDR2bDFw42RkVMcQxqs0QnR7QM1qxeyVSQ08JA2K6XvxXW
az4LjY3/StTV+Bw+1f78RJAyYXMVZNJGnr4/Jt2AYfcda6qrWX73mbbtNsDYrS/v
yC2fYhotXEnF0dtlItwZ5qOldsg8mdb63ZbMscz7DPQJgAUArlX/+8b89l5SEU4y
bZUeyLzOWlAXA+4OUL7GfL1M1gFMFJ8KHRQMu1/RQcgUkQE3H4uv+8N9UNINZJef
yzVpQNlJjSvTt1FsmTJH1qBNxTOyfy6zJvVpsw/PB7OPxOCk6mgcD+3FXQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFLe9WCOCkm2hpApgfjBCXbBkn0GgMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvdDcxWUk0S1NiYUdrQ21CLU1FSmRzR1NmUWFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAW
MA0GCSqGSIb3DQEBCwUAA4IBAQAuj91bP7xEjQHQ4Oo2lC7CyHBzCQIIHU28ocMH
6siPDuHzSGZt+umVZD8cRzgNUPav2FwfJUm3x6ravEOEq0Pjw1Uo2Jaza9LaDhBl
6tR5qIO1FoX13sWp03cu9/cOQTbm4LG5mk9bWEb/Y1ZQWienrhACRjweIQWRqby4
1o2vGTWhAdzWrav59R/3fx/FsW/FVXsejxissX8/TGT9cph/0PbNKlId51dxa8VK
8ZWhvhvSvKULCAgEBwNZ27YcJsZbAxCVirve8K/Dgkn9FQ7ZVDCGL85QzxvbgWzb
ZqL4KtOdn5LRWl1JjN4F1KqyJDUzFokcwcWSHw0UHpPNwY0J
-----END CERTIFICATE-----