Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/8g3NogRlabC8Z_hnfpoj_zWBnHY.roa
File:                     8g3NogRlabC8Z_hnfpoj_zWBnHY.roa (raw, json)
Hash identifier:          pm8YEsy4se+cQ515xuYmQpTq8mbRpNLbIFy98p9wal8=
Subject key identifier:   F2:0D:CD:A2:04:65:69:B0:BC:67:F8:67:7E:9A:23:FF:35:81:9C:76
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       01980D183C0B8C99AFDF8342CA92E604F241
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/8g3NogRlabC8Z_hnfpoj_zWBnHY.roa
Signing time:             Tue 15 Jul 2025 07:59:08 +0000
ROA not before:           Tue 15 Jul 2025 07:59:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58136
IP address blocks:        170.168.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:0d:18:3c:0b:8c:99:af:df:83:42:ca:92:e6:04:f2:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jul 15 07:59:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f20dcda2046569b0bc67f8677e9a23ff35819c76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:20:cf:09:df:e1:db:80:01:d0:e3:f1:df:cf:
                    0c:38:b2:dc:c0:bc:3e:97:9e:9f:47:2b:31:81:4d:
                    49:0e:2a:5c:46:9f:5c:ff:ef:c6:72:8a:ac:09:43:
                    8f:19:24:e8:5f:6f:ed:68:98:41:0b:d7:e0:9f:63:
                    3e:d6:4c:5b:2e:16:b8:e6:ec:53:41:c9:66:9b:87:
                    64:2f:eb:c0:db:7a:82:d4:84:80:2d:63:b9:bb:45:
                    fb:4b:90:ad:0e:c0:86:09:9b:db:e9:05:67:0a:2d:
                    7e:f5:f7:a9:9c:46:31:52:e6:b0:5f:14:e0:b3:59:
                    68:59:04:db:fc:4b:44:67:5c:f8:77:92:87:28:91:
                    9b:9c:4a:c5:42:88:12:48:24:e1:de:0a:32:68:7d:
                    35:00:9c:4f:62:a1:1b:28:3d:1c:05:54:9f:bd:89:
                    ce:76:2a:6b:cf:fc:02:29:32:87:3a:03:75:fd:29:
                    da:06:1c:c1:0b:db:62:a4:b6:b1:11:e2:c6:a0:b0:
                    5c:34:ce:63:02:c1:34:f8:49:da:79:b6:a9:83:10:
                    23:ae:82:58:b8:61:92:65:26:cf:d3:51:f5:e2:8a:
                    28:f4:51:9f:77:0e:3e:cc:39:41:96:5f:12:eb:2b:
                    1f:63:7c:5b:d0:c2:56:66:0b:e9:cf:6a:c9:ef:1f:
                    d6:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:0D:CD:A2:04:65:69:B0:BC:67:F8:67:7E:9A:23:FF:35:81:9C:76
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/8g3NogRlabC8Z_hnfpoj_zWBnHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:98:6c:9c:d1:34:5d:5a:a6:16:72:63:e6:7d:63:fd:62:4a:
         5e:6b:b2:3b:a3:2c:ed:6e:6a:05:76:e4:d8:0e:0a:fa:49:15:
         04:c2:35:33:71:1f:90:42:18:c7:72:cc:84:a2:42:86:09:a6:
         51:66:d7:61:4f:12:c2:a8:a9:86:63:39:b0:bb:cc:24:4b:3d:
         fd:ff:8a:13:1c:91:b2:70:ef:1e:f1:ee:73:10:5c:cc:f3:36:
         19:03:4c:b5:02:12:49:68:61:f5:c2:44:ce:95:39:3e:38:3c:
         1a:09:58:ec:5c:02:f4:1e:91:6f:79:78:3a:9f:7d:e7:dc:6d:
         2d:d3:b4:6c:cb:64:25:2c:ab:47:46:38:0c:94:57:9d:3e:c1:
         ac:74:4c:ac:fe:eb:90:4f:dc:1a:44:4c:f9:88:a0:b4:99:1c:
         00:da:9f:4b:99:59:6c:c3:e8:2f:da:00:76:b0:c4:0c:06:df:
         c0:3a:d5:e7:f5:33:c2:bc:e1:f5:2d:36:54:fd:a5:ec:a8:e7:
         ee:35:b5:93:e3:65:78:9b:d3:b1:f3:cb:8d:56:c8:a1:c2:31:
         51:bd:b6:39:8f:7e:cf:5c:24:2b:06:0b:bd:b8:b2:bf:f2:3d:
         1e:cc:90:42:f1:13:e3:13:d6:eb:17:6a:07:20:e3:49:04:31:
         8c:43:8c:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgNGDwLjJmv34NCypLmBPJBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNzE1MDc1OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjBkY2RhMjA0NjU2OWIwYmM2N2Y4Njc3ZTlhMjNmZjM1ODE5Yzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCDPCd/h24AB0OPx388MOLLcwLw+
l56fRysxgU1JDipcRp9c/+/GcoqsCUOPGSToX2/taJhBC9fgn2M+1kxbLha45uxT
Qclmm4dkL+vA23qC1ISALWO5u0X7S5CtDsCGCZvb6QVnCi1+9fepnEYxUuawXxTg
s1loWQTb/EtEZ1z4d5KHKJGbnErFQogSSCTh3goyaH01AJxPYqEbKD0cBVSfvYnO
diprz/wCKTKHOgN1/SnaBhzBC9tipLaxEeLGoLBcNM5jAsE0+EnaebapgxAjroJY
uGGSZSbP01H14ooo9FGfdw4+zDlBll8S6ysfY3xb0MJWZgvpz2rJ7x/WqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPINzaIEZWmwvGf4Z36aI/81gZx2MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvOGczTm9nUmxhYkM4Wl9obmZwb2pfeldCbkhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgKMA0G
CSqGSIb3DQEBCwUAA4IBAQBamGyc0TRdWqYWcmPmfWP9Ykpea7I7oyztbmoFduTY
Dgr6SRUEwjUzcR+QQhjHcsyEokKGCaZRZtdhTxLCqKmGYzmwu8wkSz39/4oTHJGy
cO8e8e5zEFzM8zYZA0y1AhJJaGH1wkTOlTk+ODwaCVjsXAL0HpFveXg6n33n3G0t
07Rsy2QlLKtHRjgMlFedPsGsdEys/uuQT9waREz5iKC0mRwA2p9LmVlsw+gv2gB2
sMQMBt/AOtXn9TPCvOH1LTZU/aXsqOfuNbWT42V4m9Ox88uNVsihwjFRvbY5j37P
XCQrBgu9uLK/8j0ezJBC8RPjE9brF2oHIONJBDGMQ4xk
-----END CERTIFICATE-----