Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/vhqWGep0prxA72dfrYsYgxr1hOM.roa
File:                     vhqWGep0prxA72dfrYsYgxr1hOM.roa (raw, json)
Hash identifier:          4P1x6dlWIRy5e3L6F09pfGN24P9r1AH890JM2J/I4tY=
Subject key identifier:   BE:1A:96:19:EA:74:A6:BC:40:EF:67:5F:AD:8B:18:83:1A:F5:84:E3
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019A0793E1C0A4E593478CE559929B8F2A36
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/vhqWGep0prxA72dfrYsYgxr1hOM.roa
Signing time:             Tue 21 Oct 2025 16:22:03 +0000
ROA not before:           Tue 21 Oct 2025 16:22:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214420
IP address blocks:        2a0f:b240:6b00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Oct 2025 23:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:07:93:e1:c0:a4:e5:93:47:8c:e5:59:92:9b:8f:2a:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 21 16:22:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be1a9619ea74a6bc40ef675fad8b18831af584e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:e2:c7:b5:71:ae:20:df:1b:86:21:cc:a4:6c:
                    7e:ca:e5:70:de:f9:c2:04:eb:e3:d5:9a:2d:0a:7d:
                    c8:a5:6e:01:a1:5f:ba:89:84:05:8c:52:bc:bf:e0:
                    36:13:1e:54:93:62:d2:45:fa:17:a9:da:45:26:e7:
                    5f:01:99:8e:79:43:a2:dc:15:db:7d:54:d6:36:3e:
                    34:e7:fc:64:49:10:9c:8c:15:71:0c:96:4a:ae:e7:
                    f7:82:2c:f0:fd:7a:b0:f9:f2:67:dd:21:70:c4:2c:
                    28:13:2e:be:43:52:71:bf:0b:4b:3f:37:35:2a:9e:
                    4c:b5:26:48:49:c2:c0:bb:11:4f:db:4c:98:55:52:
                    ea:c8:4c:9e:74:50:d8:86:b1:82:48:37:9d:e4:cd:
                    ca:3b:a2:2a:fe:04:9f:2b:a7:2c:1c:4d:64:e9:d6:
                    a1:31:3d:12:7b:3e:95:7c:2a:93:f5:d3:05:45:9f:
                    9b:2e:47:7b:da:f8:61:7f:b2:86:3f:15:87:fa:85:
                    c0:05:bb:d4:11:28:e4:bb:13:e4:8a:6f:89:15:00:
                    2b:dd:f3:08:d8:29:b9:c0:7d:69:fe:46:3f:2b:db:
                    b2:f2:ce:f2:69:d2:98:6d:c0:39:a2:de:4e:cc:ea:
                    6b:6a:a0:c5:6e:ad:01:2d:ae:6f:e8:5d:31:ac:e5:
                    82:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:1A:96:19:EA:74:A6:BC:40:EF:67:5F:AD:8B:18:83:1A:F5:84:E3
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/vhqWGep0prxA72dfrYsYgxr1hOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:6b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         5a:20:f7:a5:25:de:dc:18:9e:a0:54:d9:6c:fa:3c:b3:3e:0e:
         0e:5c:2f:80:6c:24:3c:c8:85:5f:bf:48:ac:e5:24:0d:da:db:
         c0:9c:df:f4:b9:be:42:31:ad:2c:95:37:3e:b1:62:9a:e3:4b:
         54:c6:ce:15:df:a5:e8:a6:22:06:bb:35:69:41:f6:34:11:9d:
         d3:2b:1b:e4:fb:cb:9b:b0:07:0b:f7:3c:7c:67:01:86:c3:d0:
         66:90:38:bf:47:66:a0:dd:5a:cd:40:39:3f:cc:0f:ba:8c:53:
         82:db:05:6d:4d:3a:98:2a:24:2a:cc:ac:d0:da:84:7e:2e:e1:
         25:13:f4:b4:c2:df:15:0c:6e:c7:7d:e6:de:c7:78:35:d9:44:
         06:16:8a:e7:7f:1c:20:a9:39:57:23:49:05:dc:8f:6b:48:cc:
         03:be:ac:32:c2:45:3a:dc:5b:f1:73:05:81:9f:12:0d:fb:85:
         f1:6d:fe:08:b4:9c:9c:d4:ce:64:af:a9:77:82:1f:c0:47:95:
         0a:90:7e:ad:e7:ef:b4:91:0e:65:54:ba:ba:e5:66:eb:d0:ae:
         ba:2c:5e:26:b3:5f:f7:c7:11:e8:6e:32:6f:15:a3:70:c0:5b:
         54:36:0b:72:33:b9:c7:2f:e4:a1:4e:f2:88:64:49:d9:b1:94:
         86:ae:2f:f2
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZoHk+HApOWTR4zlWZKbjyo2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDIxMTYyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTFhOTYxOWVhNzRhNmJjNDBlZjY3NWZhZDhiMTg4MzFhZjU4NGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq+LHtXGuIN8bhiHMpGx+yuVw3vnC
BOvj1ZotCn3IpW4BoV+6iYQFjFK8v+A2Ex5Uk2LSRfoXqdpFJudfAZmOeUOi3BXb
fVTWNj405/xkSRCcjBVxDJZKruf3gizw/Xqw+fJn3SFwxCwoEy6+Q1JxvwtLPzc1
Kp5MtSZIScLAuxFP20yYVVLqyEyedFDYhrGCSDed5M3KO6Iq/gSfK6csHE1k6dah
MT0Sez6VfCqT9dMFRZ+bLkd72vhhf7KGPxWH+oXABbvUESjkuxPkim+JFQAr3fMI
2Cm5wH1p/kY/K9uy8s7yadKYbcA5ot5OzOpraqDFbq0BLa5v6F0xrOWC7QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFL4alhnqdKa8QO9nX62LGIMa9YTjMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvdmhxV0dlcDBwcnhBNzJkZnJZc1lneHIxaE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQGsw
DQYJKoZIhvcNAQELBQADggEBAFog96Ul3twYnqBU2Wz6PLM+Dg5cL4BsJDzIhV+/
SKzlJA3a28Cc3/S5vkIxrSyVNz6xYprjS1TGzhXfpeimIga7NWlB9jQRndMrG+T7
y5uwBwv3PHxnAYbD0GaQOL9HZqDdWs1AOT/MD7qMU4LbBW1NOpgqJCrMrNDahH4u
4SUT9LTC3xUMbsd95t7HeDXZRAYWiud/HCCpOVcjSQXcj2tIzAO+rDLCRTrcW/Fz
BYGfEg37hfFt/gi0nJzUzmSvqXeCH8BHlQqQfq3n77SRDmVUurrlZuvQrrosXiaz
X/fHEehuMm8Vo3DAW1Q2C3Izuccv5KFO8ohkSdmxlIauL/I=
-----END CERTIFICATE-----