Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/z9jSaQooi48ciojI0DNXMjQGP9U.roa
File:                     z9jSaQooi48ciojI0DNXMjQGP9U.roa (raw, json)
Hash identifier:          wBIZ9guDmNTfThhuSKlzu6dMR5P4osh8vKBmfEsH9Ys=
Subject key identifier:   CF:D8:D2:69:0A:28:8B:8F:1C:8A:88:C8:D0:33:57:32:34:06:3F:D5
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       018E7D8D75EF6111E5B842B77AB7574E59A4
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/z9jSaQooi48ciojI0DNXMjQGP9U.roa
Signing time:             Wed 27 Mar 2024 01:36:46 +0000
ROA not before:           Wed 27 Mar 2024 01:36:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215473
IP address blocks:        2a0f:b241:19::/48 maxlen: 48
                          2a0f:b241:82::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7d:8d:75:ef:61:11:e5:b8:42:b7:7a:b7:57:4e:59:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Mar 27 01:36:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cfd8d2690a288b8f1c8a88c8d033573234063fd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:ab:6f:cc:bd:87:17:43:c4:a4:14:77:c9:5d:
                    b5:61:05:a7:bd:de:33:e3:f3:46:4b:58:00:03:d3:
                    0f:f0:fc:15:2e:d1:c7:c3:8a:a1:09:14:49:9d:20:
                    1f:6d:7d:4c:e5:ad:39:f1:91:78:2e:2a:c6:9c:e0:
                    ce:80:87:fd:4f:93:01:7b:c0:3d:f6:09:bc:b0:f1:
                    40:35:dc:ce:60:bd:46:52:da:1c:c2:80:1c:9b:31:
                    3f:75:4f:9f:ca:11:f7:ae:05:0c:70:5c:4f:98:f9:
                    bd:23:e7:a8:4c:c1:a1:ad:0b:a1:a9:f8:5b:fd:12:
                    2d:a6:5f:e4:6f:30:48:31:ca:83:47:ff:fd:5e:10:
                    1d:ec:e4:62:3b:14:9b:66:1b:e6:9c:1d:89:8c:0d:
                    7f:9a:87:1e:92:cb:e9:f5:a0:2a:8e:fd:c8:8a:f1:
                    44:5b:30:3a:0a:cd:ff:46:26:78:19:b6:00:0e:55:
                    1a:84:8a:d5:86:da:ec:0c:d1:e4:be:ee:80:c0:17:
                    69:0d:d2:64:2c:c9:ac:9c:41:b7:88:07:4c:e1:08:
                    02:34:bb:c3:62:e3:bd:f6:5b:82:d2:30:8f:22:ef:
                    a1:21:96:a9:e0:f7:9f:01:c3:8f:00:3b:70:8e:a5:
                    4c:44:7a:f8:a4:da:4a:74:9f:c6:ef:9a:ff:78:67:
                    6f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:D8:D2:69:0A:28:8B:8F:1C:8A:88:C8:D0:33:57:32:34:06:3F:D5
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/z9jSaQooi48ciojI0DNXMjQGP9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:19::/48
                  2a0f:b241:82::/48

    Signature Algorithm: sha256WithRSAEncryption
         3e:41:60:c8:a6:72:01:86:f9:d0:59:e4:a6:3e:bd:4e:c3:8e:
         82:74:05:8c:6d:bb:b6:2c:61:a6:ab:f0:4f:2a:87:a8:f6:ce:
         9d:34:0b:b7:7e:f5:86:0d:02:30:bc:d9:e0:96:07:e2:24:8f:
         d7:f1:a3:4a:08:23:ba:57:ee:27:87:47:08:39:a2:a7:ad:96:
         a1:3d:12:35:f6:b0:b4:32:58:6f:73:95:02:23:99:b9:d4:dc:
         9c:0d:57:d8:c2:be:80:7e:58:78:aa:a8:42:01:05:f1:43:bd:
         e0:20:44:a4:10:85:c9:b5:03:66:91:a4:05:c6:37:0c:4a:c0:
         10:4f:65:76:4f:bd:93:7b:c5:01:09:68:25:e1:70:13:c9:8d:
         fd:4f:58:94:d9:60:20:8a:64:8f:57:20:da:ca:ae:2e:1b:c3:
         9f:e1:3e:c4:ba:fe:43:a7:af:08:8e:ad:5f:98:18:c8:84:79:
         45:65:b2:49:a9:6a:08:3e:d5:69:7f:b5:38:76:f6:ec:5f:04:
         08:65:64:85:0d:0f:4f:92:31:8b:f7:21:33:be:6b:dd:15:60:
         6f:05:a8:ae:f2:90:52:44:77:0c:d7:df:dd:7d:14:9f:d3:06:
         78:3f:e3:12:25:3f:79:53:41:4a:75:4f:97:04:e9:5e:f4:fe:
         bf:0e:94:c5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY59jXXvYRHluEK3erdXTlmkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjQwMzI3MDEzNjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZmQ4ZDI2OTBhMjg4YjhmMWM4YTg4YzhkMDMzNTczMjM0MDYzZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyqtvzL2HF0PEpBR3yV21YQWnvd4z
4/NGS1gAA9MP8PwVLtHHw4qhCRRJnSAfbX1M5a058ZF4LirGnODOgIf9T5MBe8A9
9gm8sPFANdzOYL1GUtocwoAcmzE/dU+fyhH3rgUMcFxPmPm9I+eoTMGhrQuhqfhb
/RItpl/kbzBIMcqDR//9XhAd7ORiOxSbZhvmnB2JjA1/moceksvp9aAqjv3IivFE
WzA6Cs3/RiZ4GbYADlUahIrVhtrsDNHkvu6AwBdpDdJkLMmsnEG3iAdM4QgCNLvD
YuO99luC0jCPIu+hIZap4PefAcOPADtwjqVMRHr4pNpKdJ/G75r/eGdvzwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM/Y0mkKKIuPHIqIyNAzVzI0Bj/VMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvejlqU2FRb29pNDhjaW9qSTBETlhNalFHUDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcAKg+yQQAZ
AwcAKg+yQQCCMA0GCSqGSIb3DQEBCwUAA4IBAQA+QWDIpnIBhvnQWeSmPr1Ow46C
dAWMbbu2LGGmq/BPKoeo9s6dNAu3fvWGDQIwvNnglgfiJI/X8aNKCCO6V+4nh0cI
OaKnrZahPRI19rC0Mlhvc5UCI5m51NycDVfYwr6Aflh4qqhCAQXxQ73gIESkEIXJ
tQNmkaQFxjcMSsAQT2V2T72Te8UBCWgl4XATyY39T1iU2WAgimSPVyDayq4uG8Of
4T7Euv5Dp68Ijq1fmBjIhHlFZbJJqWoIPtVpf7U4dvbsXwQIZWSFDQ9PkjGL9yEz
vmvdFWBvBaiu8pBSRHcM19/dfRSf0wZ4P+MSJT95U0FKdU+XBOle9P6/DpTF
-----END CERTIFICATE-----