Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Z0FuRe_3oJ_yWcDW6-1F-dZGvm8.roa
File:                     Z0FuRe_3oJ_yWcDW6-1F-dZGvm8.roa (raw, json)
Hash identifier:          xch+qAPR9QzGm1NgKYI8gVA4Qr0GtidJo5DTI17Jweo=
Subject key identifier:   67:41:6E:45:EF:F7:A0:9F:F2:59:C0:D6:EB:ED:45:F9:D6:46:BE:6F
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       01967E7E558D3BA47C435AC466A6B6BE1EF3
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Z0FuRe_3oJ_yWcDW6-1F-dZGvm8.roa
Signing time:             Mon 28 Apr 2025 22:22:10 +0000
ROA not before:           Mon 28 Apr 2025 22:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200708
IP address blocks:        2a0f:b241:5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7e:7e:55:8d:3b:a4:7c:43:5a:c4:66:a6:b6:be:1e:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Apr 28 22:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67416e45eff7a09ff259c0d6ebed45f9d646be6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b4:3b:e8:98:39:5c:da:8a:ac:f4:ba:74:0b:
                    9f:11:a2:1c:e1:15:93:88:d0:64:9a:e7:bb:83:7e:
                    bb:df:68:60:a5:6e:4b:34:ba:27:7d:7a:14:22:75:
                    c7:30:99:78:fe:a8:e7:15:be:ec:87:d8:5b:9e:f1:
                    30:d0:d5:97:68:8a:28:79:ed:9c:7d:63:57:6f:29:
                    2e:61:6b:64:22:15:ca:ef:58:f9:28:34:03:73:bb:
                    fc:53:5e:92:b7:56:3b:10:b1:f0:22:a4:c9:bf:e1:
                    80:12:8f:39:09:fc:fd:b5:48:56:05:86:65:45:b5:
                    1b:c8:81:9d:a5:6b:9f:e4:c1:00:ba:f9:17:2b:3c:
                    95:23:8e:a6:9d:c0:c9:c0:62:53:88:ad:46:06:b8:
                    d1:1d:3a:de:69:cb:19:f8:b3:e2:05:9c:40:dc:9b:
                    fc:a2:0f:c9:4a:e3:04:72:65:bc:09:8e:6e:31:4f:
                    1d:bf:98:66:a5:4f:6e:30:01:26:e6:0b:3e:06:fe:
                    26:5b:c0:d7:c9:32:11:06:26:fe:a5:16:c1:b4:9e:
                    2b:6f:58:65:76:b1:b7:28:48:86:a0:62:0e:71:80:
                    c1:ba:29:d4:37:81:2f:93:02:36:5d:c3:b5:9b:14:
                    3c:60:44:bc:b5:4c:a4:cc:8d:21:71:19:1b:75:47:
                    90:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:41:6E:45:EF:F7:A0:9F:F2:59:C0:D6:EB:ED:45:F9:D6:46:BE:6F
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/Z0FuRe_3oJ_yWcDW6-1F-dZGvm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b241:5::/48

    Signature Algorithm: sha256WithRSAEncryption
         40:f5:be:d1:53:d3:fe:4b:14:aa:1e:37:9d:dd:0d:68:57:35:
         56:28:ce:cd:d6:1d:ac:a7:ab:0e:e2:e4:96:46:8e:57:9a:f0:
         93:da:1f:06:3d:c5:78:3f:89:08:6c:01:67:33:bf:e7:c3:88:
         de:52:21:12:d6:65:ac:61:b2:18:43:2a:0f:2b:e9:f9:60:21:
         f8:55:49:55:08:0e:d0:51:ed:7f:f0:2e:fd:69:00:b2:fc:5e:
         40:88:80:23:be:16:da:7a:f5:2a:f6:62:d6:9f:fe:b3:da:ca:
         f9:4d:5d:2b:34:eb:08:57:0a:45:36:d4:0f:da:a3:2d:13:82:
         58:bf:18:a8:be:d3:6c:e8:3e:f4:73:12:ce:11:b9:ef:05:35:
         bb:ba:80:67:73:d1:85:5b:35:68:6a:1f:87:28:65:1f:bb:ad:
         d4:19:ca:fb:79:d0:9b:4c:d6:a9:6d:48:d8:db:d1:79:9b:cc:
         9e:66:8b:27:f2:fd:cc:c3:29:0d:0c:36:8d:a7:2d:84:61:4e:
         ca:2f:40:c4:35:84:24:c8:0d:a7:54:90:d7:ea:9f:63:1f:96:
         70:6c:5b:2e:37:60:ba:4f:d1:63:e0:05:e8:03:68:3f:e1:24:
         08:97:1b:90:8f:a7:45:ed:2c:47:a9:35:09:e1:f1:ef:c2:e9:
         a1:d0:52:06
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZZ+flWNO6R8Q1rEZqa2vh7zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwNDI4MjIyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQxNmU0NWVmZjdhMDlmZjI1OWMwZDZlYmVkNDVmOWQ2NDZiZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7Q76Jg5XNqKrPS6dAufEaIc4RWT
iNBkmue7g36732hgpW5LNLonfXoUInXHMJl4/qjnFb7sh9hbnvEw0NWXaIooee2c
fWNXbykuYWtkIhXK71j5KDQDc7v8U16St1Y7ELHwIqTJv+GAEo85Cfz9tUhWBYZl
RbUbyIGdpWuf5MEAuvkXKzyVI46mncDJwGJTiK1GBrjRHTreacsZ+LPiBZxA3Jv8
og/JSuMEcmW8CY5uMU8dv5hmpU9uMAEm5gs+Bv4mW8DXyTIRBib+pRbBtJ4rb1hl
drG3KEiGoGIOcYDBuinUN4EvkwI2XcO1mxQ8YES8tUykzI0hcRkbdUeQ4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFGdBbkXv96Cf8lnA1uvtRfnWRr5vMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvWjBGdVJlXzNvSl95V2NEVzYtMUYtZFpHdm04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg+yQQAF
MA0GCSqGSIb3DQEBCwUAA4IBAQBA9b7RU9P+SxSqHjed3Q1oVzVWKM7N1h2sp6sO
4uSWRo5XmvCT2h8GPcV4P4kIbAFnM7/nw4jeUiES1mWsYbIYQyoPK+n5YCH4VUlV
CA7QUe1/8C79aQCy/F5AiIAjvhbaevUq9mLWn/6z2sr5TV0rNOsIVwpFNtQP2qMt
E4JYvxiovtNs6D70cxLOEbnvBTW7uoBnc9GFWzVoah+HKGUfu63UGcr7edCbTNap
bUjY29F5m8yeZosn8v3MwykNDDaNpy2EYU7KL0DENYQkyA2nVJDX6p9jH5ZwbFsu
N2C6T9Fj4AXoA2g/4SQIlxuQj6dF7SxHqTUJ4fHvwumh0FIG
-----END CERTIFICATE-----