Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/8xiuU5SRnlfkKZ6zfN9ezMR5MMQ.roa
File:                     8xiuU5SRnlfkKZ6zfN9ezMR5MMQ.roa (raw, json)
Hash identifier:          rLF9ZEKP8uQ6ytR4wAIoyexfkV7eeZ98qwmSqZK7DZY=
Subject key identifier:   F3:18:AE:53:94:91:9E:57:E4:29:9E:B3:7C:DF:5E:CC:C4:79:30:C4
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199F9F493CB24F411D98D9D03CA1F4811E1
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/8xiuU5SRnlfkKZ6zfN9ezMR5MMQ.roa
Signing time:             Sun 19 Oct 2025 00:52:59 +0000
ROA not before:           Sun 19 Oct 2025 00:52:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214480
IP address blocks:        2a0f:b240:6f00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f9:f4:93:cb:24:f4:11:d9:8d:9d:03:ca:1f:48:11:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 19 00:52:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f318ae5394919e57e4299eb37cdf5eccc47930c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:13:01:c8:76:16:95:a9:53:45:14:35:30:b2:
                    fd:b2:94:e6:26:98:c5:e5:fd:8d:ca:14:bb:25:23:
                    cb:49:fa:bd:4a:41:e8:07:12:c5:8c:d3:85:76:42:
                    fc:b9:d1:0a:85:44:6c:c0:2a:5b:9d:e1:f1:d8:41:
                    ce:44:58:49:ea:11:37:ce:4f:49:ef:8e:14:8a:dd:
                    aa:65:25:eb:a4:ba:30:5c:4c:9c:6f:4c:66:bb:55:
                    3e:af:09:ee:b6:33:15:c3:20:95:0c:25:b9:95:d6:
                    f5:f8:0e:1d:cd:d4:93:97:02:50:09:fe:36:59:f8:
                    43:58:e5:9f:e3:9d:5c:f9:d8:de:b6:8c:bd:04:ee:
                    0a:12:5a:fe:98:a3:e7:61:88:a7:5c:96:51:50:a4:
                    a5:ac:90:8b:76:bd:2a:75:3c:0c:36:a4:1c:ae:04:
                    f6:63:2a:d4:ec:73:90:57:29:99:bf:12:7c:ec:b5:
                    ee:46:3b:07:f6:55:5d:c5:97:82:d2:ea:fc:a8:e4:
                    54:13:dc:9f:29:d9:b4:16:1f:bf:9f:fe:aa:01:e8:
                    6c:38:7d:96:b2:7b:21:8e:47:48:3a:d1:d3:6d:f7:
                    cd:e7:34:37:54:d5:bd:81:e4:25:dc:47:16:25:ba:
                    eb:24:27:d2:99:88:2e:1b:98:8a:ed:b5:03:5c:3b:
                    e2:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:18:AE:53:94:91:9E:57:E4:29:9E:B3:7C:DF:5E:CC:C4:79:30:C4
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/8xiuU5SRnlfkKZ6zfN9ezMR5MMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:6f00::/40

    Signature Algorithm: sha256WithRSAEncryption
         48:90:24:64:e6:d0:fc:5f:92:f3:fa:ed:b5:a0:14:06:85:fc:
         33:41:d3:6f:98:77:99:59:81:67:00:d5:86:9c:4c:30:39:6e:
         1c:7d:de:d6:00:53:e1:03:9d:33:fe:19:ce:b8:8e:28:94:9f:
         23:72:04:95:99:f2:00:68:d5:f9:77:5d:9d:b8:fb:9e:e0:89:
         50:ba:88:6f:9c:13:25:b1:97:e8:3f:78:64:20:12:4b:c0:de:
         58:f9:26:83:4a:51:1c:a2:da:5d:ea:11:a0:e4:43:b5:9d:40:
         e7:38:fc:eb:10:81:11:45:f1:f8:21:13:a3:86:ee:e7:fe:25:
         9b:76:19:af:0b:e1:1d:36:86:b8:98:24:31:da:f7:0e:a1:53:
         a3:33:9c:48:14:38:0a:d2:44:a9:a1:6e:38:d7:bf:de:a8:bf:
         41:6b:ea:62:e8:a4:66:a9:d4:41:d9:4f:5c:ca:53:3b:a3:33:
         33:db:a1:71:f6:5e:cb:9a:03:ef:4b:f2:8f:0b:23:57:18:8c:
         c6:1b:e9:51:49:43:a1:ad:b3:d4:03:68:3a:3d:e7:18:60:97:
         2e:c1:75:77:87:e7:68:2c:28:25:73:cd:c3:59:73:22:6c:98:
         a9:b0:5b:84:b2:91:49:0f:9b:41:f6:a9:f8:0b:17:f7:bc:76:
         22:2b:da:60
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZn59JPLJPQR2Y2dA8ofSBHhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDE5MDA1MjU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzE4YWU1Mzk0OTE5ZTU3ZTQyOTllYjM3Y2RmNWVjY2M0NzkzMGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArRMByHYWlalTRRQ1MLL9spTmJpjF
5f2NyhS7JSPLSfq9SkHoBxLFjNOFdkL8udEKhURswCpbneHx2EHORFhJ6hE3zk9J
744Uit2qZSXrpLowXEycb0xmu1U+rwnutjMVwyCVDCW5ldb1+A4dzdSTlwJQCf42
WfhDWOWf451c+djetoy9BO4KElr+mKPnYYinXJZRUKSlrJCLdr0qdTwMNqQcrgT2
YyrU7HOQVymZvxJ87LXuRjsH9lVdxZeC0ur8qORUE9yfKdm0Fh+/n/6qAehsOH2W
snshjkdIOtHTbffN5zQ3VNW9geQl3EcWJbrrJCfSmYguG5iK7bUDXDviOwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFPMYrlOUkZ5X5Cmes3zfXszEeTDEMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvOHhpdVU1U1JubGZrS1o2emZOOWV6TVI1TU1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQG8w
DQYJKoZIhvcNAQELBQADggEBAEiQJGTm0PxfkvP67bWgFAaF/DNB02+Yd5lZgWcA
1YacTDA5bhx93tYAU+EDnTP+Gc64jiiUnyNyBJWZ8gBo1fl3XZ24+57giVC6iG+c
EyWxl+g/eGQgEkvA3lj5JoNKURyi2l3qEaDkQ7WdQOc4/OsQgRFF8fghE6OG7uf+
JZt2Ga8L4R02hriYJDHa9w6hU6MznEgUOArSRKmhbjjXv96ov0Fr6mLopGap1EHZ
T1zKUzujMzPboXH2XsuaA+9L8o8LI1cYjMYb6VFJQ6Gts9QDaDo95xhgly7BdXeH
52gsKCVzzcNZcyJsmKmwW4SykUkPm0H2qfgLF/e8diIr2mA=
-----END CERTIFICATE-----