Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/gvvUb8GoblkYQvWEB-L7qFnaXWQ.roa
File:                     gvvUb8GoblkYQvWEB-L7qFnaXWQ.roa (raw, json)
Hash identifier:          UFAUsv1ar2S4/uOdfl7Hwn1XwzTEcdx04ej8thSyybc=
Subject key identifier:   82:FB:D4:6F:C1:A8:6E:59:18:42:F5:84:07:E2:FB:A8:59:DA:5D:64
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199A1D8C8243E7B2FEEB55070BE83AADFA1
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/gvvUb8GoblkYQvWEB-L7qFnaXWQ.roa
Signing time:             Wed 01 Oct 2025 22:16:02 +0000
ROA not before:           Wed 01 Oct 2025 22:16:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205398
IP address blocks:        2a0f:b240:200::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a1:d8:c8:24:3e:7b:2f:ee:b5:50:70:be:83:aa:df:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  1 22:16:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=82fbd46fc1a86e591842f58407e2fba859da5d64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:fb:c1:98:e9:a8:62:0e:a5:3a:c0:52:90:ef:
                    e3:1d:ca:eb:fb:2c:ba:95:76:f3:05:f2:34:c7:c6:
                    10:9f:15:6e:f1:5e:67:02:d6:45:19:6a:a2:c5:8c:
                    b9:49:9a:9e:1f:99:2b:a8:b1:f6:b1:b8:ef:a2:c7:
                    2f:f2:7d:21:e6:0b:75:a5:e9:b9:2f:66:4e:60:67:
                    51:3e:7d:f0:6f:a8:91:df:fb:e9:af:17:02:bc:38:
                    7b:4e:79:c2:8a:7a:cc:67:fd:2c:16:48:9c:38:9f:
                    4b:07:5a:f2:e6:d4:d4:f0:05:25:62:2f:8b:08:07:
                    76:d5:02:96:52:6a:5c:51:25:c2:69:ab:cd:7b:b8:
                    a6:77:c4:f3:6e:c3:ec:a0:f0:e2:bb:95:e7:dc:f8:
                    ac:5e:12:d7:6a:16:a9:94:06:a5:8e:a7:bf:1d:d6:
                    60:2c:70:06:f9:06:0f:05:61:b7:a9:0a:4e:17:14:
                    1c:12:a0:d6:90:dd:dc:0d:15:e1:c1:ad:b0:e3:74:
                    5f:bf:90:da:bb:4f:e7:d3:e2:3f:76:76:ab:b3:6d:
                    8d:0e:79:82:98:71:b8:58:bf:63:8e:bb:38:4e:2d:
                    5c:42:2c:8c:ad:4e:d2:9f:c5:b7:57:83:f2:ea:fe:
                    71:66:02:36:03:56:b1:78:a1:7a:51:0b:c9:c9:eb:
                    8d:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:FB:D4:6F:C1:A8:6E:59:18:42:F5:84:07:E2:FB:A8:59:DA:5D:64
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/gvvUb8GoblkYQvWEB-L7qFnaXWQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:90:e9:24:f6:2b:57:bc:74:00:80:cd:c2:a2:b0:33:fd:8a:
         75:17:c6:47:69:d9:37:55:57:02:ef:ce:91:43:e1:82:01:82:
         be:af:e0:ba:1f:e8:94:8f:81:a9:28:1c:3e:33:8e:fa:8b:a4:
         e3:8a:50:32:6d:3e:1e:c1:58:88:58:54:af:6d:29:3f:d0:a5:
         57:48:77:86:fe:5f:82:75:74:a4:de:4f:af:46:fe:f0:36:c2:
         bf:1a:45:de:53:d3:af:fe:20:c8:fa:b3:17:ac:14:db:1b:65:
         73:f6:d0:e2:6d:8a:9d:7a:1a:a5:92:62:05:72:b1:0b:e8:82:
         ec:4d:6b:be:d4:25:01:4b:76:43:01:10:1f:71:47:ac:49:17:
         cd:f1:69:55:1f:7d:09:60:16:a1:ff:f9:db:3f:70:6d:80:3b:
         c2:48:b9:cf:d4:3b:82:f5:16:23:c3:e3:bf:e2:37:6f:5d:8f:
         df:94:aa:ae:58:1e:ed:61:85:41:fc:40:16:14:bd:c5:bc:3d:
         27:60:15:5d:e6:9f:c0:db:0e:f0:da:82:6e:f2:95:ec:ca:ba:
         22:6b:cc:a6:a8:c1:54:09:f0:f7:c3:54:62:05:29:83:38:0a:
         46:38:8e:bc:8f:54:95:21:46:fc:18:8d:c6:41:4e:13:0d:4f:
         b2:79:d7:29
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmh2MgkPnsv7rVQcL6Dqt+hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAxMjIxNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MmZiZDQ2ZmMxYTg2ZTU5MTg0MmY1ODQwN2UyZmJhODU5ZGE1ZDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr/vBmOmoYg6lOsBSkO/jHcrr+yy6
lXbzBfI0x8YQnxVu8V5nAtZFGWqixYy5SZqeH5krqLH2sbjvoscv8n0h5gt1pem5
L2ZOYGdRPn3wb6iR3/vprxcCvDh7TnnCinrMZ/0sFkicOJ9LB1ry5tTU8AUlYi+L
CAd21QKWUmpcUSXCaavNe7imd8TzbsPsoPDiu5Xn3PisXhLXahaplAaljqe/HdZg
LHAG+QYPBWG3qQpOFxQcEqDWkN3cDRXhwa2w43Rfv5Dau0/n0+I/dnars22NDnmC
mHG4WL9jjrs4Ti1cQiyMrU7Sn8W3V4Py6v5xZgI2A1axeKF6UQvJyeuN1QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIL71G/BqG5ZGEL1hAfi+6hZ2l1kMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvZ3Z2VWI4R29ibGtZUXZXRUItTDdxRm5hWFdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQAIw
DQYJKoZIhvcNAQELBQADggEBAHyQ6ST2K1e8dACAzcKisDP9inUXxkdp2TdVVwLv
zpFD4YIBgr6v4Lof6JSPgakoHD4zjvqLpOOKUDJtPh7BWIhYVK9tKT/QpVdId4b+
X4J1dKTeT69G/vA2wr8aRd5T06/+IMj6sxesFNsbZXP20OJtip16GqWSYgVysQvo
guxNa77UJQFLdkMBEB9xR6xJF83xaVUffQlgFqH/+ds/cG2AO8JIuc/UO4L1FiPD
47/iN29dj9+Uqq5YHu1hhUH8QBYUvcW8PSdgFV3mn8DbDvDagm7ylezKuiJrzKao
wVQJ8PfDVGIFKYM4CkY4jryPVJUhRvwYjcZBThMNT7J51yk=
-----END CERTIFICATE-----