Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/QoryoTbAjpZOpeMxy-m4pK98BKI.roa
File:                     QoryoTbAjpZOpeMxy-m4pK98BKI.roa (raw, json)
Hash identifier:          SQYZU6UkW7KF3x5a5k+21jXJnCqUAf0qkTlWQP1V7Z8=
Subject key identifier:   42:8A:F2:A1:36:C0:8E:96:4E:A5:E3:31:CB:E9:B8:A4:AF:7C:04:A2
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       01992475CD2E5CDBD284D09AC78743BF5043
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/QoryoTbAjpZOpeMxy-m4pK98BKI.roa
Signing time:             Sun 07 Sep 2025 13:55:24 +0000
ROA not before:           Sun 07 Sep 2025 13:55:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213282
IP address blocks:        2a0f:b240:24::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:24:75:cd:2e:5c:db:d2:84:d0:9a:c7:87:43:bf:50:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Sep  7 13:55:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=428af2a136c08e964ea5e331cbe9b8a4af7c04a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:04:88:b8:06:9e:f8:35:aa:d5:33:6e:81:cf:
                    a4:85:c7:e4:10:59:f8:dc:96:ec:ab:1e:3f:b4:ca:
                    62:04:ac:0e:67:7c:8a:dc:7b:ae:90:22:80:2e:1d:
                    43:d7:81:63:5b:6a:0a:f1:99:8a:d3:27:f0:0b:32:
                    05:d9:6d:ae:21:58:68:9d:de:fa:d9:17:da:c7:e6:
                    fe:c9:44:bc:6a:e2:ce:63:e3:74:5f:0e:bf:24:fe:
                    76:74:a0:8b:b9:9c:23:c0:54:da:3b:a1:6c:02:b9:
                    db:19:7a:1a:cf:39:fa:56:63:2d:36:3c:cf:99:47:
                    05:2c:4e:c7:04:64:71:12:82:e5:1f:a2:67:27:fa:
                    a6:ac:f7:d2:f4:ec:1e:1e:78:6e:15:9e:bc:4d:ea:
                    e7:fe:6a:ed:9b:68:25:e3:dc:33:f9:ee:74:84:a0:
                    8f:73:53:4d:1b:ca:a2:a7:38:0b:51:c2:59:21:cd:
                    22:25:e0:21:b8:dc:57:98:04:5f:c0:1c:f6:ff:c6:
                    d3:9d:83:bc:0e:b0:33:08:d4:96:63:1a:fb:c7:2a:
                    74:10:e4:84:62:e0:f3:7c:ed:6a:3b:3c:59:06:54:
                    16:e7:7c:1c:72:86:29:07:11:b1:74:1c:5f:dd:c4:
                    6b:5c:6d:4d:a5:57:93:82:87:47:f9:91:9e:61:62:
                    da:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                42:8A:F2:A1:36:C0:8E:96:4E:A5:E3:31:CB:E9:B8:A4:AF:7C:04:A2
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/QoryoTbAjpZOpeMxy-m4pK98BKI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:24::/46

    Signature Algorithm: sha256WithRSAEncryption
         77:4f:25:04:fe:81:5a:9a:bc:0f:39:d2:d1:d0:40:df:8d:c4:
         90:b3:20:fd:4f:f4:4a:ee:7c:4e:12:72:1a:eb:da:6f:d1:c1:
         96:47:06:c9:ac:c8:55:aa:20:c5:20:39:d0:93:8a:1f:35:ce:
         93:51:a0:bb:14:74:d5:3a:c4:8d:3b:94:7a:0d:ed:17:eb:cc:
         27:c1:20:5b:40:75:2c:42:47:a2:8c:80:7b:3a:89:08:c3:fe:
         d3:7e:cd:26:68:5a:6d:e2:79:b9:d3:25:94:32:62:66:ff:8b:
         79:a8:3c:17:37:1b:56:e9:05:ea:1a:b7:89:0f:92:eb:2a:fa:
         ae:34:0b:18:8a:85:14:41:44:94:09:a8:61:93:ee:ef:39:d1:
         02:b4:91:de:fd:85:82:d2:41:be:45:86:a3:da:1e:e7:a3:aa:
         8c:0d:d5:16:33:05:c3:15:2f:5a:c0:fd:83:5f:47:a5:4e:d7:
         7c:41:55:12:f1:3e:15:fd:24:7b:1a:b6:20:b5:45:f9:98:0f:
         8c:08:aa:3e:34:82:ce:96:b4:e3:0c:5e:de:04:01:d2:8f:9b:
         91:87:ed:45:ab:21:0e:9c:d9:e5:f0:71:2f:6e:69:13:7f:f1:
         5f:bf:00:ff:bd:59:8d:30:7a:2b:c3:c7:35:2d:9b:9b:3d:7a:
         b3:b4:b7:48
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZkkdc0uXNvShNCax4dDv1BDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwOTA3MTM1NTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MjhhZjJhMTM2YzA4ZTk2NGVhNWUzMzFjYmU5YjhhNGFmN2MwNGEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQSIuAae+DWq1TNugc+khcfkEFn4
3Jbsqx4/tMpiBKwOZ3yK3HuukCKALh1D14FjW2oK8ZmK0yfwCzIF2W2uIVhond76
2Rfax+b+yUS8auLOY+N0Xw6/JP52dKCLuZwjwFTaO6FsArnbGXoazzn6VmMtNjzP
mUcFLE7HBGRxEoLlH6JnJ/qmrPfS9OweHnhuFZ68Tern/mrtm2gl49wz+e50hKCP
c1NNG8qipzgLUcJZIc0iJeAhuNxXmARfwBz2/8bTnYO8DrAzCNSWYxr7xyp0EOSE
YuDzfO1qOzxZBlQW53wccoYpBxGxdBxf3cRrXG1NpVeTgodH+ZGeYWLaiQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFEKK8qE2wI6WTqXjMcvpuKSvfASiMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvUW9yeW9UYkFqcFpPcGVNeHktbTRwSzk4QktJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg+yQAAk
MA0GCSqGSIb3DQEBCwUAA4IBAQB3TyUE/oFamrwPOdLR0EDfjcSQsyD9T/RK7nxO
EnIa69pv0cGWRwbJrMhVqiDFIDnQk4ofNc6TUaC7FHTVOsSNO5R6De0X68wnwSBb
QHUsQkeijIB7OokIw/7Tfs0maFpt4nm50yWUMmJm/4t5qDwXNxtW6QXqGreJD5Lr
KvquNAsYioUUQUSUCahhk+7vOdECtJHe/YWC0kG+RYaj2h7no6qMDdUWMwXDFS9a
wP2DX0elTtd8QVUS8T4V/SR7GrYgtUX5mA+MCKo+NILOlrTjDF7eBAHSj5uRh+1F
qyEOnNnl8HEvbmkTf/FfvwD/vVmNMHorw8c1LZubPXqztLdI
-----END CERTIFICATE-----