Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/42F_M7qYAJqmG-XX1DEb-gMvuEc.roa
File:                     42F_M7qYAJqmG-XX1DEb-gMvuEc.roa (raw, json)
Hash identifier:          Sk0o+rtRL5WLHI+jYOiSupKOAwGYja4wqtq+wL6piws=
Subject key identifier:   E3:61:7F:33:BA:98:00:9A:A6:1B:E5:D7:D4:31:1B:FA:03:2F:B8:47
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019CF6519E06AF80FCAB930F6649B5A35576
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/42F_M7qYAJqmG-XX1DEb-gMvuEc.roa
Signing time:             Mon 16 Mar 2026 11:04:29 +0000
ROA not before:           Mon 16 Mar 2026 11:04:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203790
IP address blocks:        138.249.4.0/23 maxlen: 23
                          138.249.4.0/24 maxlen: 24
                          138.249.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 20:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f6:51:9e:06:af:80:fc:ab:93:0f:66:49:b5:a3:55:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Mar 16 11:04:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e3617f33ba98009aa61be5d7d4311bfa032fb847
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:de:1d:0a:ac:c3:f9:53:7b:7c:58:df:da:bc:
                    7a:1e:4b:1c:a7:9a:94:67:b7:02:06:1e:1e:f9:af:
                    76:35:dc:07:a5:dc:ae:5c:23:14:39:9a:b5:d6:a0:
                    fd:b0:c6:64:c5:57:72:6f:6b:84:70:69:ed:d5:d2:
                    04:2d:ab:8c:55:67:e5:17:4e:2e:e9:a3:56:9e:6e:
                    eb:85:f6:63:b7:13:4f:d8:c3:c0:51:29:44:1d:58:
                    61:5d:2c:73:04:99:e4:39:b5:1a:49:57:59:7c:d5:
                    14:40:ed:80:5a:01:3b:41:23:5e:47:fd:e2:19:c0:
                    21:0e:6c:61:c3:ba:5a:6e:04:5e:28:54:d7:50:bf:
                    2f:7b:d3:91:b8:8a:88:49:16:96:9c:30:ff:e0:df:
                    ca:f0:30:5e:59:7a:65:27:7d:18:b9:09:56:85:70:
                    1f:9c:fb:fc:5f:b5:31:25:c7:a8:c0:8c:4d:0e:b9:
                    d3:f3:48:ac:a6:ef:3f:0b:36:63:41:65:de:2b:4b:
                    be:cd:56:40:cf:b7:ef:1c:f4:d1:d0:c5:6f:b8:85:
                    62:2b:87:23:ac:7d:e7:9a:30:33:8d:1a:50:f7:ab:
                    90:67:8a:43:d3:dc:b1:b1:1c:3b:b1:71:bc:24:dd:
                    2d:c0:5f:4f:09:82:6b:28:c6:8c:77:94:6f:fe:19:
                    c9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:61:7F:33:BA:98:00:9A:A6:1B:E5:D7:D4:31:1B:FA:03:2F:B8:47
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/42F_M7qYAJqmG-XX1DEb-gMvuEc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.4.0/23

    Signature Algorithm: sha256WithRSAEncryption
         09:60:76:9d:06:d4:4e:7f:ba:76:50:2f:cd:d5:87:b9:d0:00:
         62:e8:fd:d9:b8:57:9f:d1:ce:02:74:d7:1f:2e:ad:cc:d2:52:
         01:16:3a:4d:a2:9f:e5:27:fd:15:18:91:98:d8:c9:df:36:1c:
         5c:72:2b:7c:15:61:df:ba:eb:7b:ba:27:4e:39:5c:49:36:18:
         32:84:60:c3:a5:b2:eb:c6:8a:7c:f9:86:79:3a:8d:c6:89:96:
         e2:4f:41:15:1d:0f:68:d6:84:76:fe:cb:7c:6a:f5:97:30:04:
         65:32:f0:18:15:98:2c:cd:17:46:c5:8c:39:41:10:a7:ee:9f:
         de:72:c0:79:38:66:1f:75:5d:f9:b3:89:bd:3a:40:11:dc:cd:
         cc:4f:70:61:7a:dc:60:33:63:e8:95:71:e9:14:84:4d:bc:00:
         f9:53:46:04:ea:4f:ce:16:9a:46:52:60:15:f0:15:74:a0:1b:
         65:06:9c:13:54:32:9c:fc:20:bd:35:d2:b1:6d:7d:af:7d:a1:
         65:f3:38:95:3a:5d:19:09:69:d1:e9:9e:34:fa:ce:05:41:a7:
         ec:d8:4c:ce:9f:c8:67:b1:f7:6f:36:13:1f:bf:41:72:2a:8a:
         8c:88:d4:a8:5c:fe:32:fa:25:62:45:d8:95:7e:04:02:e1:49:
         70:82:77:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz2UZ4Gr4D8q5MPZkm1o1V2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMzE2MTEwNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzYxN2YzM2JhOTgwMDlhYTYxYmU1ZDdkNDMxMWJmYTAzMmZiODQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAst4dCqzD+VN7fFjf2rx6Hkscp5qU
Z7cCBh4e+a92NdwHpdyuXCMUOZq11qD9sMZkxVdyb2uEcGnt1dIELauMVWflF04u
6aNWnm7rhfZjtxNP2MPAUSlEHVhhXSxzBJnkObUaSVdZfNUUQO2AWgE7QSNeR/3i
GcAhDmxhw7pabgReKFTXUL8ve9ORuIqISRaWnDD/4N/K8DBeWXplJ30YuQlWhXAf
nPv8X7UxJceowIxNDrnT80ispu8/CzZjQWXeK0u+zVZAz7fvHPTR0MVvuIViK4cj
rH3nmjAzjRpQ96uQZ4pD09yxsRw7sXG8JN0twF9PCYJrKMaMd5Rv/hnJMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFONhfzO6mACaphvl19QxG/oDL7hHMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvNDJGX003cVlBSnFtRy1YWDFERWItZ012dUVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBivkEMA0G
CSqGSIb3DQEBCwUAA4IBAQAJYHadBtROf7p2UC/N1Ye50ABi6P3ZuFef0c4CdNcf
Lq3M0lIBFjpNop/lJ/0VGJGY2MnfNhxccit8FWHfuut7uidOOVxJNhgyhGDDpbLr
xop8+YZ5Oo3GiZbiT0EVHQ9o1oR2/st8avWXMARlMvAYFZgszRdGxYw5QRCn7p/e
csB5OGYfdV35s4m9OkAR3M3MT3BhetxgM2PolXHpFIRNvAD5U0YE6k/OFppGUmAV
8BV0oBtlBpwTVDKc/CC9NdKxbX2vfaFl8ziVOl0ZCWnR6Z40+s4FQafs2EzOn8hn
sfdvNhMfv0FyKoqMiNSoXP4y+iViRdiVfgQC4Ulwgnfu
-----END CERTIFICATE-----