Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/22gjWLuGwtopXKcvjzLzBEyIZO8.roa
File:                     22gjWLuGwtopXKcvjzLzBEyIZO8.roa (raw, json)
Hash identifier:          jU1mer8rNC2BdA5wPmPa6Dw+rB11ne2Cp0gWRa/ZJWs=
Subject key identifier:   DB:68:23:58:BB:86:C2:DA:29:5C:A7:2F:8F:32:F3:04:4C:88:64:EF
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019CE87D46004061B107C6C05D0CA938BF87
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/22gjWLuGwtopXKcvjzLzBEyIZO8.roa
Signing time:             Fri 13 Mar 2026 18:37:29 +0000
ROA not before:           Fri 13 Mar 2026 18:37:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205634
IP address blocks:        138.249.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:e8:7d:46:00:40:61:b1:07:c6:c0:5d:0c:a9:38:bf:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Mar 13 18:37:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=db682358bb86c2da295ca72f8f32f3044c8864ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:b3:e8:11:c3:f9:c7:46:3e:86:0e:1a:1f:29:
                    db:f5:61:10:31:26:eb:7c:48:71:91:c2:8b:c6:d6:
                    bb:f8:25:df:99:82:8c:ef:7f:86:80:70:55:4b:d0:
                    eb:24:0b:4c:86:9e:84:08:4e:98:ee:b6:10:1e:87:
                    b3:93:4a:3c:27:00:75:7e:e1:37:12:de:03:c9:8f:
                    49:60:27:ad:67:ce:76:a2:02:7d:0c:52:ad:4b:65:
                    e5:00:b6:64:7e:5b:6b:58:cf:07:4b:49:d7:e3:94:
                    73:64:b3:55:7a:72:45:4c:ec:a2:7a:95:58:09:55:
                    68:79:0a:c6:e8:3b:04:f0:ec:54:6d:9c:a3:49:0e:
                    ed:b9:d5:8d:51:34:79:24:79:e9:38:a3:95:6c:69:
                    c6:a5:4e:5b:f6:bd:ff:c7:5b:cf:b9:e4:26:43:7d:
                    75:b3:1b:77:d0:03:b8:2a:4d:53:c6:41:36:6e:27:
                    b8:c7:82:50:0b:78:d2:78:26:3d:3c:30:71:2e:b8:
                    55:6c:c2:7b:64:b9:6a:87:47:e3:7f:62:01:fa:53:
                    a6:dd:fd:a7:5d:78:d7:fd:9a:93:86:a7:d1:e6:d2:
                    ed:6b:ea:99:c5:68:9f:88:c9:46:31:72:9a:04:0e:
                    76:e1:c4:b4:a8:b2:cd:3d:ad:98:02:be:1e:34:a2:
                    84:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:68:23:58:BB:86:C2:DA:29:5C:A7:2F:8F:32:F3:04:4C:88:64:EF
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/22gjWLuGwtopXKcvjzLzBEyIZO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:52:27:eb:2b:54:25:62:5f:7d:8e:fe:2d:44:91:d6:6b:64:
         97:fe:74:ac:79:b4:eb:a9:82:cc:56:b3:ff:50:77:08:16:b4:
         1b:63:f1:79:71:ff:24:3e:17:06:d2:34:8b:8f:37:8e:71:9a:
         84:1d:b2:48:7a:7f:95:13:bf:28:91:98:2f:69:b4:ac:77:c2:
         0d:6f:c6:bf:90:02:cd:9a:11:32:79:90:6b:2b:46:46:a1:bd:
         a7:37:c6:71:75:e6:56:b6:52:40:43:da:89:46:6a:2a:42:4f:
         ea:fe:b7:10:e1:b4:b9:3c:e2:f0:fa:e2:57:ec:7c:21:e5:76:
         41:29:b4:71:dc:60:c5:e5:6d:91:0f:28:71:84:d5:2a:f1:33:
         59:80:9c:1b:db:9d:18:59:d7:e3:4e:17:23:54:34:8d:8c:48:
         bd:23:e7:a4:a4:52:74:71:db:35:85:08:a2:96:5c:05:de:87:
         4a:57:83:b4:fa:ab:7b:70:cc:64:48:38:e6:20:9b:8b:7e:94:
         61:cf:38:0c:88:1b:f3:73:36:16:e9:ba:2f:9f:9a:6f:87:36:
         6e:ae:ac:f2:9b:15:2e:0d:08:58:bd:7c:c5:f3:a0:3e:68:84:
         25:e7:27:97:a6:57:bc:e2:ad:8e:50:72:40:9d:58:b6:93:23:
         3a:f3:25:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzofUYAQGGxB8bAXQypOL+HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMzEzMTgzNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjY4MjM1OGJiODZjMmRhMjk1Y2E3MmY4ZjMyZjMwNDRjODg2NGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3bPoEcP5x0Y+hg4aHynb9WEQMSbr
fEhxkcKLxta7+CXfmYKM73+GgHBVS9DrJAtMhp6ECE6Y7rYQHoezk0o8JwB1fuE3
Et4DyY9JYCetZ852ogJ9DFKtS2XlALZkfltrWM8HS0nX45RzZLNVenJFTOyiepVY
CVVoeQrG6DsE8OxUbZyjSQ7tudWNUTR5JHnpOKOVbGnGpU5b9r3/x1vPueQmQ311
sxt30AO4Kk1TxkE2bie4x4JQC3jSeCY9PDBxLrhVbMJ7ZLlqh0fjf2IB+lOm3f2n
XXjX/ZqThqfR5tLta+qZxWifiMlGMXKaBA524cS0qLLNPa2YAr4eNKKEpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtoI1i7hsLaKVynL48y8wRMiGTvMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvMjJnaldMdUd3dG9wWEtjdmp6THpCRXlJWk84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAivkRMA0G
CSqGSIb3DQEBCwUAA4IBAQBKUifrK1QlYl99jv4tRJHWa2SX/nSsebTrqYLMVrP/
UHcIFrQbY/F5cf8kPhcG0jSLjzeOcZqEHbJIen+VE78okZgvabSsd8INb8a/kALN
mhEyeZBrK0ZGob2nN8ZxdeZWtlJAQ9qJRmoqQk/q/rcQ4bS5POLw+uJX7Hwh5XZB
KbRx3GDF5W2RDyhxhNUq8TNZgJwb250YWdfjThcjVDSNjEi9I+ekpFJ0cds1hQii
llwF3odKV4O0+qt7cMxkSDjmIJuLfpRhzzgMiBvzczYW6bovn5pvhzZurqzymxUu
DQhYvXzF86A+aIQl5yeXple84q2OUHJAnVi2kyM68yUZ
-----END CERTIFICATE-----