Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Q2cAHP-T7jcb2CaVraRWtqwffFY.roa
File:                     Q2cAHP-T7jcb2CaVraRWtqwffFY.roa (raw, json)
Hash identifier:          2xxgEUp39TFuGXdsMpos4I9c8JrvfmwkgMss9VkkO8g=
Subject key identifier:   43:67:00:1C:FF:93:EE:37:1B:D8:26:95:AD:A4:56:B6:AC:1F:7C:56
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199FAA62F133F9438C5025030970309EE4C
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Q2cAHP-T7jcb2CaVraRWtqwffFY.roa
Signing time:             Sun 19 Oct 2025 04:06:58 +0000
ROA not before:           Sun 19 Oct 2025 04:06:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     401441
IP address blocks:        2a0f:b240:7000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fa:a6:2f:13:3f:94:38:c5:02:50:30:97:03:09:ee:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 19 04:06:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4367001cff93ee371bd82695ada456b6ac1f7c56
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:14:ac:a6:9f:fd:19:73:c1:76:93:0b:91:e0:
                    06:95:10:65:b6:d1:cf:b6:36:e6:e9:b4:9d:5f:31:
                    8f:81:6c:57:7f:9d:c1:95:dd:3b:c0:3b:97:72:b7:
                    40:20:5d:e2:51:74:8e:7c:4d:7a:69:cc:f2:6a:ee:
                    10:4b:a9:98:5e:e8:4e:0f:fb:fe:00:e2:dc:c4:7b:
                    b1:09:02:61:ab:2e:29:02:04:1c:66:22:a1:ee:99:
                    1e:5e:e7:65:66:69:5a:45:d6:fe:5b:8f:a6:8b:66:
                    db:db:b6:16:6b:b1:c9:72:0c:23:33:0b:58:2f:9a:
                    33:71:f4:56:70:42:57:d5:88:87:a9:19:cf:11:ec:
                    b8:8a:64:72:34:0f:26:61:2f:60:0f:2c:e5:ab:bd:
                    70:d0:46:23:58:1b:07:01:11:1b:c0:d3:b5:3d:cb:
                    f0:9b:6a:49:2d:33:be:da:79:3f:8e:47:a9:90:f1:
                    16:9f:77:a6:d7:14:d9:e2:aa:1a:3d:2c:2f:1c:6b:
                    16:13:86:5b:fe:6d:ba:b8:1d:2b:ca:fc:2b:6c:77:
                    ce:5e:fa:19:b3:eb:28:f6:ca:b7:83:6a:89:c4:3c:
                    f9:45:b3:01:04:13:4a:84:16:b8:78:9f:56:ad:61:
                    c7:4a:7e:a5:9f:d2:75:4f:51:67:7f:6c:f1:84:3b:
                    f5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:67:00:1C:FF:93:EE:37:1B:D8:26:95:AD:A4:56:B6:AC:1F:7C:56
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Q2cAHP-T7jcb2CaVraRWtqwffFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:7000::/40

    Signature Algorithm: sha256WithRSAEncryption
         06:ed:8a:30:77:f1:3f:d0:2b:1f:d3:d3:d9:aa:70:f7:a8:ee:
         32:97:cc:04:41:f3:07:b6:cf:c8:f5:f6:ca:73:b7:b1:e2:ee:
         23:ef:e6:26:72:b9:a2:b6:7b:a2:fb:bc:61:e6:bb:fd:19:52:
         cc:4b:3c:da:11:e4:78:4a:5d:7c:48:9f:dd:56:15:3b:19:30:
         38:21:f3:e9:7d:1f:5d:91:2b:aa:94:13:91:9e:3e:68:ea:e5:
         a7:46:17:69:fb:0e:00:d0:72:f4:f4:37:04:cc:9e:38:e4:63:
         74:d8:af:c2:7a:10:2d:7e:15:22:c0:40:fa:4f:fd:e9:61:d5:
         4c:92:2d:d3:f5:8c:ce:91:d6:51:ad:d0:7f:4b:66:87:46:72:
         4f:b6:30:19:f6:f7:4a:6d:22:c1:10:e2:8b:5f:7e:b7:a0:f0:
         dc:80:8a:13:85:3f:ae:52:92:88:b1:b9:50:8f:1d:d5:cb:6b:
         87:2c:9a:89:ac:ca:24:23:8d:d7:0d:61:00:7a:d9:12:ba:8f:
         5e:65:60:24:1c:5c:54:8f:9d:94:01:14:69:a0:ae:06:a2:fd:
         e4:c5:25:b7:61:b0:ec:c3:50:ed:cc:7c:ba:fe:11:38:1f:26:
         b7:12:e0:9f:6b:21:82:f6:54:c3:92:81:8b:85:f9:9c:af:ac:
         93:86:d9:11
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZn6pi8TP5Q4xQJQMJcDCe5MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDE5MDQwNjU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzY3MDAxY2ZmOTNlZTM3MWJkODI2OTVhZGE0NTZiNmFjMWY3YzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzBSspp/9GXPBdpMLkeAGlRBlttHP
tjbm6bSdXzGPgWxXf53Bld07wDuXcrdAIF3iUXSOfE16aczyau4QS6mYXuhOD/v+
AOLcxHuxCQJhqy4pAgQcZiKh7pkeXudlZmlaRdb+W4+mi2bb27YWa7HJcgwjMwtY
L5ozcfRWcEJX1YiHqRnPEey4imRyNA8mYS9gDyzlq71w0EYjWBsHAREbwNO1Pcvw
m2pJLTO+2nk/jkepkPEWn3em1xTZ4qoaPSwvHGsWE4Zb/m26uB0ryvwrbHfOXvoZ
s+so9sq3g2qJxDz5RbMBBBNKhBa4eJ9WrWHHSn6ln9J1T1Fnf2zxhDv1aQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFENnABz/k+43G9gmla2kVrasH3xWMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvUTJjQUhQLVQ3amNiMkNhVnJhUld0cXdmZkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQHAw
DQYJKoZIhvcNAQELBQADggEBAAbtijB38T/QKx/T09mqcPeo7jKXzARB8we2z8j1
9spzt7Hi7iPv5iZyuaK2e6L7vGHmu/0ZUsxLPNoR5HhKXXxIn91WFTsZMDgh8+l9
H12RK6qUE5GePmjq5adGF2n7DgDQcvT0NwTMnjjkY3TYr8J6EC1+FSLAQPpP/elh
1UySLdP1jM6R1lGt0H9LZodGck+2MBn290ptIsEQ4otffreg8NyAihOFP65Skoix
uVCPHdXLa4csmomsyiQjjdcNYQB62RK6j15lYCQcXFSPnZQBFGmgrgai/eTFJbdh
sOzDUO3MfLr+ETgfJrcS4J9rIYL2VMOSgYuF+ZyvrJOG2RE=
-----END CERTIFICATE-----