Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/msVJUSdOkdYBvRAwjUkLWeeeI3o.roa
File:                     msVJUSdOkdYBvRAwjUkLWeeeI3o.roa (raw, json)
Hash identifier:          ckSvpb/kDuIOihJ9/cfqQEp2Hzl12mNd2Iz6pG0hM3Q=
Subject key identifier:   9A:C5:49:51:27:4E:91:D6:01:BD:10:30:8D:49:0B:59:E7:9E:23:7A
Certificate issuer:       /CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
Certificate serial:       019A500C1FAC2897C0CE7ADEA1F78FA440C9
Authority key identifier: 6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/msVJUSdOkdYBvRAwjUkLWeeeI3o.roa
Signing time:             Tue 04 Nov 2025 18:06:03 +0000
ROA not before:           Tue 04 Nov 2025 18:06:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215472
IP address blocks:        2a0f:b240:a00::/40 maxlen: 48
                          2a0f:b244:101::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 03:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:0c:1f:ac:28:97:c0:ce:7a:de:a1:f7:8f:a4:40:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e87104a4db4c46371a7f8b6a441fc30ecdfe20f
        Validity
            Not Before: Nov  4 18:06:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9ac54951274e91d601bd10308d490b59e79e237a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:be:9a:d6:2b:df:70:40:d7:9c:db:bd:7b:31:
                    f1:c1:cf:71:cc:d8:e7:39:11:77:9a:68:bb:75:72:
                    9f:ef:a7:0f:92:d4:36:b6:eb:7b:bd:b9:cb:f4:db:
                    54:45:07:f6:3c:7d:0b:b4:cd:65:81:05:8d:96:55:
                    a9:a3:2a:22:2c:61:24:78:47:ae:ee:65:94:fa:57:
                    9c:fb:2a:5f:01:a5:8d:dc:f8:b3:a8:b5:23:99:3d:
                    f9:22:28:68:8b:39:4d:cd:e4:47:63:ec:67:ad:d7:
                    36:6a:06:4a:c7:bc:54:06:92:69:3a:a7:6c:e1:fe:
                    96:ce:90:7c:e4:2b:9a:5d:29:a2:5d:9b:ac:65:c7:
                    33:e9:42:2a:ad:35:af:22:dc:c3:ae:7f:ad:c9:eb:
                    2a:aa:94:22:6c:38:75:83:72:dc:80:a1:5c:1a:ab:
                    fe:de:14:d5:fe:d4:5c:0c:cd:54:3e:6d:3d:a5:f6:
                    6f:56:e7:e7:a1:00:d9:3c:cf:2c:10:93:13:d0:ba:
                    4c:b0:e5:aa:e3:f1:87:66:d7:56:ac:d6:fb:df:4f:
                    93:bc:57:7c:e3:4b:79:16:0d:83:f0:cd:37:d8:eb:
                    01:47:14:39:cb:90:f6:f5:7f:75:66:94:71:c9:5d:
                    14:39:f3:2b:e3:46:e7:97:f5:c2:a7:e7:7f:57:ae:
                    5b:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C5:49:51:27:4E:91:D6:01:BD:10:30:8D:49:0B:59:E7:9E:23:7A
            X509v3 Authority Key Identifier:
                keyid:6E:87:10:4A:4D:B4:C4:63:71:A7:F8:B6:A4:41:FC:30:EC:DF:E2:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bocQSk20xGNxp_i2pEH8MOzf4g8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/msVJUSdOkdYBvRAwjUkLWeeeI3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/b87ec0-f75a-4bbe-b067-b717980e4ad6/1/bocQSk20xGNxp_i2pEH8MOzf4g8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0f:b240:a00::/40
