Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/YpemcT9XuU9BeXZ8G0El93eJmz8.roa
File:                     YpemcT9XuU9BeXZ8G0El93eJmz8.roa (raw, json)
Hash identifier:          2nO0ugtgIMpx/F1Ccg+rVg0AztlIxNrAh5VvbMs/YzY=
Subject key identifier:   62:97:A6:71:3F:57:B9:4F:41:79:76:7C:1B:41:25:F7:77:89:9B:3F
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       01982CFFE9927B1641D690C153DA28C80881
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/YpemcT9XuU9BeXZ8G0El93eJmz8.roa
Signing time:             Mon 21 Jul 2025 12:40:25 +0000
ROA not before:           Mon 21 Jul 2025 12:40:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29226
IP address blocks:        170.168.11.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2c:ff:e9:92:7b:16:41:d6:90:c1:53:da:28:c8:08:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jul 21 12:40:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6297a6713f57b94f4179767c1b4125f777899b3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:73:90:38:c6:e7:7a:5d:1a:17:92:38:64:34:
                    1c:cf:f5:01:23:10:49:4b:7d:91:1e:52:00:6a:29:
                    3a:46:c1:2c:8d:12:44:ce:17:a7:ad:f1:a8:b2:bf:
                    f7:a5:f2:0b:ad:b0:26:6e:ab:9c:af:f9:28:39:5d:
                    b2:1b:96:0a:12:19:5e:f7:57:78:ae:ef:db:2d:ac:
                    e4:11:dd:e6:ad:d0:71:03:15:7c:82:bc:c7:31:6b:
                    a8:ae:7c:e6:cb:8d:b4:10:e4:56:09:2d:46:fa:fc:
                    64:97:fa:05:b0:b9:ac:87:b3:5d:35:ad:9f:38:cd:
                    5d:f0:ab:ae:b8:8b:c2:a0:a2:0a:b6:95:49:96:13:
                    c8:5f:6c:c7:99:72:8a:f7:8d:3b:5e:25:6d:3c:7e:
                    41:08:a7:74:fd:b2:37:8c:a0:83:f1:2a:93:03:53:
                    57:8e:f1:ff:16:92:ef:bd:3f:63:12:57:b3:ec:29:
                    a1:b8:4f:a0:f4:ed:a7:48:8d:82:f6:a0:b4:67:86:
                    c3:6b:06:93:f7:44:f1:30:70:c3:db:97:d1:54:0e:
                    84:32:99:0f:6c:88:b7:fe:2b:c2:35:e2:20:44:5d:
                    13:0d:1f:cd:eb:47:fb:c0:90:a3:7c:e1:5a:2d:13:
                    48:a8:dc:18:30:bd:8c:2d:72:e7:56:f3:d5:9f:d9:
                    d8:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:97:A6:71:3F:57:B9:4F:41:79:76:7C:1B:41:25:F7:77:89:9B:3F
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/YpemcT9XuU9BeXZ8G0El93eJmz8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:f3:9b:de:91:9d:36:99:86:19:c6:3c:67:47:62:63:1a:12:
         f4:ed:1b:05:05:73:db:64:6d:6e:c1:42:52:4c:25:5c:80:96:
         a3:29:57:81:5e:e3:48:bd:28:3b:e5:0a:e6:b3:57:3c:00:a0:
         28:93:50:eb:3e:60:c5:ff:9d:ac:f1:2c:85:b4:56:78:cb:cc:
         5a:a1:94:d6:ca:6c:c8:04:14:d7:19:37:3f:67:5c:e7:8b:18:
         8a:02:38:a0:ea:85:09:85:37:77:71:cf:9e:61:ec:72:34:1b:
         46:d3:f3:ec:06:79:52:47:ff:16:a1:1e:30:23:d8:6c:c4:16:
         8e:cf:9f:55:f9:79:81:c8:78:af:f0:38:40:fa:18:de:d3:75:
         0e:86:0f:c9:4b:df:02:cc:49:0f:5e:42:5e:ac:a6:7d:38:1f:
         4e:49:7e:a8:5e:77:94:9d:91:c7:c7:8f:3e:dd:b9:8e:e5:5c:
         56:17:4a:9c:1a:81:09:af:6f:4b:5c:87:77:6f:54:1a:ff:fb:
         a9:6c:77:f1:0c:22:37:de:ff:f7:0b:7b:2e:f4:74:4a:a3:99:
         75:d8:cf:16:7a:f1:be:fb:03:67:32:01:3c:d4:6b:94:f5:9b:
         a7:3b:07:19:b4:35:16:bc:ac:10:dd:8b:84:3a:99:62:c4:67:
         0b:b8:41:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgs/+mSexZB1pDBU9ooyAiBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNzIxMTI0MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2Mjk3YTY3MTNmNTdiOTRmNDE3OTc2N2MxYjQxMjVmNzc3ODk5YjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHOQOMbnel0aF5I4ZDQcz/UBIxBJ
S32RHlIAaik6RsEsjRJEzhenrfGosr/3pfILrbAmbqucr/koOV2yG5YKEhle91d4
ru/bLazkEd3mrdBxAxV8grzHMWuornzmy420EORWCS1G+vxkl/oFsLmsh7NdNa2f
OM1d8KuuuIvCoKIKtpVJlhPIX2zHmXKK9407XiVtPH5BCKd0/bI3jKCD8SqTA1NX
jvH/FpLvvT9jElez7CmhuE+g9O2nSI2C9qC0Z4bDawaT90TxMHDD25fRVA6EMpkP
bIi3/ivCNeIgRF0TDR/N60f7wJCjfOFaLRNIqNwYML2MLXLnVvPVn9nYpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGKXpnE/V7lPQXl2fBtBJfd3iZs/MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvWXBlbWNUOVh1VTlCZVhaOEcwRWw5M2VKbXo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgLMA0G
CSqGSIb3DQEBCwUAA4IBAQAq85vekZ02mYYZxjxnR2JjGhL07RsFBXPbZG1uwUJS
TCVcgJajKVeBXuNIvSg75Qrms1c8AKAok1DrPmDF/52s8SyFtFZ4y8xaoZTWymzI
BBTXGTc/Z1znixiKAjig6oUJhTd3cc+eYexyNBtG0/PsBnlSR/8WoR4wI9hsxBaO
z59V+XmByHiv8DhA+hje03UOhg/JS98CzEkPXkJerKZ9OB9OSX6oXneUnZHHx48+
3bmO5VxWF0qcGoEJr29LXId3b1Qa//upbHfxDCI33v/3C3su9HRKo5l12M8WevG+
+wNnMgE81GuU9ZunOwcZtDUWvKwQ3YuEOplixGcLuEF+
-----END CERTIFICATE-----