Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/TlbdjcrtSMLZn4NCLhu_TZC0HaM.roa
File:                     TlbdjcrtSMLZn4NCLhu_TZC0HaM.roa (raw, json)
Hash identifier:          +pUMeHVSsUXRwyWlMfpKSJVsk8Shsznwkrshr7StZJw=
Subject key identifier:   4E:56:DD:8D:CA:ED:48:C2:D9:9F:83:42:2E:1B:BF:4D:90:B4:1D:A3
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199A4EE1DD8945A3F18AFF890D6F0B6B85C
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/TlbdjcrtSMLZn4NCLhu_TZC0HaM.roa
Signing time:             Thu 02 Oct 2025 12:38:12 +0000
ROA not before:           Thu 02 Oct 2025 12:38:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203069
IP address blocks:        2a0f:b240:b00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a4:ee:1d:d8:94:5a:3f:18:af:f8:90:d6:f0:b6:b8:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  2 12:38:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e56dd8dcaed48c2d99f83422e1bbf4d90b41da3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:be:40:ed:b1:ed:e5:d0:3f:e4:02:07:ca:a9:
                    59:87:35:e7:47:67:8f:05:02:13:c0:75:6c:7a:da:
                    3e:05:9b:5a:36:57:24:38:f7:27:bc:25:d2:8d:98:
                    d9:bc:46:f0:6c:35:80:d1:ef:c7:0a:ff:45:b3:1c:
                    64:6b:52:1b:1d:53:12:9e:dd:59:08:a4:39:e4:2c:
                    50:bb:5d:f5:3c:ec:cd:ff:4f:18:bd:0a:b0:fd:53:
                    66:ee:2b:2c:e5:5f:1c:ba:2b:2a:ca:9e:1b:f9:d6:
                    23:09:a5:54:f6:87:4f:01:cb:10:13:ae:8a:49:b6:
                    72:86:c6:7e:a5:7b:7e:63:ac:e9:58:52:07:b2:ec:
                    46:29:87:1b:6f:8f:10:db:23:74:3a:6c:ab:80:b7:
                    0f:3b:39:9a:35:d1:12:76:45:a7:1b:60:31:69:2f:
                    14:6d:74:dd:8b:18:f3:d9:6f:c8:fc:78:de:d2:75:
                    86:2d:af:6b:2a:ff:01:4e:d3:30:06:da:bd:ed:1d:
                    5f:3b:5e:bd:da:8b:da:3b:93:52:36:d4:e6:5c:9e:
                    0f:42:78:8f:7c:19:39:b8:ee:b6:7b:92:e4:9f:aa:
                    b5:ef:33:25:1f:7f:6b:cf:bd:99:7b:c3:85:65:8e:
                    5f:03:ba:04:50:1c:b9:be:4e:4d:72:9c:33:7f:91:
                    ca:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:56:DD:8D:CA:ED:48:C2:D9:9F:83:42:2E:1B:BF:4D:90:B4:1D:A3
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/TlbdjcrtSMLZn4NCLhu_TZC0HaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:b00::/40

    Signature Algorithm: sha256WithRSAEncryption
         8c:fb:6b:5d:83:9f:df:4a:6a:ab:6b:75:cb:10:ff:8a:77:cb:
         1e:92:eb:6a:05:20:1c:63:57:1b:ae:41:4b:18:d2:1b:fd:35:
         26:2b:b4:a3:67:36:50:67:cd:96:6b:63:eb:81:d9:6b:42:18:
         bd:ed:8d:ca:f2:45:8c:aa:25:69:f6:14:2c:ca:9e:06:18:08:
         6a:44:0f:be:11:c9:93:dc:eb:43:ab:7b:76:1b:bd:39:72:38:
         91:a0:30:12:17:87:f8:a4:9f:c9:28:75:61:3a:4b:e5:51:d7:
         03:cb:80:33:98:6f:99:49:53:95:89:db:55:6c:5b:73:b9:66:
         20:b6:ec:b5:87:2b:ee:ff:07:cc:08:43:4d:d2:77:81:f0:dc:
         78:3b:f1:e2:a4:58:90:99:6a:75:00:31:c3:43:ad:a4:d4:da:
         5b:1f:fa:50:1c:d7:03:9b:2a:87:81:de:a5:a5:e4:73:e9:6e:
         c2:26:7b:52:c6:da:10:e9:38:31:a4:16:83:04:38:f6:db:3c:
         e1:38:f0:f5:32:d2:fd:7a:48:e2:68:91:e5:0c:8a:84:b1:14:
         f4:21:c2:90:bc:48:1e:16:78:84:a6:6d:74:5f:36:72:d6:2e:
         f8:e4:3e:fd:62:e1:a9:2b:25:51:8b:dd:ee:ad:b3:73:c6:9e:
         52:b1:59:86
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmk7h3YlFo/GK/4kNbwtrhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAyMTIzODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTU2ZGQ4ZGNhZWQ0OGMyZDk5ZjgzNDIyZTFiYmY0ZDkwYjQxZGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnb5A7bHt5dA/5AIHyqlZhzXnR2eP
BQITwHVseto+BZtaNlckOPcnvCXSjZjZvEbwbDWA0e/HCv9Fsxxka1IbHVMSnt1Z
CKQ55CxQu131POzN/08YvQqw/VNm7iss5V8cuisqyp4b+dYjCaVU9odPAcsQE66K
SbZyhsZ+pXt+Y6zpWFIHsuxGKYcbb48Q2yN0OmyrgLcPOzmaNdESdkWnG2AxaS8U
bXTdixjz2W/I/Hje0nWGLa9rKv8BTtMwBtq97R1fO1692ovaO5NSNtTmXJ4PQniP
fBk5uO62e5Lkn6q17zMlH39rz72Ze8OFZY5fA7oEUBy5vk5Ncpwzf5HKfQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFE5W3Y3K7UjC2Z+DQi4bv02QtB2jMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvVGxiZGpjcnRTTUxabjROQ0xodV9UWkMwSGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQAsw
DQYJKoZIhvcNAQELBQADggEBAIz7a12Dn99KaqtrdcsQ/4p3yx6S62oFIBxjVxuu
QUsY0hv9NSYrtKNnNlBnzZZrY+uB2WtCGL3tjcryRYyqJWn2FCzKngYYCGpED74R
yZPc60Ore3YbvTlyOJGgMBIXh/ikn8kodWE6S+VR1wPLgDOYb5lJU5WJ21VsW3O5
ZiC27LWHK+7/B8wIQ03Sd4Hw3Hg78eKkWJCZanUAMcNDraTU2lsf+lAc1wObKoeB
3qWl5HPpbsIme1LG2hDpODGkFoMEOPbbPOE48PUy0v16SOJokeUMioSxFPQhwpC8
SB4WeISmbXRfNnLWLvjkPv1i4akrJVGL3e6ts3PGnlKxWYY=
-----END CERTIFICATE-----