Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RJ2G8BRWxCvFoIcTSFwAjjdC5a8.roa
File:                     RJ2G8BRWxCvFoIcTSFwAjjdC5a8.roa (raw, json)
Hash identifier:          Xj4XpjP0yOcZSevkeobtzHif6gEUjJL1JQj1ZmDgUBI=
Subject key identifier:   44:9D:86:F0:14:56:C4:2B:C5:A0:87:13:48:5C:00:8E:37:42:E5:AF
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199A52EF7D495FB5CF5AEA1916203BEDBF6
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RJ2G8BRWxCvFoIcTSFwAjjdC5a8.roa
Signing time:             Thu 02 Oct 2025 13:49:02 +0000
ROA not before:           Thu 02 Oct 2025 13:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206193
IP address blocks:        2a0f:b240:c00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:2e:f7:d4:95:fb:5c:f5:ae:a1:91:62:03:be:db:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  2 13:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=449d86f01456c42bc5a08713485c008e3742e5af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:d7:30:83:c9:35:74:e7:3c:71:e0:d8:d3:c1:
                    e0:11:b5:db:ba:72:30:7a:f4:82:fb:50:88:f2:fc:
                    38:c1:d1:00:4a:80:c4:4c:21:e5:58:ad:da:9a:97:
                    c0:c4:06:fb:0c:62:70:97:37:85:4d:c3:0e:49:3d:
                    69:72:24:75:79:a6:cb:66:e4:87:c3:93:f5:e8:60:
                    1f:06:6a:ed:32:08:64:d7:95:18:88:cd:2a:ef:4f:
                    7b:57:22:6c:81:5f:5e:84:e6:b0:94:87:d5:18:ad:
                    a6:50:d0:12:45:da:42:ae:d4:cc:96:a5:f5:56:34:
                    7c:fc:49:1c:3a:74:79:65:9c:c3:99:33:d6:4d:b1:
                    fa:60:22:80:59:ee:40:47:d6:ea:54:f6:cd:1a:10:
                    8f:00:dc:6c:ce:68:f7:0c:3f:78:7f:11:5c:21:77:
                    ab:3f:79:fb:4c:93:34:b1:9d:e0:92:b7:8b:12:a6:
                    00:3e:a7:d0:20:c5:26:8d:6d:13:2d:ea:46:25:79:
                    43:d7:0a:3f:c4:b9:47:61:a9:be:29:35:41:9b:ca:
                    b6:8c:ff:fb:4d:25:03:da:68:85:ea:3d:4f:24:2b:
                    21:4c:e6:a5:fb:28:bb:ea:11:7c:a3:cd:7e:e0:a4:
                    bd:7b:84:2d:b1:04:4b:bf:4f:b5:df:8f:6b:15:3f:
                    ff:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:9D:86:F0:14:56:C4:2B:C5:A0:87:13:48:5C:00:8E:37:42:E5:AF
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/RJ2G8BRWxCvFoIcTSFwAjjdC5a8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:c00::/40

    Signature Algorithm: sha256WithRSAEncryption
         2a:8c:88:98:c3:71:0d:c0:ac:b3:0b:c1:6c:76:03:1c:21:1e:
         bc:75:68:0d:20:29:a9:5a:60:21:86:8b:a3:f7:00:eb:c4:02:
         3a:27:cd:ff:91:a8:ee:4c:ae:f5:76:6f:bf:e2:cf:48:ad:00:
         6f:1b:f3:d0:18:65:c3:3c:82:b6:8a:cc:6d:1c:0c:d0:ce:9c:
         75:87:53:ff:dd:62:0c:98:05:95:ce:9b:c9:4d:bd:37:c3:8f:
         d4:88:be:91:2a:60:2e:c4:a6:86:9b:7c:f1:07:7e:0b:bf:ab:
         4e:9c:ee:b9:1e:3b:47:25:2d:f6:57:c9:fb:68:20:1e:6e:fd:
         3e:28:68:d6:3a:55:58:3c:9e:6f:20:23:9b:c7:a6:fb:3a:43:
         a5:83:1f:03:6d:a8:78:e6:05:38:cd:00:49:1d:a0:19:8a:97:
         9a:77:47:1b:55:0c:f8:64:73:0e:eb:1c:49:84:ec:0b:2c:fc:
         99:e5:4d:a9:4f:1c:e2:9f:21:34:3e:6b:d5:58:92:8c:54:51:
         aa:2e:90:bb:57:de:83:52:e8:84:68:c2:22:b4:4a:5f:d6:a0:
         7a:6e:f4:b4:b5:e0:64:84:51:b0:5a:db:78:55:41:4d:aa:5d:
         33:05:fc:03:11:f6:8a:4a:96:5b:dc:f9:36:8b:55:3c:d7:17:
         1d:48:a5:3c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmlLvfUlftc9a6hkWIDvtv2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAyMTM0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDlkODZmMDE0NTZjNDJiYzVhMDg3MTM0ODVjMDA4ZTM3NDJlNWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzdcwg8k1dOc8ceDY08HgEbXbunIw
evSC+1CI8vw4wdEASoDETCHlWK3ampfAxAb7DGJwlzeFTcMOST1pciR1eabLZuSH
w5P16GAfBmrtMghk15UYiM0q7097VyJsgV9ehOawlIfVGK2mUNASRdpCrtTMlqX1
VjR8/EkcOnR5ZZzDmTPWTbH6YCKAWe5AR9bqVPbNGhCPANxszmj3DD94fxFcIXer
P3n7TJM0sZ3gkreLEqYAPqfQIMUmjW0TLepGJXlD1wo/xLlHYam+KTVBm8q2jP/7
TSUD2miF6j1PJCshTOal+yi76hF8o81+4KS9e4QtsQRLv0+1349rFT//VQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFESdhvAUVsQrxaCHE0hcAI43QuWvMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvUkoyRzhCUld4Q3ZGb0ljVFNGd0FqamRDNWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQAww
DQYJKoZIhvcNAQELBQADggEBACqMiJjDcQ3ArLMLwWx2AxwhHrx1aA0gKalaYCGG
i6P3AOvEAjonzf+RqO5MrvV2b7/iz0itAG8b89AYZcM8graKzG0cDNDOnHWHU//d
YgyYBZXOm8lNvTfDj9SIvpEqYC7EpoabfPEHfgu/q06c7rkeO0clLfZXyftoIB5u
/T4oaNY6VVg8nm8gI5vHpvs6Q6WDHwNtqHjmBTjNAEkdoBmKl5p3RxtVDPhkcw7r
HEmE7Ass/JnlTalPHOKfITQ+a9VYkoxUUaoukLtX3oNS6IRowiK0Sl/WoHpu9LS1
4GSEUbBa23hVQU2qXTMF/AMR9opKllvc+TaLVTzXFx1IpTw=
-----END CERTIFICATE-----