Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/xHIWZrdbAZ1NIGdFmsPL_SKZum8.roa
File:                     xHIWZrdbAZ1NIGdFmsPL_SKZum8.roa (raw, json)
Hash identifier:          qhFryyDbELvZswqtrZ8zPlYcuEESLdqBFtPKPqwHRkE=
Subject key identifier:   C4:72:16:66:B7:5B:01:9D:4D:20:67:45:9A:C3:CB:FD:22:99:BA:6F
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019A009161AB9D9B59E0824F0B87694A4FE2
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/xHIWZrdbAZ1NIGdFmsPL_SKZum8.roa
Signing time:             Mon 20 Oct 2025 07:41:58 +0000
ROA not before:           Mon 20 Oct 2025 07:41:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215153
IP address blocks:        2a0f:b240:7400::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 18:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:00:91:61:ab:9d:9b:59:e0:82:4f:0b:87:69:4a:4f:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 20 07:41:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c4721666b75b019d4d2067459ac3cbfd2299ba6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:5b:6c:02:d0:6c:fa:93:53:ca:86:39:fb:20:
                    ee:c5:38:40:40:09:c5:e8:1b:a2:b6:68:b9:9b:91:
                    6b:17:98:5c:22:8a:09:f9:18:95:5d:7b:27:c7:2b:
                    6f:a4:2e:74:b0:bb:bb:bb:53:59:9e:49:b4:e6:c4:
                    f5:d6:20:44:7e:21:80:b6:95:56:f4:1b:8a:c3:ee:
                    f4:ed:91:41:8a:e0:77:ad:05:53:a1:9f:39:d7:99:
                    58:dc:e7:64:c7:dd:b2:1a:60:46:de:59:5a:71:c2:
                    b5:f0:35:cd:60:a1:dd:61:06:1c:5b:55:c7:8b:c3:
                    13:bb:ae:eb:c1:e5:2e:26:96:40:7e:89:1f:e2:81:
                    6f:fb:87:2a:32:ef:c2:87:ad:e0:21:67:b0:98:4d:
                    4b:86:0a:78:06:9e:de:cc:a0:2f:0c:3d:dd:3d:6c:
                    a9:73:f6:56:ca:25:45:89:86:0b:37:74:a4:c7:17:
                    20:ec:dd:ce:f7:ce:dd:5f:66:9f:75:29:90:16:de:
                    bc:76:27:1e:23:27:cb:ca:d8:14:b3:11:f5:f5:8c:
                    01:cf:cf:36:10:0b:75:b0:7f:63:74:56:19:ab:9e:
                    30:82:24:eb:a3:6f:7c:ce:87:2f:af:18:64:cb:2d:
                    30:19:57:40:85:84:ce:fb:ee:cb:46:f6:e1:d6:af:
                    dc:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:72:16:66:B7:5B:01:9D:4D:20:67:45:9A:C3:CB:FD:22:99:BA:6F
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/xHIWZrdbAZ1NIGdFmsPL_SKZum8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:7400::/40

    Signature Algorithm: sha256WithRSAEncryption
         1d:c4:c4:a8:1f:55:5f:67:26:8c:a7:26:2b:e5:b1:31:8b:e9:
         89:fd:5a:a7:53:5a:aa:7f:61:93:6a:d7:e5:38:c8:6e:e9:4d:
         18:c4:c3:19:b8:e8:d3:dd:cb:ea:ef:a0:f6:d8:65:2c:c7:6d:
         f7:cc:e7:d9:bd:e9:70:40:0f:43:3f:98:6b:2b:96:77:22:f7:
         34:02:66:31:d8:ec:10:1f:ab:1e:12:c2:7d:60:e9:c0:22:5d:
         2e:a0:4b:ed:4d:6b:95:10:48:81:01:8d:29:5a:7d:a9:3e:ee:
         9e:b0:04:4b:30:66:bd:6a:ba:ca:1f:ff:d5:c1:ef:c3:9b:8e:
         b6:96:14:db:ac:2b:42:3c:71:d8:f4:95:70:40:a7:bc:e0:8b:
         73:40:e0:93:16:61:e2:03:f9:b9:e5:4b:f0:1e:6e:d7:a6:85:
         c2:76:b7:f3:49:a6:75:08:36:49:d8:45:2b:69:d1:19:f7:d0:
         ea:74:cc:c4:a9:a7:ce:87:bd:88:d7:85:2d:83:bd:02:3e:b8:
         20:66:d3:f7:32:91:a6:78:87:ad:b0:75:d5:b2:3e:ae:98:7b:
         c6:ff:0d:0c:4f:27:e5:c5:c5:5c:c1:cc:52:54:ac:14:04:c3:
         e1:5a:0b:9e:d2:91:5f:17:f3:97:56:51:11:fa:6a:3d:65:ea:
         21:39:5b:83
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZoAkWGrnZtZ4IJPC4dpSk/iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDIwMDc0MTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDcyMTY2NmI3NWIwMTlkNGQyMDY3NDU5YWMzY2JmZDIyOTliYTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+1tsAtBs+pNTyoY5+yDuxThAQAnF
6Buitmi5m5FrF5hcIooJ+RiVXXsnxytvpC50sLu7u1NZnkm05sT11iBEfiGAtpVW
9BuKw+707ZFBiuB3rQVToZ8515lY3Odkx92yGmBG3llaccK18DXNYKHdYQYcW1XH
i8MTu67rweUuJpZAfokf4oFv+4cqMu/Ch63gIWewmE1Lhgp4Bp7ezKAvDD3dPWyp
c/ZWyiVFiYYLN3Skxxcg7N3O987dX2afdSmQFt68diceIyfLytgUsxH19YwBz882
EAt1sH9jdFYZq54wgiTro298zocvrxhkyy0wGVdAhYTO++7LRvbh1q/cHQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMRyFma3WwGdTSBnRZrDy/0imbpvMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEveEhJV1pyZGJBWjFOSUdkRm1zUExfU0tadW04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQHQw
DQYJKoZIhvcNAQELBQADggEBAB3ExKgfVV9nJoynJivlsTGL6Yn9WqdTWqp/YZNq
1+U4yG7pTRjEwxm46NPdy+rvoPbYZSzHbffM59m96XBAD0M/mGsrlnci9zQCZjHY
7BAfqx4Swn1g6cAiXS6gS+1Na5UQSIEBjSlafak+7p6wBEswZr1qusof/9XB78Ob
jraWFNusK0I8cdj0lXBAp7zgi3NA4JMWYeID+bnlS/AebtemhcJ2t/NJpnUINknY
RStp0Rn30Op0zMSpp86HvYjXhS2DvQI+uCBm0/cykaZ4h62wddWyPq6Ye8b/DQxP
J+XFxVzBzFJUrBQEw+FaC57SkV8X85dWURH6aj1l6iE5W4M=
-----END CERTIFICATE-----