Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/o30u-7Irz61Z-cbIQqRKrIKKQw4.roa
File:                     o30u-7Irz61Z-cbIQqRKrIKKQw4.roa (raw, json)
Hash identifier:          9jSsXXVYGDBHsHKlCArDQpNSh0mAf9aImbEbJNfwCQo=
Subject key identifier:   A3:7D:2E:FB:B2:2B:CF:AD:59:F9:C6:C8:42:A4:4A:AC:82:8A:43:0E
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199AB9964DE4EC9139B94EF3D21F7C92292
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/o30u-7Irz61Z-cbIQqRKrIKKQw4.roa
Signing time:             Fri 03 Oct 2025 19:43:00 +0000
ROA not before:           Fri 03 Oct 2025 19:43:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211562
IP address blocks:        2a0f:b240:5400::/40 maxlen: 48
                          2a0f:b241:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ab:99:64:de:4e:c9:13:9b:94:ef:3d:21:f7:c9:22:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  3 19:43:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a37d2efbb22bcfad59f9c6c842a44aac828a430e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:9e:29:5d:65:a0:4e:98:0f:6e:de:3f:66:d5:
                    ba:ef:45:81:12:01:dd:5d:46:72:df:db:67:6c:c9:
                    db:c0:47:14:0c:7b:60:be:e4:7e:4f:12:61:40:fe:
                    37:bc:51:85:d0:6e:4c:10:81:24:12:07:13:c3:f2:
                    b9:35:69:22:1d:da:0d:a9:5d:a0:52:a1:12:ab:a8:
                    1d:ab:9f:e1:63:af:a3:ac:da:7d:be:7d:04:e1:7b:
                    e7:86:79:f2:e8:a4:56:55:0e:4e:dd:c9:ab:89:28:
                    a2:73:e8:17:77:9e:f0:99:a4:d0:84:e8:9f:22:93:
                    2e:6c:18:8d:82:81:fc:cb:c1:55:d9:9a:22:0c:88:
                    6b:3e:e9:22:44:0f:31:db:1f:4a:52:1e:36:d4:5f:
                    3d:b5:e5:a5:30:6a:1a:47:62:a0:53:cf:4b:e4:2c:
                    ac:53:ad:6f:76:3f:89:c2:7c:c1:5c:fe:96:4f:89:
                    3d:14:67:0e:65:cb:3c:d7:7e:25:cd:15:57:5b:20:
                    f5:90:ff:09:12:bc:43:1a:68:a3:87:65:69:83:bf:
                    16:a2:28:53:77:da:56:da:5d:ee:1a:13:dd:4f:2e:
                    95:d4:c6:f3:c3:e6:41:6d:c3:d7:1b:ee:1b:dc:49:
                    e4:71:da:5c:e4:f1:d2:6a:f9:bf:d9:c1:91:4f:b4:
                    75:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:7D:2E:FB:B2:2B:CF:AD:59:F9:C6:C8:42:A4:4A:AC:82:8A:43:0E
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/o30u-7Irz61Z-cbIQqRKrIKKQw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:5400::/40
                  2a0f:b241:4::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:5b:5b:85:0d:0d:a7:9c:16:c6:19:ef:90:82:96:17:c2:03:
         35:2e:35:14:e7:af:f0:8d:60:d8:d3:de:a7:ed:81:c2:5b:44:
         1a:fe:fb:00:86:f9:c5:04:c6:b4:94:ff:05:5b:a0:a8:0b:96:
         57:ed:fb:d7:f0:8b:ce:66:df:db:2b:fe:25:e6:7d:50:f8:ee:
         53:8e:eb:d8:5e:bf:a4:2e:8e:fc:7e:90:df:e5:cf:44:f7:82:
         e0:fa:f0:2e:f0:89:d8:42:5c:2f:8e:41:1a:1c:dc:84:a3:16:
         f5:0c:33:c5:ed:5c:05:8e:37:2b:5a:6b:3b:54:30:cf:e6:09:
         9a:c7:32:44:43:b9:65:8e:ef:65:a5:5b:09:4b:ee:a9:f8:22:
         6a:65:a5:4d:a8:c8:56:f3:2e:14:3f:b4:53:57:18:bb:9a:9a:
         3f:b9:9a:36:29:91:fe:96:00:ca:14:a9:f8:c6:16:cf:e5:7b:
         3c:49:1f:71:8e:df:ec:59:86:b0:fb:f6:5f:2a:cf:28:b0:62:
         05:a2:28:19:95:28:b2:07:70:7a:f0:df:32:d0:4a:dd:39:44:
         99:43:2f:b6:ab:93:4c:f9:3a:b6:b8:dd:da:a0:9e:51:36:05:
         51:a2:b4:c8:f1:c9:3f:c1:d5:37:92:0c:1d:08:87:be:12:23:
         7c:ff:e7:51
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZmrmWTeTskTm5TvPSH3ySKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAzMTk0MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzdkMmVmYmIyMmJjZmFkNTlmOWM2Yzg0MmE0NGFhYzgyOGE0MzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Z4pXWWgTpgPbt4/ZtW670WBEgHd
XUZy39tnbMnbwEcUDHtgvuR+TxJhQP43vFGF0G5MEIEkEgcTw/K5NWkiHdoNqV2g
UqESq6gdq5/hY6+jrNp9vn0E4Xvnhnny6KRWVQ5O3cmriSiic+gXd57wmaTQhOif
IpMubBiNgoH8y8FV2ZoiDIhrPukiRA8x2x9KUh421F89teWlMGoaR2KgU89L5Cys
U61vdj+JwnzBXP6WT4k9FGcOZcs8134lzRVXWyD1kP8JErxDGmijh2Vpg78WoihT
d9pW2l3uGhPdTy6V1Mbzw+ZBbcPXG+4b3Enkcdpc5PHSavm/2cGRT7R1kwIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFKN9LvuyK8+tWfnGyEKkSqyCikMOMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvbzMwdS03SXJ6NjFaLWNiSVFxUktySUtLUXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg+yQFQD
BwAqD7JBAAQwDQYJKoZIhvcNAQELBQADggEBAD9bW4UNDaecFsYZ75CClhfCAzUu
NRTnr/CNYNjT3qftgcJbRBr++wCG+cUExrSU/wVboKgLllft+9fwi85m39sr/iXm
fVD47lOO69hev6Qujvx+kN/lz0T3guD68C7widhCXC+OQRoc3ISjFvUMM8XtXAWO
NytaaztUMM/mCZrHMkRDuWWO72WlWwlL7qn4ImplpU2oyFbzLhQ/tFNXGLuamj+5
mjYpkf6WAMoUqfjGFs/lezxJH3GO3+xZhrD79l8qzyiwYgWiKBmVKLIHcHrw3zLQ
St05RJlDL7ark0z5Ora43dqgnlE2BVGitMjxyT/B1TeSDB0Ih74SI3z/51E=
-----END CERTIFICATE-----