Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/VztRSgR4JO7RSubrVnGpnm1PXrw.roa
File:                     VztRSgR4JO7RSubrVnGpnm1PXrw.roa (raw, json)
Hash identifier:          PRDopzAvwBtIMlfiN63nGAqL8UmBfCF3hc9ZYE7ziDg=
Subject key identifier:   57:3B:51:4A:04:78:24:EE:D1:4A:E6:EB:56:71:A9:9E:6D:4F:5E:BC
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199C56DE76BCBC1E64F5E095DCEE34EA03B
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/VztRSgR4JO7RSubrVnGpnm1PXrw.roa
Signing time:             Wed 08 Oct 2025 20:05:38 +0000
ROA not before:           Wed 08 Oct 2025 20:05:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214508
IP address blocks:        2a0f:b240:e00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c5:6d:e7:6b:cb:c1:e6:4f:5e:09:5d:ce:e3:4e:a0:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  8 20:05:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=573b514a047824eed14ae6eb5671a99e6d4f5ebc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:c3:18:8d:f6:61:64:91:c4:7c:0f:31:ee:d2:
                    b9:4c:81:33:83:91:da:c8:46:3e:d2:c3:ea:bb:06:
                    2f:f4:55:8b:2f:48:5e:70:f1:8d:1b:be:a9:ea:1d:
                    14:ae:8b:b7:6e:e5:b5:37:17:e4:ad:18:90:95:d1:
                    49:4b:08:0c:9b:e4:2c:bc:99:ca:04:e7:63:f5:5f:
                    a5:43:83:2d:f2:f8:04:12:0f:3b:70:5c:4b:c0:e8:
                    81:71:e1:6d:2d:27:26:0f:ea:02:8f:10:c7:b1:67:
                    d7:cb:ef:cd:6a:6b:ed:c9:ca:9a:49:c6:82:6b:e7:
                    96:4d:69:57:a5:97:5e:3e:df:e8:fd:b4:dd:62:8c:
                    c6:dd:5e:f7:3c:e9:11:4d:ec:81:01:d2:8d:ac:09:
                    59:e5:62:63:c8:84:92:bc:79:3a:a7:b1:13:08:07:
                    ed:95:54:55:af:dc:88:08:11:08:b8:21:9d:2a:63:
                    9e:aa:8e:d8:da:c7:e5:7a:f3:cc:c6:8d:a9:33:5e:
                    c9:f5:6e:3b:7f:91:13:88:02:8c:4c:93:2a:f8:a1:
                    39:2a:bd:86:8f:13:25:40:35:7b:fe:df:d8:d6:07:
                    24:e3:9d:82:30:4a:3d:d3:b5:71:59:36:50:d7:70:
                    4b:06:a0:60:31:19:96:4d:f8:1d:23:02:96:19:49:
                    5d:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:3B:51:4A:04:78:24:EE:D1:4A:E6:EB:56:71:A9:9E:6D:4F:5E:BC
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/VztRSgR4JO7RSubrVnGpnm1PXrw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:e00::/40

    Signature Algorithm: sha256WithRSAEncryption
         7a:ca:8b:da:eb:5a:aa:2d:9a:f7:85:7d:89:02:51:02:9d:90:
         2b:fc:01:28:db:aa:b0:4b:a1:8a:3d:42:c4:4e:6b:33:1e:3a:
         d5:c8:73:9c:f2:5e:33:87:14:0a:40:24:db:41:82:d2:57:e2:
         34:37:46:e3:3c:56:f8:62:1a:48:c3:cb:71:9f:f7:e4:6e:b1:
         00:d4:b9:91:af:91:dd:87:07:f0:8a:01:45:6d:a0:00:67:7d:
         7c:58:d2:22:bc:07:1f:ae:53:0c:ca:8d:ab:ec:53:60:37:45:
         e7:66:9f:68:7a:93:bf:83:17:a9:2f:6b:84:a8:1f:90:a6:69:
         e1:19:86:a9:0f:c1:8b:5a:63:fd:8c:d0:6f:a7:77:05:ff:56:
         02:dc:40:94:e2:63:98:9b:5a:5e:b3:15:bb:2e:79:18:57:eb:
         44:73:9a:0d:6d:67:8c:e0:ad:73:76:77:c2:a6:39:4f:f7:b4:
         2c:04:e5:4a:1a:cb:a2:fe:ee:39:af:ba:d6:4a:ef:b3:55:0b:
         4d:d4:42:e4:1d:1a:ef:74:8a:27:60:97:6a:55:94:de:f0:5d:
         d9:a3:99:05:c0:fb:bc:4f:b6:c9:f4:c4:d2:38:c8:55:4a:71:
         83:c0:e5:24:24:1b:79:65:5c:19:5b:db:8d:6e:4c:29:2b:73:
         81:24:11:70
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZnFbedry8HmT14JXc7jTqA7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDA4MjAwNTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzNiNTE0YTA0NzgyNGVlZDE0YWU2ZWI1NjcxYTk5ZTZkNGY1ZWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqMMYjfZhZJHEfA8x7tK5TIEzg5Ha
yEY+0sPquwYv9FWLL0hecPGNG76p6h0Urou3buW1NxfkrRiQldFJSwgMm+QsvJnK
BOdj9V+lQ4Mt8vgEEg87cFxLwOiBceFtLScmD+oCjxDHsWfXy+/NamvtycqaScaC
a+eWTWlXpZdePt/o/bTdYozG3V73POkRTeyBAdKNrAlZ5WJjyISSvHk6p7ETCAft
lVRVr9yICBEIuCGdKmOeqo7Y2sflevPMxo2pM17J9W47f5ETiAKMTJMq+KE5Kr2G
jxMlQDV7/t/Y1gck452CMEo907VxWTZQ13BLBqBgMRmWTfgdIwKWGUldoQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFFc7UUoEeCTu0Urm61ZxqZ5tT168MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvVnp0UlNnUjRKTzdSU3ViclZuR3BubTFQWHJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQA4w
DQYJKoZIhvcNAQELBQADggEBAHrKi9rrWqotmveFfYkCUQKdkCv8ASjbqrBLoYo9
QsROazMeOtXIc5zyXjOHFApAJNtBgtJX4jQ3RuM8VvhiGkjDy3Gf9+RusQDUuZGv
kd2HB/CKAUVtoABnfXxY0iK8Bx+uUwzKjavsU2A3Redmn2h6k7+DF6kva4SoH5Cm
aeEZhqkPwYtaY/2M0G+ndwX/VgLcQJTiY5ibWl6zFbsueRhX60Rzmg1tZ4zgrXN2
d8KmOU/3tCwE5Uoay6L+7jmvutZK77NVC03UQuQdGu90iidgl2pVlN7wXdmjmQXA
+7xPtsn0xNI4yFVKcYPA5SQkG3llXBlb241uTCkrc4EkEXA=
-----END CERTIFICATE-----