Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Mksrz17PdON1ZBfZiNtEZ8OSik8.roa
File:                     Mksrz17PdON1ZBfZiNtEZ8OSik8.roa (raw, json)
Hash identifier:          qsf/bbc48rfmLu1T5kSKvTU2iV/ye/8xgrnMiFDTrUM=
Subject key identifier:   32:4B:2B:CF:5E:CF:74:E3:75:64:17:D9:88:DB:44:67:C3:92:8A:4F
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199EC4C2C070A672C10C2FA3BA54776E9A3
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Mksrz17PdON1ZBfZiNtEZ8OSik8.roa
Signing time:             Thu 16 Oct 2025 09:13:58 +0000
ROA not before:           Thu 16 Oct 2025 09:13:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213413
IP address blocks:        2a0f:b240:5c00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ec:4c:2c:07:0a:67:2c:10:c2:fa:3b:a5:47:76:e9:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 16 09:13:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=324b2bcf5ecf74e3756417d988db4467c3928a4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:94:4e:6e:9b:bd:ba:eb:19:b5:d8:81:e6:c3:
                    7c:67:73:69:6f:da:35:31:83:96:41:11:ed:f0:47:
                    cb:cb:37:b7:95:b8:d8:b7:44:76:da:f6:98:56:1e:
                    32:da:ce:38:33:75:5d:a6:b8:e1:52:3d:63:b4:08:
                    1a:03:fc:f2:b7:c8:56:4e:83:d0:82:2b:48:72:d2:
                    a5:ae:c1:58:c7:5b:fa:01:54:1e:27:67:88:e3:2a:
                    b8:ec:b1:42:01:5a:b3:d5:be:c9:c4:02:80:8b:b8:
                    a2:26:a0:10:bd:0b:e7:41:ac:29:af:59:4d:9b:11:
                    26:36:f5:d7:f3:99:8c:5f:e0:e0:4e:93:2b:f0:90:
                    e9:4f:ee:e9:45:9f:ed:15:c8:6b:b5:9d:4b:67:ec:
                    03:f6:ed:a0:86:e3:44:35:27:85:4a:44:c2:c5:d0:
                    6c:fe:7b:f5:b2:d0:28:89:b6:06:09:bf:e2:4b:5b:
                    34:3a:2a:a3:1f:c6:75:a6:f2:54:e2:07:e7:3d:46:
                    d0:de:7f:ee:5e:e7:98:7d:d8:5a:42:d3:0a:f1:ba:
                    e2:5b:b2:d6:17:7d:5c:51:1e:e7:68:b7:51:64:56:
                    b9:fb:de:be:08:11:b7:d3:ae:83:cf:8e:55:58:f7:
                    8c:ba:fa:22:37:5d:9f:a2:5f:b4:85:3e:c7:42:fe:
                    1c:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4B:2B:CF:5E:CF:74:E3:75:64:17:D9:88:DB:44:67:C3:92:8A:4F
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Mksrz17PdON1ZBfZiNtEZ8OSik8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:5c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         1c:61:cc:1c:39:0d:2a:97:9d:02:e7:65:9b:ff:18:40:cd:b6:
         49:09:3a:06:b0:1a:57:e3:af:4b:49:b9:ef:7b:41:19:ab:cf:
         87:55:7f:cc:6b:ae:1d:a4:ce:62:cd:9c:8b:27:30:71:d7:00:
         2a:ec:5c:5c:0c:14:e4:e3:f5:b6:e2:cf:c8:8c:14:cd:ec:e6:
         73:bf:09:28:e3:d1:2c:77:f4:49:2f:3d:0c:f9:0b:e3:38:d2:
         87:3e:d5:c8:42:6c:c3:77:54:79:f5:9e:95:b3:61:d1:f8:38:
         dc:b0:87:0a:13:32:7d:20:5d:b9:02:86:38:f9:65:5b:68:3c:
         de:e1:78:73:1d:be:61:e5:16:11:a3:37:7c:29:9a:94:91:51:
         7f:fe:5e:4b:80:37:bc:fc:3e:ed:6f:8a:f8:98:51:17:37:58:
         75:4c:d3:bd:d3:82:46:7d:12:90:68:e1:1a:39:6e:a9:b3:bd:
         ab:d0:07:ee:00:74:7e:01:c8:8f:37:bf:2e:06:4d:cf:44:be:
         35:96:17:e6:3a:59:f7:67:3a:f1:89:25:10:db:41:6b:ed:66:
         2f:9d:d2:01:87:85:ec:a3:1e:a5:1c:c0:3d:69:94:e2:44:b9:
         f5:00:c1:42:41:4e:ef:cf:84:fe:3d:12:94:b9:a6:d8:1a:78:
         e2:71:4d:5e
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZnsTCwHCmcsEML6O6VHdumjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDE2MDkxMzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjRiMmJjZjVlY2Y3NGUzNzU2NDE3ZDk4OGRiNDQ2N2MzOTI4YTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA45RObpu9uusZtdiB5sN8Z3Npb9o1
MYOWQRHt8EfLyze3lbjYt0R22vaYVh4y2s44M3VdprjhUj1jtAgaA/zyt8hWToPQ
gitIctKlrsFYx1v6AVQeJ2eI4yq47LFCAVqz1b7JxAKAi7iiJqAQvQvnQawpr1lN
mxEmNvXX85mMX+DgTpMr8JDpT+7pRZ/tFchrtZ1LZ+wD9u2ghuNENSeFSkTCxdBs
/nv1stAoibYGCb/iS1s0OiqjH8Z1pvJU4gfnPUbQ3n/uXueYfdhaQtMK8briW7LW
F31cUR7naLdRZFa5+96+CBG3066Dz45VWPeMuvoiN12fol+0hT7HQv4chQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFDJLK89ez3TjdWQX2YjbRGfDkopPMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvTWtzcnoxN1BkT04xWkJmWmlOdEVaOE9TaWs4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQFww
DQYJKoZIhvcNAQELBQADggEBABxhzBw5DSqXnQLnZZv/GEDNtkkJOgawGlfjr0tJ
ue97QRmrz4dVf8xrrh2kzmLNnIsnMHHXACrsXFwMFOTj9bbiz8iMFM3s5nO/CSjj
0Sx39EkvPQz5C+M40oc+1chCbMN3VHn1npWzYdH4ONywhwoTMn0gXbkChjj5ZVto
PN7heHMdvmHlFhGjN3wpmpSRUX/+XkuAN7z8Pu1viviYURc3WHVM073TgkZ9EpBo
4Ro5bqmzvavQB+4AdH4ByI83vy4GTc9EvjWWF+Y6WfdnOvGJJRDbQWvtZi+d0gGH
heyjHqUcwD1plOJEufUAwUJBTu/PhP49EpS5ptgaeOJxTV4=
-----END CERTIFICATE-----