Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/hEFMEP_urAc064KAR8JQ4KrPRqY.roa
File:                     hEFMEP_urAc064KAR8JQ4KrPRqY.roa (raw, json)
Hash identifier:          1YkzWaixazhVOxrfmnC6EMtlYGjZzDxiguz7n6QhEJU=
Subject key identifier:   84:41:4C:10:FF:EE:AC:07:34:EB:82:80:47:C2:50:E0:AA:CF:46:A6
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199DED3FB9E23BEF9C7A6799EE5A991BA6F
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/hEFMEP_urAc064KAR8JQ4KrPRqY.roa
Signing time:             Mon 13 Oct 2025 18:27:38 +0000
ROA not before:           Mon 13 Oct 2025 18:27:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197532
IP address blocks:        2a0f:b240:6700::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:d3:fb:9e:23:be:f9:c7:a6:79:9e:e5:a9:91:ba:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 13 18:27:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84414c10ffeeac0734eb828047c250e0aacf46a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:fd:07:c0:51:79:6f:ac:09:c6:a1:6a:3a:4a:
                    2c:bc:70:52:44:32:8f:a8:84:49:f2:74:3f:9c:77:
                    c5:c8:a8:12:e8:1c:5d:fe:4b:49:5a:14:b8:24:e6:
                    a1:f5:fa:a2:94:88:56:2d:95:eb:dc:5b:73:0f:b7:
                    9b:8c:9a:73:15:d4:46:47:12:68:db:7d:6f:f8:da:
                    04:51:25:c8:4c:e5:3c:9e:3c:da:03:88:ec:2c:0e:
                    64:f7:1c:c5:3a:23:64:59:fc:20:c2:14:2c:a4:fc:
                    2e:e8:ca:69:ce:2b:b2:33:d5:f4:5d:1e:e6:80:ac:
                    60:e6:13:2a:5b:f6:cc:a5:2b:44:ef:f6:f1:b0:84:
                    bc:3d:dd:72:8f:bf:15:d3:3b:e4:52:97:46:96:e0:
                    14:13:f4:e9:ec:3b:8b:86:28:b1:4e:4b:08:01:1d:
                    8c:bb:bb:5b:60:39:09:f4:be:8c:e7:65:57:86:f3:
                    5d:4a:0b:67:66:a6:2d:2a:81:84:99:00:59:a9:0d:
                    a1:55:e7:70:f5:8a:58:31:5e:75:95:26:c1:3a:1b:
                    0c:bf:30:5f:2d:c2:1b:6e:79:3d:cf:b1:ba:02:c6:
                    c0:0c:ce:b2:40:53:f4:15:ca:04:75:25:1c:5f:a6:
                    9b:77:37:ae:1e:61:e2:ac:41:5e:06:21:17:7a:f3:
                    ec:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:41:4C:10:FF:EE:AC:07:34:EB:82:80:47:C2:50:E0:AA:CF:46:A6
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/hEFMEP_urAc064KAR8JQ4KrPRqY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:6700::/40

    Signature Algorithm: sha256WithRSAEncryption
         10:80:bc:fd:3c:96:12:3e:80:b6:ff:04:bd:f4:a5:b0:20:37:
         54:94:1a:0d:26:d9:f0:fe:92:28:35:b6:2a:7c:5d:f1:e0:17:
         22:0c:24:78:f2:ac:e4:d5:30:c5:3a:af:4f:5c:99:a2:66:53:
         f7:db:f4:f9:0c:d3:9f:6f:75:ba:30:e6:31:59:2b:f3:26:b4:
         4d:ee:ea:db:b1:79:19:e3:ed:1b:46:51:24:7e:ab:92:bf:23:
         92:df:3c:0f:86:33:ec:ed:54:17:9a:dc:fa:95:ff:9a:8e:d8:
         63:39:d7:aa:20:28:f6:5f:a9:85:c7:4d:bf:29:a7:88:3d:dd:
         81:84:6c:c2:b8:7a:c8:a3:b7:be:a2:50:0c:ab:bd:e9:e9:eb:
         db:01:3d:d8:1a:3e:94:eb:fe:03:f6:e4:92:d3:c6:4a:8d:82:
         86:3b:cd:9f:01:9a:67:87:03:93:be:61:08:46:a8:7d:ad:2b:
         fc:b3:89:fc:13:16:c3:3d:08:25:0a:10:b1:34:43:af:85:e6:
         7c:50:fd:aa:56:a8:b2:26:ad:34:e2:7a:26:f4:88:49:05:07:
         58:94:52:3c:4a:e6:cc:97:f8:57:b7:34:71:1f:41:1c:f8:e7:
         5b:94:f0:24:c2:35:23:79:51:ba:a5:c2:5f:eb:97:f9:4b:d0:
         04:41:36:09
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZne0/ueI775x6Z5nuWpkbpvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDEzMTgyNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQxNGMxMGZmZWVhYzA3MzRlYjgyODA0N2MyNTBlMGFhY2Y0NmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvP0HwFF5b6wJxqFqOkosvHBSRDKP
qIRJ8nQ/nHfFyKgS6Bxd/ktJWhS4JOah9fqilIhWLZXr3FtzD7ebjJpzFdRGRxJo
231v+NoEUSXITOU8njzaA4jsLA5k9xzFOiNkWfwgwhQspPwu6MppziuyM9X0XR7m
gKxg5hMqW/bMpStE7/bxsIS8Pd1yj78V0zvkUpdGluAUE/Tp7DuLhiixTksIAR2M
u7tbYDkJ9L6M52VXhvNdSgtnZqYtKoGEmQBZqQ2hVedw9YpYMV51lSbBOhsMvzBf
LcIbbnk9z7G6AsbADM6yQFP0FcoEdSUcX6abdzeuHmHirEFeBiEXevPs8wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIRBTBD/7qwHNOuCgEfCUOCqz0amMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvaEVGTUVQX3VyQWMwNjRLQVI4SlE0S3JQUnFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQGcw
DQYJKoZIhvcNAQELBQADggEBABCAvP08lhI+gLb/BL30pbAgN1SUGg0m2fD+kig1
tip8XfHgFyIMJHjyrOTVMMU6r09cmaJmU/fb9PkM059vdbow5jFZK/MmtE3u6tux
eRnj7RtGUSR+q5K/I5LfPA+GM+ztVBea3PqV/5qO2GM516ogKPZfqYXHTb8pp4g9
3YGEbMK4esijt76iUAyrvenp69sBPdgaPpTr/gP25JLTxkqNgoY7zZ8BmmeHA5O+
YQhGqH2tK/yzifwTFsM9CCUKELE0Q6+F5nxQ/apWqLImrTTieib0iEkFB1iUUjxK
5syX+Fe3NHEfQRz451uU8CTCNSN5Ubqlwl/rl/lL0ARBNgk=
-----END CERTIFICATE-----