Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/zbcfQ_jKJpmx3Q7wVeS1gRBuieg.roa
File:                     zbcfQ_jKJpmx3Q7wVeS1gRBuieg.roa (raw, json)
Hash identifier:          440LNgvltYw2eNg9got7Q1vdS1Lww9nr75fHCCjg6ZU=
Subject key identifier:   CD:B7:1F:43:F8:CA:26:99:B1:DD:0E:F0:55:E4:B5:81:10:6E:89:E8
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       0199AB92FCD20F83F843EF01E8F5060D512F
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/zbcfQ_jKJpmx3Q7wVeS1gRBuieg.roa
Signing time:             Fri 03 Oct 2025 19:36:00 +0000
ROA not before:           Fri 03 Oct 2025 19:36:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198016
IP address blocks:        2a0f:b240:5000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:ab:92:fc:d2:0f:83:f8:43:ef:01:e8:f5:06:0d:51:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Oct  3 19:36:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdb71f43f8ca2699b1dd0ef055e4b581106e89e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:67:85:7b:20:6c:bc:08:86:ec:a9:a6:01:0b:
                    67:c4:de:3b:0d:fa:19:cc:a7:f3:e8:b5:90:44:1a:
                    b5:9f:1a:f5:80:a5:91:81:f3:bb:ac:ec:63:8b:3c:
                    c2:05:ab:5a:37:2b:34:2c:43:91:3f:6f:dc:84:60:
                    60:d2:06:41:86:f9:03:69:6a:fa:27:50:35:a4:bb:
                    af:ca:53:96:26:56:ad:52:0f:90:77:8e:45:45:cc:
                    fd:e5:96:98:1a:db:4d:11:18:05:79:2c:75:10:c3:
                    d6:74:a6:6c:0c:38:06:58:f0:7b:14:e5:77:3c:00:
                    c0:21:79:81:76:f9:f5:64:34:09:8c:4f:e0:c3:37:
                    a9:48:d4:22:6b:b1:e7:5b:f1:18:10:81:88:0c:e3:
                    74:74:fe:a5:b3:32:3f:da:67:57:91:43:9b:38:69:
                    cc:09:36:d3:e5:a0:96:29:26:fc:42:8d:ef:76:f7:
                    8f:0f:74:e0:99:ff:02:77:22:1b:58:ad:b6:8f:5b:
                    f6:f6:96:66:df:57:68:41:37:17:15:af:f0:04:d4:
                    9a:f7:8f:b8:c2:a1:c6:ec:14:72:20:c5:f6:a9:72:
                    f8:b4:8c:a9:81:a2:66:e4:4c:e2:f2:42:3a:ce:fd:
                    70:b2:fb:54:b7:44:ee:9a:da:5f:e8:05:db:00:d5:
                    2b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:B7:1F:43:F8:CA:26:99:B1:DD:0E:F0:55:E4:B5:81:10:6E:89:E8
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/zbcfQ_jKJpmx3Q7wVeS1gRBuieg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:5000::/40

    Signature Algorithm: sha256WithRSAEncryption
         39:63:be:ec:22:03:f5:73:92:9a:d5:df:ce:68:6c:99:e9:d6:
         4e:fe:c5:51:25:a0:7d:00:1d:ac:18:40:66:07:96:2d:90:db:
         d3:17:a5:d4:c0:c8:3e:b7:c5:6f:76:d1:a6:24:26:99:9b:b4:
         00:3d:b0:79:21:17:e0:42:88:de:1e:00:1e:92:0b:b1:8c:cc:
         cd:c8:ee:10:a8:2f:4d:87:f3:a6:9b:4a:d2:2d:4a:12:ca:73:
         35:db:fd:48:0b:a9:1f:83:47:7c:2b:ca:41:cf:24:c6:71:97:
         cf:52:e5:ee:1c:f3:08:55:16:d1:26:de:16:61:c5:06:e6:80:
         13:68:8d:68:c6:89:3a:0e:80:0e:ca:01:66:51:79:12:63:e2:
         87:b0:31:5f:6b:f9:0a:0f:ea:72:e7:94:e8:6d:e7:d9:87:73:
         3e:11:ac:f1:fc:c4:e0:a9:17:76:f9:12:16:2c:ed:65:88:b8:
         f8:ab:3c:02:94:d0:3c:47:63:c3:21:31:e9:10:b0:9c:ed:a3:
         b1:dd:40:a3:c1:42:ec:ce:92:39:20:09:5f:5c:48:b8:3d:15:
         b6:52:21:cd:c8:6e:3d:2f:18:2b:06:ed:dc:a6:11:5c:72:37:
         c4:06:e3:a3:d7:9e:14:98:13:34:89:4b:51:68:db:36:fb:a5:
         a6:fe:83:1c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZmrkvzSD4P4Q+8B6PUGDVEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMDAzMTkzNjAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGI3MWY0M2Y4Y2EyNjk5YjFkZDBlZjA1NWU0YjU4MTEwNmU4OWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnGeFeyBsvAiG7KmmAQtnxN47DfoZ
zKfz6LWQRBq1nxr1gKWRgfO7rOxjizzCBataNys0LEORP2/chGBg0gZBhvkDaWr6
J1A1pLuvylOWJlatUg+Qd45FRcz95ZaYGttNERgFeSx1EMPWdKZsDDgGWPB7FOV3
PADAIXmBdvn1ZDQJjE/gwzepSNQia7HnW/EYEIGIDON0dP6lszI/2mdXkUObOGnM
CTbT5aCWKSb8Qo3vdvePD3Tgmf8CdyIbWK22j1v29pZm31doQTcXFa/wBNSa94+4
wqHG7BRyIMX2qXL4tIypgaJm5Ezi8kI6zv1wsvtUt0Tumtpf6AXbANUruwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFM23H0P4yiaZsd0O8FXktYEQbonoMB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvemJjZlFfaktKcG14M1E3d1ZlUzFnUkJ1aWVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCEGCCsGAQUFBwEHAQH/BBIwEDAOBAIAAjAIAwYAKg+yQFAw
DQYJKoZIhvcNAQELBQADggEBADljvuwiA/VzkprV385obJnp1k7+xVEloH0AHawY
QGYHli2Q29MXpdTAyD63xW920aYkJpmbtAA9sHkhF+BCiN4eAB6SC7GMzM3I7hCo
L02H86abStItShLKczXb/UgLqR+DR3wrykHPJMZxl89S5e4c8whVFtEm3hZhxQbm
gBNojWjGiToOgA7KAWZReRJj4oewMV9r+QoP6nLnlOht59mHcz4RrPH8xOCpF3b5
EhYs7WWIuPirPAKU0DxHY8MhMekQsJzto7HdQKPBQuzOkjkgCV9cSLg9FbZSIc3I
bj0vGCsG7dymEVxyN8QG46PXnhSYEzSJS1Fo2zb7pab+gxw=
-----END CERTIFICATE-----