Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/xcSTDEOqFXYFA83IMnVFyNPiUKQ.roa
File:                     xcSTDEOqFXYFA83IMnVFyNPiUKQ.roa (raw, json)
Hash identifier:          MhmsoGFosdqDBXOJA+mO3i5asOWRXM2F86zu6uNqSMw=
Subject key identifier:   C5:C4:93:0C:43:AA:15:76:05:03:CD:C8:32:75:45:C8:D3:E2:50:A4
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199D72CBF7C346AAB8754EE08FB137696A5
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/xcSTDEOqFXYFA83IMnVFyNPiUKQ.roa
Signing time:             Sun 12 Oct 2025 06:47:38 +0000
ROA not before:           Sun 12 Oct 2025 06:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205280
IP address blocks:        2a0f:b240:6300::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 15:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d7:2c:bf:7c:34:6a:ab:87:54:ee:08:fb:13:76:96:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct 12 06:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c5c4930c43aa15760503cdc8327545c8d3e250a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:26:25:35:47:01:3b:b6:59:cb:5d:88:ca:e7:
                    86:92:86:e8:9d:46:6e:4f:3a:1b:31:f9:f3:f3:ea:
                    4f:62:b0:bf:fc:f5:de:37:f6:d2:a3:79:bc:d6:5a:
                    ab:1b:e3:1f:73:2f:71:62:af:3d:24:5f:16:29:42:
                    4c:cc:59:37:3c:4f:a3:7a:70:b6:19:f6:81:f6:ad:
                    61:7d:ec:a2:50:48:ab:6d:76:f1:af:c9:d5:b5:48:
                    1e:9e:24:37:93:9c:19:04:66:20:7b:5a:c4:3c:f1:
                    cf:e0:35:6f:b0:f3:a7:21:7b:b0:da:cc:a2:6a:bc:
                    2c:1d:7d:3f:39:75:04:9b:7c:a5:21:e9:7c:3b:be:
                    66:d4:52:06:73:b4:23:73:a1:5a:a8:1d:0b:f2:47:
                    bc:27:da:02:83:ab:70:96:7d:7b:38:19:f7:59:70:
                    93:3b:9f:5f:08:49:f0:37:bc:e1:d2:aa:27:40:1b:
                    8b:ce:cb:d6:c7:c2:ac:d9:8a:f2:a8:8f:b7:44:0b:
                    32:b1:d5:e0:05:e3:f5:33:03:a5:9a:8b:8d:01:49:
                    8a:62:cf:f4:49:cb:a4:50:db:cd:32:9b:eb:a0:91:
                    2b:b1:7b:45:32:8a:56:9a:36:68:66:67:f0:74:43:
                    b7:1b:f0:b9:68:59:bb:9f:c6:9e:e8:30:67:e5:0d:
                    a9:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:C4:93:0C:43:AA:15:76:05:03:CD:C8:32:75:45:C8:D3:E2:50:A4
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/xcSTDEOqFXYFA83IMnVFyNPiUKQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:6300::/40

    Signature Algorithm: sha256WithRSAEncryption
         27:47:eb:01:f6:ff:b6:2f:de:0b:d4:cb:b6:73:eb:70:3e:84:
         eb:57:72:05:9e:e5:48:ea:cd:89:67:c3:3a:17:28:72:a2:21:
         79:2a:c9:8d:f8:3c:57:b7:ca:b6:bb:08:1a:1f:de:4a:aa:a3:
         e7:7b:f2:77:e6:4c:ef:f6:a0:21:2f:5b:be:53:80:0c:22:b6:
         a6:68:16:67:fa:09:6c:b2:93:cd:8a:7a:0a:ea:64:30:3b:1e:
         93:a7:4a:88:30:d6:5c:c7:a8:75:94:96:5f:62:50:2e:af:9c:
         cb:a2:dd:52:bc:dd:18:48:ec:39:cb:10:ec:b3:de:75:2a:02:
         21:7d:24:92:8e:ce:f0:11:cf:fb:2e:c2:6c:92:45:21:cb:65:
         bc:bb:0f:31:b0:4c:58:b1:45:d8:70:37:34:f6:02:c1:0b:08:
         0f:2f:1a:d9:c7:43:30:73:5b:a7:1b:c0:32:63:26:f7:49:4c:
         cf:7f:51:ca:42:4a:d5:a5:97:2e:02:b6:b9:63:71:d4:53:19:
         d0:85:5d:a1:17:82:7b:32:bd:97:8f:e7:fa:20:ea:0d:9b:e9:
         43:90:c0:1b:d3:83:1c:88:08:8b:c6:ef:e2:66:69:8a:96:41:
         18:e1:e4:d5:17:a4:11:c8:38:bf:8e:dd:d3:a3:d9:ce:e3:9a:
         7a:0a:0b:31
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZnXLL98NGqrh1TuCPsTdpalMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDEyMDY0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWM0OTMwYzQzYWExNTc2MDUwM2NkYzgzMjc1NDVjOGQzZTI1MGE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4yYlNUcBO7ZZy12IyueGkobonUZu
TzobMfnz8+pPYrC//PXeN/bSo3m81lqrG+Mfcy9xYq89JF8WKUJMzFk3PE+jenC2
GfaB9q1hfeyiUEirbXbxr8nVtUgeniQ3k5wZBGYge1rEPPHP4DVvsPOnIXuw2syi
arwsHX0/OXUEm3ylIel8O75m1FIGc7Qjc6FaqB0L8ke8J9oCg6twln17OBn3WXCT
O59fCEnwN7zh0qonQBuLzsvWx8Ks2YryqI+3RAsysdXgBeP1MwOlmouNAUmKYs/0
ScukUNvNMpvroJErsXtFMopWmjZoZmfwdEO3G/C5aFm7n8ae6DBn5Q2pwwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMXEkwxDqhV2BQPNyDJ1RcjT4lCkMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEveGNTVERFT3FGWFlGQTgzSU1uVkZ5TlBpVUtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQGMw
DQYJKoZIhvcNAQELBQADggEBACdH6wH2/7Yv3gvUy7Zz63A+hOtXcgWe5UjqzYln
wzoXKHKiIXkqyY34PFe3yra7CBof3kqqo+d78nfmTO/2oCEvW75TgAwitqZoFmf6
CWyyk82KegrqZDA7HpOnSogw1lzHqHWUll9iUC6vnMui3VK83RhI7DnLEOyz3nUq
AiF9JJKOzvARz/suwmySRSHLZby7DzGwTFixRdhwNzT2AsELCA8vGtnHQzBzW6cb
wDJjJvdJTM9/UcpCStWlly4CtrljcdRTGdCFXaEXgnsyvZeP5/og6g2b6UOQwBvT
gxyICIvG7+JmaYqWQRjh5NUXpBHIOL+O3dOj2c7jmnoKCzE=
-----END CERTIFICATE-----