Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/uGewJie2iT5hV-2RW8WMI2MpcZM.roa
File:                     uGewJie2iT5hV-2RW8WMI2MpcZM.roa (raw, json)
Hash identifier:          RiffGo3VY50bVaj3ufpaeZg/7iG3Gpqv5JKQttHf/6o=
Subject key identifier:   B8:67:B0:26:27:B6:89:3E:61:57:ED:91:5B:C5:8C:23:63:29:71:93
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199DA2B0B744F8DB66AF399871826BCEF0A
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/uGewJie2iT5hV-2RW8WMI2MpcZM.roa
Signing time:             Sun 12 Oct 2025 20:44:38 +0000
ROA not before:           Sun 12 Oct 2025 20:44:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214980
IP address blocks:        2a0f:b240:6600::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:da:2b:0b:74:4f:8d:b6:6a:f3:99:87:18:26:bc:ef:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 12 20:44:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b867b02627b6893e6157ed915bc58c2363297193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:8d:97:29:81:39:4e:90:e1:ef:2c:a0:86:e1:
                    d0:30:61:c8:a9:10:61:0e:f3:c4:c3:2a:0e:8d:5a:
                    61:f4:98:2e:b8:85:5f:7e:2b:fb:f6:9a:75:ae:84:
                    ec:e7:d3:59:d2:a2:d6:9e:d4:34:38:33:8e:03:b1:
                    f6:85:24:6a:25:97:5b:21:db:06:26:d2:6a:14:a0:
                    96:88:9a:26:6b:31:3d:00:ee:f6:07:08:c6:96:8d:
                    1c:70:7c:80:ab:51:bf:34:62:e9:b7:e7:20:9e:98:
                    26:c8:1c:2f:c1:50:4e:8c:36:fe:99:4a:e9:ae:03:
                    4e:e2:92:d6:7b:2b:a3:16:d4:9c:eb:24:b0:ed:7a:
                    aa:66:08:11:0c:4e:87:7d:96:db:57:9a:c6:65:50:
                    f9:50:11:a0:f5:9d:fd:72:a0:72:8c:dd:e1:0f:d1:
                    b4:3e:dc:00:70:1e:85:75:99:a7:05:8b:45:05:c3:
                    f2:36:0d:60:ef:20:e4:ac:28:8f:50:6b:da:ba:1a:
                    b7:77:08:06:9d:f3:39:e4:8e:f4:44:f1:3e:fd:6f:
                    d0:67:4a:f6:c6:bf:6d:c6:8b:a2:a1:92:60:f4:f2:
                    41:b0:cc:46:f5:4f:d6:b9:58:c2:d0:07:71:f8:c8:
                    f5:02:93:85:05:2f:7a:a7:44:1d:ee:1d:e0:5f:e3:
                    5a:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:67:B0:26:27:B6:89:3E:61:57:ED:91:5B:C5:8C:23:63:29:71:93
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/uGewJie2iT5hV-2RW8WMI2MpcZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:6600::/40

    Signature Algorithm: sha256WithRSAEncryption
         7d:ea:0a:74:0f:c3:66:b8:af:ea:16:bb:d2:b3:94:c4:eb:bc:
         63:5b:ed:30:b3:66:31:91:d8:db:c9:fd:62:4f:7a:bc:95:9e:
         65:38:98:62:e7:40:83:98:77:9f:13:c3:52:97:b5:c0:89:88:
         ae:b9:a1:9a:12:67:2c:78:3c:6f:69:23:ca:37:51:64:bf:c2:
         bc:43:ac:9b:97:e3:06:6f:4a:76:d4:60:28:59:1f:4c:c7:b7:
         07:95:ce:bb:53:02:c2:14:05:4e:06:6f:a6:62:75:d3:7b:8d:
         c7:0d:4f:18:5b:57:1c:7a:a9:31:8b:ae:ca:70:8e:cd:1a:81:
         eb:49:8a:b1:ea:e2:81:fd:42:b2:44:34:4b:6a:c2:0b:c6:5f:
         8d:c9:50:9a:d6:07:94:e2:b6:c7:1f:14:6f:2b:d0:12:ca:cc:
         98:b8:a1:fe:1a:3e:6f:af:94:01:d4:be:02:c8:fc:4f:9c:d9:
         fe:5c:53:7a:69:fb:97:60:11:89:c0:7f:69:32:b5:c0:aa:12:
         2c:3b:33:96:f4:b9:40:52:5e:b7:f8:dc:2b:7c:a2:7d:75:53:
         47:2b:5a:f0:0f:bc:e7:98:9e:df:a3:97:b1:0e:34:2f:3f:99:
         e1:4b:44:29:77:cd:03:6f:dc:d0:d6:c8:82:20:c6:c3:a2:81:
         e2:29:2f:5f
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZnaKwt0T422avOZhxgmvO8KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDEyMjA0NDM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODY3YjAyNjI3YjY4OTNlNjE1N2VkOTE1YmM1OGMyMzYzMjk3MTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5o2XKYE5TpDh7yyghuHQMGHIqRBh
DvPEwyoOjVph9JguuIVffiv79pp1roTs59NZ0qLWntQ0ODOOA7H2hSRqJZdbIdsG
JtJqFKCWiJomazE9AO72BwjGlo0ccHyAq1G/NGLpt+cgnpgmyBwvwVBOjDb+mUrp
rgNO4pLWeyujFtSc6ySw7XqqZggRDE6HfZbbV5rGZVD5UBGg9Z39cqByjN3hD9G0
PtwAcB6FdZmnBYtFBcPyNg1g7yDkrCiPUGvauhq3dwgGnfM55I70RPE+/W/QZ0r2
xr9txouioZJg9PJBsMxG9U/WuVjC0Adx+Mj1ApOFBS96p0Qd7h3gX+Na7wIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFLhnsCYntok+YVftkVvFjCNjKXGTMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvdUdld0ppZTJpVDVoVi0yUlc4V01JMk1wY1pNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQGYw
DQYJKoZIhvcNAQELBQADggEBAH3qCnQPw2a4r+oWu9KzlMTrvGNb7TCzZjGR2NvJ
/WJPeryVnmU4mGLnQIOYd58Tw1KXtcCJiK65oZoSZyx4PG9pI8o3UWS/wrxDrJuX
4wZvSnbUYChZH0zHtweVzrtTAsIUBU4Gb6ZiddN7jccNTxhbVxx6qTGLrspwjs0a
getJirHq4oH9QrJENEtqwgvGX43JUJrWB5TitscfFG8r0BLKzJi4of4aPm+vlAHU
vgLI/E+c2f5cU3pp+5dgEYnAf2kytcCqEiw7M5b0uUBSXrf43Ct8on11U0crWvAP
vOeYnt+jl7EONC8/meFLRCl3zQNv3NDWyIIgxsOigeIpL18=
-----END CERTIFICATE-----