                  2a0f:b244:101::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:59:e8:fc:ad:3d:c2:66:4f:a6:f9:52:c8:a8:7f:fc:5e:fb:
         19:d1:97:bf:2b:33:e5:1e:18:11:75:1a:d1:2d:9c:72:28:0b:
         3d:20:9d:be:50:62:6c:80:98:53:4f:cf:18:87:c2:5b:11:9e:
         d0:75:86:01:6c:16:51:9a:a0:f3:02:3d:8e:da:91:36:05:fe:
         ad:1c:b9:6c:15:e8:19:81:06:61:42:2a:0f:fb:9b:ca:37:87:
         61:3c:1d:53:00:43:0b:a8:2a:43:2f:ec:ea:a0:1b:06:37:a0:
         00:91:12:94:9c:80:c1:54:37:9d:d6:52:bd:58:1a:4d:42:02:
         4a:e9:d2:f8:34:7a:a6:06:20:19:1d:d4:b8:87:02:9e:b3:f5:
         4d:7a:04:f8:71:d8:7f:75:f4:51:cc:a8:9e:24:e4:c0:5a:60:
         b4:5b:32:4f:7d:73:ef:14:a6:e3:cc:91:70:73:46:82:bd:a9:
         f5:3a:2b:83:00:b7:3f:7a:30:86:48:8b:3f:f4:83:91:50:02:
         66:b6:c1:68:8b:98:17:31:9e:1b:e5:66:8f:31:a9:3f:c9:8d:
         0a:6c:fe:ae:68:f2:29:f2:73:15:c2:b6:8f:cb:1c:d2:bd:00:
         8e:72:a7:09:b2:55:07:ec:a9:f6:8c:20:2f:08:e3:69:a8:c2:
         71:db:3e:ad
-----BEGIN CERTIFICATE-----
MIIFCDCCA/CgAwIBAgISAZpQDB+sKJfAznreofePpEDJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlODcxMDRhNGRiNGM0NjM3MWE3ZjhiNmE0NDFmYzMwZWNk
ZmUyMGYwHhcNMjUxMTA0MTgwNjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWM1NDk1MTI3NGU5MWQ2MDFiZDEwMzA4ZDQ5MGI1OWU3OWUyMzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2L6a1ivfcEDXnNu9ezHxwc9xzNjn
ORF3mmi7dXKf76cPktQ2tut7vbnL9NtURQf2PH0LtM1lgQWNllWpoyoiLGEkeEeu
7mWU+lec+ypfAaWN3PizqLUjmT35IihoizlNzeRHY+xnrdc2agZKx7xUBpJpOqds
4f6WzpB85CuaXSmiXZusZccz6UIqrTWvItzDrn+tyesqqpQibDh1g3LcgKFcGqv+
3hTV/tRcDM1UPm09pfZvVufnoQDZPM8sEJMT0LpMsOWq4/GHZtdWrNb730+TvFd8
40t5Fg2D8M032OsBRxQ5y5D29X91ZpRxyV0UOfMr40bnl/XCp+d/V65bhQIDAQAB
o4ICFDCCAhAwHQYDVR0OBBYEFJrFSVEnTpHWAb0QMI1JC1nnniN6MB8GA1UdIwQY
MBaAFG6HEEpNtMRjcaf4tqRB/DDs3+IPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjct
YjcxNzk4MGU0YWQ2LzEvbXNWSlVTZE9rZFlCdlJBd2pVa0xXZWVlSTNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy9iODdlYzAtZjc1YS00YmJlLWIwNjctYjcxNzk4MGU0YWQ2
LzEvYm9jUVNrMjB4R054cF9pMnBFSDhNT3pmNGc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCoGCCsGAQUFBwEHAQH/BBswGTAXBAIAAjARAwYAKg+yQAoD
BwAqD7JEAQEwDQYJKoZIhvcNAQELBQADggEBAEdZ6PytPcJmT6b5Usiof/xe+xnR
l78rM+UeGBF1GtEtnHIoCz0gnb5QYmyAmFNPzxiHwlsRntB1hgFsFlGaoPMCPY7a
kTYF/q0cuWwV6BmBBmFCKg/7m8o3h2E8HVMAQwuoKkMv7OqgGwY3oACREpScgMFU
N53WUr1YGk1CAkrp0vg0eqYGIBkd1LiHAp6z9U16BPhx2H919FHMqJ4k5MBaYLRb
Mk99c+8UpuPMkXBzRoK9qfU6K4MAtz96MIZIiz/0g5FQAma2wWiLmBcxnhvlZo8x
qT/JjQps/q5o8inycxXCto/LHNK9AI5ypwmyVQfsqfaMIC8I42mownHbPq0=
-----END CERTIFICATE-----