Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/dDRcr9HC992IiulrI0QroygPXVc.roa
File:                     dDRcr9HC992IiulrI0QroygPXVc.roa (raw, json)
Hash identifier:          LTdfvB5os0fjAgjpNSwMsBcnjgOHTyKmAgnL8UXxrXY=
Subject key identifier:   74:34:5C:AF:D1:C2:F7:DD:88:8A:E9:6B:23:44:2B:A3:28:0F:5D:57
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199FB24879EDEDFC768D086E3BECC5A2035
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/dDRcr9HC992IiulrI0QroygPXVc.roa
Signing time:             Sun 19 Oct 2025 06:24:59 +0000
ROA not before:           Sun 19 Oct 2025 06:24:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25957
IP address blocks:        2a0f:b240:5a00::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:fb:24:87:9e:de:df:c7:68:d0:86:e3:be:cc:5a:20:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 19 06:24:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74345cafd1c2f7dd888ae96b23442ba3280f5d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:35:1c:78:01:98:aa:ec:05:63:de:2f:ce:ca:
                    8d:44:f8:b6:6a:3f:46:97:2c:d9:97:8d:19:7a:06:
                    47:67:00:50:9f:64:d8:3a:cb:db:d0:ec:67:65:05:
                    a1:0b:6b:c5:ee:2f:37:76:33:10:6a:71:2d:c1:74:
                    03:67:8a:1d:03:2a:1e:0f:a0:1d:bf:54:db:ae:4d:
                    5e:ce:53:32:f7:c1:5d:f8:26:6d:8b:1e:2b:aa:e9:
                    9c:e8:f3:28:01:ce:c1:97:41:61:4b:97:54:9c:91:
                    5c:f5:bc:64:a3:67:5a:f7:fd:f3:e5:cf:01:ae:42:
                    66:26:29:6f:b4:9c:bc:4c:4d:70:a7:8c:b4:d3:62:
                    19:86:47:1a:49:10:f1:61:f3:d6:8b:90:ff:13:8d:
                    23:62:56:20:29:3c:c4:d3:07:44:ae:5a:35:a1:71:
                    02:67:02:71:d4:30:09:ae:00:7c:8f:cd:9c:82:22:
                    6f:e4:38:50:36:06:9c:22:4c:6d:07:03:48:cc:2f:
                    d1:50:65:72:9c:b9:5b:e5:18:a2:0a:37:ce:c5:9b:
                    54:cb:04:a5:87:7f:fd:1f:16:50:23:43:46:70:8b:
                    ca:70:12:7b:cc:d5:68:25:64:63:ff:c4:ef:0d:e1:
                    13:10:94:7f:c6:57:d1:1c:3d:cb:a4:38:76:ef:a1:
                    7a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:34:5C:AF:D1:C2:F7:DD:88:8A:E9:6B:23:44:2B:A3:28:0F:5D:57
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/dDRcr9HC992IiulrI0QroygPXVc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:5a00::/40

    Signature Algorithm: sha256WithRSAEncryption
         1e:6c:7e:38:ef:f5:41:05:1b:f4:f2:dc:a3:9c:4d:a7:e3:de:
         3a:e5:c1:03:96:a6:2c:f8:f0:7b:fb:d6:09:4e:98:1a:5f:da:
         7a:c1:20:ed:92:de:a3:9d:25:2c:db:91:dd:32:38:71:0b:89:
         fb:ed:5f:ac:bd:e9:86:2f:12:e6:3e:6e:6b:dd:7b:9c:c4:0f:
         dc:d7:dc:20:86:e8:d2:39:4c:2a:4b:0f:58:22:af:93:3b:22:
         1b:e4:b6:1c:03:58:9e:c3:ba:0b:4a:9f:05:b6:5f:70:ff:6a:
         89:3d:b6:94:f7:c8:f4:42:ca:3a:2b:94:a2:f4:c4:26:6b:85:
         58:e5:ff:bc:fd:d6:6c:1e:f1:3a:c8:6f:82:85:e7:2c:77:8f:
         55:a6:d6:61:e7:c7:a5:93:89:d6:93:7d:cb:eb:4d:55:11:c3:
         60:98:0b:72:15:36:8e:ad:00:02:23:c9:a9:88:2d:f7:be:f8:
         3f:1c:3e:dd:a4:8b:24:bb:8a:22:ab:40:10:61:70:d1:e3:89:
         7c:04:19:d9:a2:eb:5e:dd:ba:34:66:04:53:5b:3c:6f:17:a5:
         5b:fb:da:41:87:ec:d6:7c:f4:e0:c7:7f:df:1b:10:ec:3a:32:
         7c:a1:58:19:86:11:0a:b9:34:75:a4:d9:d3:29:ac:97:53:1e:
         9c:fb:b3:69
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZn7JIee3t/HaNCG477MWiA1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDE5MDYyNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDM0NWNhZmQxYzJmN2RkODg4YWU5NmIyMzQ0MmJhMzI4MGY1ZDU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDUceAGYquwFY94vzsqNRPi2aj9G
lyzZl40ZegZHZwBQn2TYOsvb0OxnZQWhC2vF7i83djMQanEtwXQDZ4odAyoeD6Ad
v1Tbrk1ezlMy98Fd+CZtix4rqumc6PMoAc7Bl0FhS5dUnJFc9bxko2da9/3z5c8B
rkJmJilvtJy8TE1wp4y002IZhkcaSRDxYfPWi5D/E40jYlYgKTzE0wdErlo1oXEC
ZwJx1DAJrgB8j82cgiJv5DhQNgacIkxtBwNIzC/RUGVynLlb5RiiCjfOxZtUywSl
h3/9HxZQI0NGcIvKcBJ7zNVoJWRj/8TvDeETEJR/xlfRHD3LpDh276F6FQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHQ0XK/RwvfdiIrpayNEK6MoD11XMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvZERSY3I5SEM5OTJJaXVsckkwUXJveWdQWFZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQFow
DQYJKoZIhvcNAQELBQADggEBAB5sfjjv9UEFG/Ty3KOcTafj3jrlwQOWpiz48Hv7
1glOmBpf2nrBIO2S3qOdJSzbkd0yOHELifvtX6y96YYvEuY+bmvde5zED9zX3CCG
6NI5TCpLD1gir5M7IhvkthwDWJ7DugtKnwW2X3D/aok9tpT3yPRCyjorlKL0xCZr
hVjl/7z91mwe8TrIb4KF5yx3j1Wm1mHnx6WTidaTfcvrTVURw2CYC3IVNo6tAAIj
yamILfe++D8cPt2kiyS7iiKrQBBhcNHjiXwEGdmi617dujRmBFNbPG8XpVv72kGH
7NZ89ODHf98bEOw6MnyhWBmGEQq5NHWk2dMprJdTHpz7s2k=
-----END CERTIFICATE-----