Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/NwU8hI1qGvuTrLRz9doXxOfU-ic.roa
File:                     NwU8hI1qGvuTrLRz9doXxOfU-ic.roa (raw, json)
Hash identifier:          uPzfnmuMOWT9fjCFZJcxLXfz0ZTVPu0alfKcT93uFzc=
Subject key identifier:   37:05:3C:84:8D:6A:1A:FB:93:AC:B4:73:F5:DA:17:C4:E7:D4:FA:27
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0197E4A9CC33CB7D44CEBECC8D5E44097BE5
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/NwU8hI1qGvuTrLRz9doXxOfU-ic.roa
Signing time:             Mon 07 Jul 2025 11:33:42 +0000
ROA not before:           Mon 07 Jul 2025 11:33:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        170.168.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 04:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:e4:a9:cc:33:cb:7d:44:ce:be:cc:8d:5e:44:09:7b:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jul  7 11:33:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37053c848d6a1afb93acb473f5da17c4e7d4fa27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:83:f3:56:bd:e4:e9:a6:6e:f4:8d:79:d9:f4:
                    89:d7:0b:58:30:8b:ea:9d:80:dc:f1:d4:2c:54:b2:
                    e6:09:b9:1c:4c:a6:83:e5:ef:6a:b8:f3:7b:86:75:
                    6a:ea:d3:09:4f:9f:58:ff:c6:64:bc:ea:6b:af:2b:
                    00:91:85:c8:bc:db:73:0d:ca:cd:85:ac:9d:29:ef:
                    04:d0:a1:e7:8c:26:48:e4:31:86:ee:aa:58:46:b5:
                    5a:f0:05:db:d1:eb:3c:6f:9c:6c:3a:ab:c4:ed:12:
                    03:4d:56:b4:4c:91:ad:f9:fd:fa:93:e6:f9:eb:34:
                    5f:dd:5e:af:31:54:da:0d:32:04:59:b8:78:b9:09:
                    fe:1b:0b:c3:b9:35:38:5e:54:bb:25:1b:6b:08:85:
                    06:d3:5b:b2:54:71:ec:93:e1:bb:0a:7b:1f:3f:c3:
                    0a:b9:2b:2b:91:32:12:92:ff:d1:b1:bd:ad:52:24:
                    fd:d3:40:44:f1:28:97:51:fc:a9:40:61:a6:9f:d7:
                    f4:fe:b9:57:9e:e4:58:f5:5e:56:59:26:7d:92:fc:
                    ff:99:e8:e3:eb:55:f1:6e:bc:7d:d6:1e:59:67:0a:
                    fc:bd:69:a4:4b:a4:64:16:73:bd:58:d9:7a:8e:48:
                    0a:31:22:72:c7:47:0a:88:fd:5e:f4:24:c9:d6:77:
                    63:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:05:3C:84:8D:6A:1A:FB:93:AC:B4:73:F5:DA:17:C4:E7:D4:FA:27
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/NwU8hI1qGvuTrLRz9doXxOfU-ic.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:6d:7a:53:85:28:54:cb:41:4f:b3:0b:88:67:eb:77:12:7c:
         5b:6e:d0:ba:80:87:d7:06:df:1d:29:d1:21:b2:f4:03:81:2c:
         9d:5b:d2:21:fc:4e:28:90:93:58:c1:98:fd:1f:b9:85:37:cf:
         6b:42:39:08:f0:53:e4:5e:a2:57:ee:37:c4:ad:2d:c5:2a:1d:
         78:a2:d9:13:aa:70:ab:5f:19:96:58:c5:02:ff:bc:7a:37:9e:
         81:62:81:07:62:67:0e:6e:89:86:fd:98:55:c0:8a:ab:54:05:
         ee:75:56:f0:d1:f1:40:37:06:16:71:b6:0e:5f:cb:b3:f8:56:
         71:dd:1a:0c:7d:c4:3e:07:20:a4:c4:75:65:bc:97:65:79:25:
         3a:36:7d:16:c4:00:9e:e8:2e:94:71:9b:e2:a4:93:0d:89:10:
         c3:9b:0f:49:5e:cb:a7:ca:af:61:66:39:01:4b:4e:3d:a1:0e:
         a6:7e:43:ea:1b:a0:04:65:00:0b:3e:a4:2f:71:12:b3:be:4b:
         20:23:59:3f:2f:dd:10:dc:1d:f7:69:31:8f:4b:13:70:28:53:
         4b:ef:ec:3b:2a:39:8b:27:3a:fb:7a:ee:86:b0:94:3a:14:2f:
         bf:8c:87:b3:ed:be:aa:9b:f4:c5:c2:e9:d7:0a:82:2e:13:02:
         57:71:eb:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfkqcwzy31Ezr7MjV5ECXvlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNzA3MTEzMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzA1M2M4NDhkNmExYWZiOTNhY2I0NzNmNWRhMTdjNGU3ZDRmYTI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYPzVr3k6aZu9I152fSJ1wtYMIvq
nYDc8dQsVLLmCbkcTKaD5e9quPN7hnVq6tMJT59Y/8ZkvOprrysAkYXIvNtzDcrN
haydKe8E0KHnjCZI5DGG7qpYRrVa8AXb0es8b5xsOqvE7RIDTVa0TJGt+f36k+b5
6zRf3V6vMVTaDTIEWbh4uQn+GwvDuTU4XlS7JRtrCIUG01uyVHHsk+G7CnsfP8MK
uSsrkTISkv/Rsb2tUiT900BE8SiXUfypQGGmn9f0/rlXnuRY9V5WWSZ9kvz/mejj
61Xxbrx91h5ZZwr8vWmkS6RkFnO9WNl6jkgKMSJyx0cKiP1e9CTJ1ndjXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcFPISNahr7k6y0c/XaF8Tn1PonMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvTndVOGhJMXFHdnVUckxSejlkb1h4T2ZVLWljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgHMA0G
CSqGSIb3DQEBCwUAA4IBAQBzbXpThShUy0FPswuIZ+t3EnxbbtC6gIfXBt8dKdEh
svQDgSydW9Ih/E4okJNYwZj9H7mFN89rQjkI8FPkXqJX7jfErS3FKh14otkTqnCr
XxmWWMUC/7x6N56BYoEHYmcObomG/ZhVwIqrVAXudVbw0fFANwYWcbYOX8uz+FZx
3RoMfcQ+ByCkxHVlvJdleSU6Nn0WxACe6C6UcZvipJMNiRDDmw9JXsunyq9hZjkB
S049oQ6mfkPqG6AEZQALPqQvcRKzvksgI1k/L90Q3B33aTGPSxNwKFNL7+w7KjmL
Jzr7eu6GsJQ6FC+/jIez7b6qm/TFwunXCoIuEwJXcesN
-----END CERTIFICATE-----