Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/BIwHwWWkDKeueqxwcc7deuGJOEI.roa
File:                     BIwHwWWkDKeueqxwcc7deuGJOEI.roa (raw, json)
Hash identifier:          dAeVKBG7oCN5RkrVPSgHfbMthwWExYYBCSxHc3cE/6s=
Subject key identifier:   04:8C:07:C1:65:A4:0C:A7:AE:7A:AC:70:71:CE:DD:7A:E1:89:38:42
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199FBB224F4E8C3D097D1FC16A3F4A815BE
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/BIwHwWWkDKeueqxwcc7deuGJOEI.roa
Signing time:             Sun 19 Oct 2025 08:59:40 +0000
ROA not before:           Sun 19 Oct 2025 08:59:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214323
IP address blocks:        2a0f:b240:7100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fb:b2:24:f4:e8:c3:d0:97:d1:fc:16:a3:f4:a8:15:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 19 08:59:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=048c07c165a40ca7ae7aac7071cedd7ae1893842
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fd:0a:3b:1f:7d:f7:39:4d:3b:67:87:00:60:8a:
                    b5:d0:f8:e6:1e:33:ee:7f:85:84:30:22:fc:6b:e3:
                    bf:0a:90:03:f6:41:6f:8b:c9:ac:4c:fe:99:b7:20:
                    22:b7:ca:b6:ef:ed:df:cd:93:d8:1e:8b:94:61:74:
                    2e:16:24:67:c4:a9:e7:3d:bb:dd:e8:fc:93:38:77:
                    74:8d:85:69:b0:3c:78:82:68:59:8c:92:d5:8c:51:
                    9f:db:6b:ed:bb:58:31:6b:68:bd:a0:3b:90:63:2b:
                    5d:1d:33:b9:c2:ad:5a:34:b5:e5:e4:20:91:c9:e5:
                    96:62:f8:af:1c:cf:f1:0b:cb:62:6c:23:b2:6e:60:
                    e3:67:f7:ab:8d:78:b6:31:80:61:91:b0:55:f8:c4:
                    38:f9:ff:20:a2:ee:f5:86:f6:68:aa:41:fd:a4:a2:
                    af:ea:3b:4a:c9:e3:4b:d4:f5:0b:e4:ae:01:fb:c2:
                    6c:4e:86:00:b2:70:8a:b5:bd:dd:48:42:6d:68:d8:
                    5b:fe:e7:4e:94:46:c1:06:6a:ad:ca:da:f0:1c:9f:
                    b6:0c:db:62:9d:bd:f6:ed:38:2d:aa:71:10:47:84:
                    0a:3b:fd:f8:69:33:a9:2f:34:0c:b3:bf:fd:df:b4:
                    8a:ad:d9:3d:c8:a5:a2:75:13:11:ea:bc:7a:c0:0a:
                    c2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:8C:07:C1:65:A4:0C:A7:AE:7A:AC:70:71:CE:DD:7A:E1:89:38:42
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/BIwHwWWkDKeueqxwcc7deuGJOEI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:7100::/40

    Signature Algorithm: sha256WithRSAEncryption
         4f:36:96:fb:f2:39:35:34:a6:e8:b2:3b:a0:3b:bb:47:3e:b9:
         73:2b:15:49:08:e6:0b:69:ff:b4:90:40:b6:46:01:84:d0:e2:
         d2:72:84:01:d0:57:73:b1:e8:7c:28:c2:30:e7:df:f4:60:43:
         b2:44:d8:47:14:81:f8:16:91:10:1e:f2:3f:4a:b6:e1:45:ab:
         3f:03:e5:d1:54:79:d5:41:f6:25:45:f9:35:1b:f1:e2:43:3d:
         51:41:6f:55:4d:7f:9c:b3:b4:ba:05:60:e2:5b:33:0b:e8:6f:
         5b:8d:39:d9:e4:e2:cb:b4:32:25:e8:56:81:2c:03:9d:ba:10:
         98:7d:c1:5c:1b:e5:dc:fd:61:91:cb:49:19:75:d2:b5:45:04:
         82:06:b7:56:51:00:7b:44:2b:6c:df:f8:06:ef:c7:c6:2f:72:
         50:a9:f0:7d:70:17:87:8a:f4:2e:cd:1b:bf:26:10:13:e3:02:
         71:ed:d6:17:62:ab:66:88:4a:70:06:15:84:65:ef:53:12:20:
         a5:b0:94:75:49:1b:36:db:ab:dc:c6:85:f7:cb:a2:fb:0a:7e:
         96:1e:11:bc:c2:24:2b:85:73:36:4f:6d:0e:df:c6:fb:fc:7b:
         08:1d:5a:e5:09:0f:fb:03:53:49:5e:57:53:86:0f:d1:e4:2c:
         81:84:4b:48
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZn7siT06MPQl9H8FqP0qBW+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDE5MDg1OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDhjMDdjMTY1YTQwY2E3YWU3YWFjNzA3MWNlZGQ3YWUxODkzODQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/Qo7H333OU07Z4cAYIq10PjmHjPu
f4WEMCL8a+O/CpAD9kFvi8msTP6ZtyAit8q27+3fzZPYHouUYXQuFiRnxKnnPbvd
6PyTOHd0jYVpsDx4gmhZjJLVjFGf22vtu1gxa2i9oDuQYytdHTO5wq1aNLXl5CCR
yeWWYvivHM/xC8tibCOybmDjZ/erjXi2MYBhkbBV+MQ4+f8gou71hvZoqkH9pKKv
6jtKyeNL1PUL5K4B+8JsToYAsnCKtb3dSEJtaNhb/udOlEbBBmqtytrwHJ+2DNti
nb327TgtqnEQR4QKO/34aTOpLzQMs7/937SKrdk9yKWidRMR6rx6wArCVQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFASMB8FlpAynrnqscHHO3XrhiThCMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvQkl3SHdXV2tES2V1ZXF4d2NjN2RldUdKT0VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQHEw
DQYJKoZIhvcNAQELBQADggEBAE82lvvyOTU0puiyO6A7u0c+uXMrFUkI5gtp/7SQ
QLZGAYTQ4tJyhAHQV3Ox6HwowjDn3/RgQ7JE2EcUgfgWkRAe8j9KtuFFqz8D5dFU
edVB9iVF+TUb8eJDPVFBb1VNf5yztLoFYOJbMwvob1uNOdnk4su0MiXoVoEsA526
EJh9wVwb5dz9YZHLSRl10rVFBIIGt1ZRAHtEK2zf+Abvx8YvclCp8H1wF4eK9C7N
G78mEBPjAnHt1hdiq2aISnAGFYRl71MSIKWwlHVJGzbbq9zGhffLovsKfpYeEbzC
JCuFczZPbQ7fxvv8ewgdWuUJD/sDU0leV1OGD9HkLIGES0g=
-----END CERTIFICATE-----