Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ml5IDkL2vbbQX5TdX4lxRB-mwlw.roa
File:                     ml5IDkL2vbbQX5TdX4lxRB-mwlw.roa (raw, json)
Hash identifier:          3s5PEM9EhXCR28UqO8Kf/VZJbMRHEJWggGbtGVzHmW4=
Subject key identifier:   9A:5E:48:0E:42:F6:BD:B6:D0:5F:94:DD:5F:89:71:44:1F:A6:C2:5C
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199A5AC6557BB03AC5A2C4FEF41881302E7
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ml5IDkL2vbbQX5TdX4lxRB-mwlw.roa
Signing time:             Thu 02 Oct 2025 16:06:02 +0000
ROA not before:           Thu 02 Oct 2025 16:06:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     833
IP address blocks:        2a0f:b240:100::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:a5:ac:65:57:bb:03:ac:5a:2c:4f:ef:41:88:13:02:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  2 16:06:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a5e480e42f6bdb6d05f94dd5f8971441fa6c25c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6d:89:b1:9f:ee:41:28:57:60:ee:65:23:88:
                    bf:46:89:1d:ff:4f:4f:bf:33:d3:8a:62:e4:df:94:
                    da:49:2b:c1:a3:95:23:33:c8:e8:bb:73:53:81:0f:
                    16:5c:ae:dc:86:26:48:42:44:57:5b:70:d4:97:2d:
                    83:68:8a:8b:32:f0:4a:74:fa:d5:cd:24:b9:06:e0:
                    d2:6e:e0:da:aa:88:05:b9:42:30:7b:0f:07:7b:26:
                    71:26:d0:70:ef:a9:12:7f:7c:a4:45:dd:19:3d:ae:
                    be:45:79:8b:ab:89:24:d3:1a:fa:45:50:18:80:8a:
                    d5:aa:72:1d:df:aa:f5:0a:4e:6f:8a:83:bd:11:d5:
                    fe:0e:61:18:42:e0:c8:d2:1e:1f:f1:6b:76:87:81:
                    56:df:4b:49:81:c2:e5:d6:fe:06:6e:68:83:48:4e:
                    3d:ac:b4:63:ec:d3:95:d7:19:0e:11:63:75:38:83:
                    9e:57:12:94:49:cc:f3:71:5c:a3:ba:17:e4:c1:db:
                    15:40:5d:a5:67:fd:e7:b4:9e:28:6d:ce:a7:bd:8c:
                    aa:b1:09:70:da:91:30:66:2d:7c:f2:da:56:20:70:
                    d0:a7:ce:00:93:05:15:93:83:ff:e8:e0:b6:90:ff:
                    56:fb:be:dc:28:32:99:98:d5:db:0b:df:29:8b:1e:
                    5c:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:5E:48:0E:42:F6:BD:B6:D0:5F:94:DD:5F:89:71:44:1F:A6:C2:5C
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/ml5IDkL2vbbQX5TdX4lxRB-mwlw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:100::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:13:a3:39:d4:df:e5:30:42:82:dd:df:eb:ab:11:1d:fb:24:
         bf:41:35:c5:d0:78:d6:37:26:ad:51:26:ce:c9:fa:8a:70:ca:
         0f:ee:90:38:03:8c:3d:95:96:c7:95:44:61:ad:b1:3a:d9:0e:
         4e:35:51:af:ff:bf:ae:4c:d2:b4:34:d3:53:06:b5:27:05:d7:
         33:2c:a0:fd:4e:0d:16:1e:07:12:6d:3a:85:ba:f8:8f:f6:92:
         b4:22:c4:ca:9f:97:6c:22:0b:bc:81:84:61:70:80:b1:a9:c4:
         de:82:e9:43:8a:80:05:03:95:e3:56:a3:9f:34:36:80:22:db:
         11:be:5b:4a:95:8d:3d:e9:09:d5:62:2c:c7:07:af:37:9d:62:
         1e:81:7d:46:cc:a8:62:5e:af:04:ec:07:b3:64:a2:ac:2b:6e:
         41:23:fa:57:1f:7c:cd:9a:ea:4e:e2:bd:aa:29:dc:d7:3b:12:
         2b:b4:22:9d:f6:cc:26:e5:20:26:81:90:51:07:8e:4c:2a:9d:
         ba:e6:24:13:e0:f6:d1:1a:f2:00:71:3b:af:ec:1c:f1:a9:40:
         92:5b:a1:9e:b5:8e:a5:4e:50:3d:98:44:f2:70:35:54:4a:7c:
         16:e2:1a:0f:17:cf:79:c5:91:6d:46:10:7d:8b:1d:97:cb:2d:
         e2:4f:7a:82
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmlrGVXuwOsWixP70GIEwLnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAyMTYwNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTVlNDgwZTQyZjZiZGI2ZDA1Zjk0ZGQ1Zjg5NzE0NDFmYTZjMjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwW2JsZ/uQShXYO5lI4i/Rokd/09P
vzPTimLk35TaSSvBo5UjM8jou3NTgQ8WXK7chiZIQkRXW3DUly2DaIqLMvBKdPrV
zSS5BuDSbuDaqogFuUIwew8HeyZxJtBw76kSf3ykRd0ZPa6+RXmLq4kk0xr6RVAY
gIrVqnId36r1Ck5vioO9EdX+DmEYQuDI0h4f8Wt2h4FW30tJgcLl1v4GbmiDSE49
rLRj7NOV1xkOEWN1OIOeVxKUSczzcVyjuhfkwdsVQF2lZ/3ntJ4obc6nvYyqsQlw
2pEwZi188tpWIHDQp84AkwUVk4P/6OC2kP9W+77cKDKZmNXbC98pix5cnQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJpeSA5C9r220F+U3V+JcUQfpsJcMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvbWw1SURrTDJ2YmJRWDVUZFg0bHhSQi1td2x3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQAEw
DQYJKoZIhvcNAQELBQADggEBADMToznU3+UwQoLd3+urER37JL9BNcXQeNY3Jq1R
Js7J+opwyg/ukDgDjD2VlseVRGGtsTrZDk41Ua//v65M0rQ001MGtScF1zMsoP1O
DRYeBxJtOoW6+I/2krQixMqfl2wiC7yBhGFwgLGpxN6C6UOKgAUDleNWo580NoAi
2xG+W0qVjT3pCdViLMcHrzedYh6BfUbMqGJerwTsB7NkoqwrbkEj+lcffM2a6k7i
vaop3Nc7Eiu0Ip32zCblICaBkFEHjkwqnbrmJBPg9tEa8gBxO6/sHPGpQJJboZ61
jqVOUD2YRPJwNVRKfBbiGg8Xz3nFkW1GEH2LHZfLLeJPeoI=
-----END CERTIFICATE-----