Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/QKvwdLt69uEJpqyqUFsT__mDL3w.roa
File:                     QKvwdLt69uEJpqyqUFsT__mDL3w.roa (raw, json)
Hash identifier:          kMPSE7JmVHsBG8dw1urZ/RFqgl8V+4FFVNJfUkjVa8A=
Subject key identifier:   40:AB:F0:74:BB:7A:F6:E1:09:A6:AC:AA:50:5B:13:FF:F9:83:2F:7C
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199AB8E6871EF40C8BE6C8CBA6481C31876
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/QKvwdLt69uEJpqyqUFsT__mDL3w.roa
Signing time:             Fri 03 Oct 2025 19:31:00 +0000
ROA not before:           Fri 03 Oct 2025 19:31:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212470
IP address blocks:        2a0f:b240:5300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ab:8e:68:71:ef:40:c8:be:6c:8c:ba:64:81:c3:18:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  3 19:31:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=40abf074bb7af6e109a6acaa505b13fff9832f7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:30:74:20:67:14:ee:87:98:23:12:44:4b:bb:
                    4e:af:b3:3a:71:98:9b:e0:e5:0d:d9:51:a8:cf:d7:
                    64:5b:3a:51:7b:b9:9a:52:a8:44:53:cc:da:84:5c:
                    01:12:5e:4b:58:0a:ae:af:5c:e1:07:3c:28:74:26:
                    26:bb:5c:54:b2:ef:c4:3e:97:da:38:f5:6a:b5:dc:
                    aa:36:03:03:fc:12:68:7d:15:5a:0f:52:da:4f:05:
                    6f:d1:8c:91:75:31:61:c1:23:38:95:ac:69:a8:35:
                    e3:9d:00:7e:b6:a1:d6:d9:3e:cc:63:ee:00:39:9b:
                    55:bb:74:20:a5:84:c4:fe:73:23:fd:bc:9c:7d:f0:
                    e4:f7:4a:a7:08:44:5a:ce:7d:e9:03:92:64:fb:ee:
                    c5:7e:6b:d4:8f:5a:b5:ac:d0:5c:f8:96:35:da:ac:
                    5c:55:90:78:b4:90:bb:fd:b2:3c:d9:25:79:3e:41:
                    96:90:ac:3f:3c:71:9a:6b:04:ae:5f:a6:7b:49:45:
                    34:23:a6:76:27:cc:d8:f3:b2:c2:fc:18:34:00:82:
                    4a:97:be:0e:10:cc:74:90:3c:84:9f:c2:5c:bb:c6:
                    43:eb:07:b7:57:68:7b:b6:0d:ce:57:b9:3c:c5:2b:
                    67:83:a3:5f:99:d6:07:aa:46:74:6a:ef:6e:cd:b4:
                    ed:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:AB:F0:74:BB:7A:F6:E1:09:A6:AC:AA:50:5B:13:FF:F9:83:2F:7C
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/QKvwdLt69uEJpqyqUFsT__mDL3w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:5300::/40

    Signature Algorithm: sha256WithRSAEncryption
         05:3e:81:5f:81:9a:24:63:32:91:59:26:72:be:74:2d:70:45:
         71:f5:e0:0c:a0:98:1b:60:8c:82:cb:3a:09:ac:22:19:02:2e:
         74:f2:68:28:d6:eb:f5:17:61:1d:08:74:45:e8:0c:be:d3:c8:
         fd:df:8e:1b:ae:54:64:63:c4:08:1b:09:28:3f:1a:d6:c0:b6:
         87:b2:36:03:08:9e:31:6a:f5:7c:cf:1f:a6:1c:45:a4:c5:c7:
         2a:f6:6a:5a:63:23:2b:04:62:a7:22:3b:6a:25:32:f8:9e:5e:
         86:1f:a3:36:f2:cb:46:83:dd:a4:30:17:9e:dc:1b:44:11:e8:
         03:03:d9:12:ea:50:80:c3:5e:29:f2:51:33:33:5b:af:38:74:
         1d:f3:0c:99:41:f9:16:f9:83:db:d5:e2:c6:37:9e:b2:e3:48:
         38:cf:ba:a7:d2:f1:2e:c0:35:10:d8:b5:f4:4f:e9:ec:ef:d9:
         5a:7f:72:ed:92:8f:6d:c0:bd:e0:4f:17:95:52:3a:1a:7e:04:
         ad:27:6a:aa:02:e7:4a:99:cf:33:4a:49:0c:09:4a:6e:66:a5:
         12:f9:71:45:26:f2:a8:37:93:a5:f7:d1:b0:52:a0:9c:3e:c6:
         76:02:a8:aa:f6:c2:45:e9:3e:be:60:d4:42:2d:c9:81:a9:6a:
         42:9c:b8:f5
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmrjmhx70DIvmyMumSBwxh2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAzMTkzMTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MGFiZjA3NGJiN2FmNmUxMDlhNmFjYWE1MDViMTNmZmY5ODMyZjdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zB0IGcU7oeYIxJES7tOr7M6cZib
4OUN2VGoz9dkWzpRe7maUqhEU8zahFwBEl5LWAqur1zhBzwodCYmu1xUsu/EPpfa
OPVqtdyqNgMD/BJofRVaD1LaTwVv0YyRdTFhwSM4laxpqDXjnQB+tqHW2T7MY+4A
OZtVu3QgpYTE/nMj/bycffDk90qnCERazn3pA5Jk++7FfmvUj1q1rNBc+JY12qxc
VZB4tJC7/bI82SV5PkGWkKw/PHGaawSuX6Z7SUU0I6Z2J8zY87LC/Bg0AIJKl74O
EMx0kDyEn8Jcu8ZD6we3V2h7tg3OV7k8xStng6NfmdYHqkZ0au9uzbTt2wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFECr8HS7evbhCaasqlBbE//5gy98MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvUUt2d2RMdDY5dUVKcHF5cVVGc1RfX21ETDN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQFMw
DQYJKoZIhvcNAQELBQADggEBAAU+gV+BmiRjMpFZJnK+dC1wRXH14AygmBtgjILL
OgmsIhkCLnTyaCjW6/UXYR0IdEXoDL7TyP3fjhuuVGRjxAgbCSg/GtbAtoeyNgMI
njFq9XzPH6YcRaTFxyr2alpjIysEYqciO2olMvieXoYfozbyy0aD3aQwF57cG0QR
6AMD2RLqUIDDXinyUTMzW684dB3zDJlB+Rb5g9vV4sY3nrLjSDjPuqfS8S7ANRDY
tfRP6ezv2Vp/cu2Sj23AveBPF5VSOhp+BK0naqoC50qZzzNKSQwJSm5mpRL5cUUm
8qg3k6X30bBSoJw+xnYCqKr2wkXpPr5g1EItyYGpakKcuPU=
-----END CERTIFICATE-----