Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3BtMqXJycGGvfjNPXXTPm6tK57g.roa
File:                     3BtMqXJycGGvfjNPXXTPm6tK57g.roa (raw, json)
Hash identifier:          jPysS0bfydTK8RBC0P3rH2Kj76tPYYDoeG+8kJZDQRc=
Subject key identifier:   DC:1B:4C:A9:72:72:70:61:AF:7E:33:4F:5D:74:CF:9B:AB:4A:E7:B8
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       01987B7877BFB559A7FE47628192D4D24E03
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3BtMqXJycGGvfjNPXXTPm6tK57g.roa
Signing time:             Tue 05 Aug 2025 18:22:29 +0000
ROA not before:           Tue 05 Aug 2025 18:22:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206023
IP address blocks:        2a0f:b240:20::/46 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 18:22:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:7b:78:77:bf:b5:59:a7:fe:47:62:81:92:d4:d2:4e:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Aug  5 18:22:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc1b4ca972727061af7e334f5d74cf9bab4ae7b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:eb:8e:09:ce:c0:67:4c:73:d1:f8:0f:92:83:
                    c4:25:67:22:1e:02:d7:9f:6e:ab:fb:30:4f:cf:cf:
                    ec:e9:91:8b:5b:2d:5b:a6:15:2c:17:21:bd:c5:cb:
                    ee:72:8e:16:11:92:0d:e1:d5:e9:a5:ea:b4:79:be:
                    f1:55:4c:a9:19:11:a2:f5:98:c1:87:e2:c1:dd:14:
                    6b:20:65:1c:e4:96:59:a7:7e:bc:6d:bf:26:50:1e:
                    1f:bd:9e:02:60:e0:94:58:fd:07:d9:e5:9e:07:c4:
                    20:ab:92:e5:74:81:52:96:12:2a:26:df:2b:35:b5:
                    4b:58:33:b6:0e:4f:f6:1e:3b:bc:10:40:66:3c:36:
                    55:6a:d7:10:b0:14:b8:42:7e:cd:20:53:b9:49:b9:
                    55:5d:fa:aa:66:fd:d1:41:8b:d5:6a:40:c6:54:ab:
                    a2:45:ca:ff:6a:1c:e5:b0:b9:d2:9a:d6:33:3d:6d:
                    66:7e:72:f9:e8:cf:32:08:b9:95:14:a4:4a:69:a0:
                    e1:ce:00:52:16:cf:73:49:91:1d:4c:1e:f0:75:87:
                    fe:56:5c:5f:a7:f2:ed:ce:b2:73:a0:fb:61:53:e9:
                    36:4c:8b:e4:29:d1:5f:3a:cd:72:62:2d:76:84:3e:
                    5b:c3:04:af:b1:ea:5d:a5:c0:06:79:ee:ef:6e:34:
                    c6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:1B:4C:A9:72:72:70:61:AF:7E:33:4F:5D:74:CF:9B:AB:4A:E7:B8
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/3BtMqXJycGGvfjNPXXTPm6tK57g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:20::/46

    Signature Algorithm: sha256WithRSAEncryption
         76:c6:ac:ef:85:c6:53:e4:33:ce:34:9c:fe:b6:7d:ee:3c:82:
         2b:fa:20:0d:bc:41:63:17:84:e7:63:6e:26:8a:6e:3c:ff:21:
         b9:94:4f:6c:7e:a4:69:63:0b:4f:4c:60:85:51:4d:bd:c3:92:
         41:17:a7:31:e2:2b:18:b6:8d:fd:d1:77:47:71:fa:79:14:0e:
         6a:56:c3:f8:19:cb:ea:00:bb:8a:cf:0b:64:96:b5:16:14:85:
         70:5b:a2:56:82:dc:b0:01:de:13:8e:22:ad:87:33:c7:7e:2a:
         0d:cd:16:5f:56:8d:fc:5f:d1:17:38:1c:8f:17:76:e1:cd:ac:
         6f:51:a5:0f:1d:ac:19:6d:95:59:ae:6d:33:e5:df:21:bd:5e:
         32:3e:97:43:c8:13:ce:3a:3c:15:5c:b2:f2:c0:e7:67:4a:ed:
         4e:71:d6:fd:2a:6b:e7:a2:45:fe:7a:f3:11:0a:b7:a0:8d:63:
         b7:15:b8:f8:7c:19:0d:7d:b1:d8:4f:62:b0:fc:be:df:9e:76:
         31:0f:95:c6:5c:5b:a2:bf:93:5a:13:b2:b8:a9:64:f0:88:25:
         40:d9:77:23:27:1d:55:94:5d:ec:4d:10:22:22:34:9a:f8:17:
         41:12:ea:c6:23:e5:e6:b9:01:91:16:94:f5:32:0d:ba:60:80:
         89:f0:b2:67
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZh7eHe/tVmn/kdigZLU0k4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUwODA1MTgyMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzFiNGNhOTcyNzI3MDYxYWY3ZTMzNGY1ZDc0Y2Y5YmFiNGFlN2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+uOCc7AZ0xz0fgPkoPEJWciHgLX
n26r+zBPz8/s6ZGLWy1bphUsFyG9xcvuco4WEZIN4dXppeq0eb7xVUypGRGi9ZjB
h+LB3RRrIGUc5JZZp368bb8mUB4fvZ4CYOCUWP0H2eWeB8Qgq5LldIFSlhIqJt8r
NbVLWDO2Dk/2Hju8EEBmPDZVatcQsBS4Qn7NIFO5SblVXfqqZv3RQYvVakDGVKui
Rcr/ahzlsLnSmtYzPW1mfnL56M8yCLmVFKRKaaDhzgBSFs9zSZEdTB7wdYf+Vlxf
p/LtzrJzoPthU+k2TIvkKdFfOs1yYi12hD5bwwSvsepdpcAGee7vbjTGlQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFNwbTKlycnBhr34zT110z5urSue4MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvM0J0TXFYSnljR0d2ZmpOUFhYVFBtNnRLNTdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcCKg+yQAAg
MA0GCSqGSIb3DQEBCwUAA4IBAQB2xqzvhcZT5DPONJz+tn3uPIIr+iANvEFjF4Tn
Y24mim48/yG5lE9sfqRpYwtPTGCFUU29w5JBF6cx4isYto390XdHcfp5FA5qVsP4
GcvqALuKzwtklrUWFIVwW6JWgtywAd4TjiKthzPHfioNzRZfVo38X9EXOByPF3bh
zaxvUaUPHawZbZVZrm0z5d8hvV4yPpdDyBPOOjwVXLLywOdnSu1Ocdb9KmvnokX+
evMRCregjWO3Fbj4fBkNfbHYT2Kw/L7fnnYxD5XGXFuiv5NaE7K4qWTwiCVA2Xcj
Jx1VlF3sTRAiIjSa+BdBEurGI+XmuQGRFpT1Mg26YICJ8LJn
-----END CERTIFICATE-----