Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ECiS1gBfM-Rzlscv8rvcHsfQ-hs.roa
File:                     ECiS1gBfM-Rzlscv8rvcHsfQ-hs.roa (raw, json)
Hash identifier:          xWByB/LFMByrlYZWNJZy6Ey0qnW6TMMOuEUJN0eHmb8=
Subject key identifier:   10:28:92:D6:00:5F:33:E4:73:96:C7:2F:F2:BB:DC:1E:C7:D0:FA:1B
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0198EA949B52EDA88616568E9AD21BCB0852
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ECiS1gBfM-Rzlscv8rvcHsfQ-hs.roa
Signing time:             Wed 27 Aug 2025 08:11:04 +0000
ROA not before:           Wed 27 Aug 2025 08:11:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47204
IP address blocks:        170.168.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 23:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ea:94:9b:52:ed:a8:86:16:56:8e:9a:d2:1b:cb:08:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug 27 08:11:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=102892d6005f33e47396c72ff2bbdc1ec7d0fa1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:b3:1f:3f:12:02:19:9e:83:f1:85:c8:93:5e:
                    e4:1f:52:80:84:de:53:af:55:be:33:cd:cf:fb:6f:
                    4d:89:6f:0e:a1:65:8c:fc:93:70:28:8e:bc:2a:36:
                    9d:04:2a:79:a8:0f:d2:10:eb:c4:7e:4b:a1:0d:17:
                    86:64:d9:bb:c2:70:d5:e6:0a:be:8b:d4:1d:96:fd:
                    b8:cb:fd:ef:bc:f8:8d:c2:86:42:4b:f7:4b:dc:66:
                    13:d2:8b:6b:86:91:96:59:2b:25:6d:ef:b9:4c:e7:
                    27:42:4c:60:08:8b:08:de:6c:83:59:02:46:83:4f:
                    e2:29:54:35:66:2c:6f:c1:55:32:28:b0:9c:0d:6e:
                    df:df:ca:d2:ac:1a:ca:41:a9:96:56:10:d6:55:27:
                    81:f0:13:c0:af:1f:1f:99:97:db:33:04:ab:e3:52:
                    28:17:0f:b4:9a:17:00:ac:7e:ff:4e:56:a9:94:17:
                    97:0a:14:e6:01:22:15:db:8c:78:a9:36:aa:02:47:
                    e2:9a:c9:70:58:69:ba:ec:17:83:02:f3:7b:b8:ac:
                    9a:f0:6c:12:56:ce:fa:02:4e:43:2f:8e:b2:9c:39:
                    93:41:6a:48:29:f5:22:95:2b:13:6f:05:d5:2b:3d:
                    ed:2d:79:f3:6d:72:a3:79:b4:94:c2:80:c5:4a:94:
                    a7:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:28:92:D6:00:5F:33:E4:73:96:C7:2F:F2:BB:DC:1E:C7:D0:FA:1B
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ECiS1gBfM-Rzlscv8rvcHsfQ-hs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:50:82:ec:59:7e:a3:64:66:5a:22:32:7b:41:e3:de:09:2e:
         9d:43:45:17:9c:27:ac:f2:e7:79:94:53:9b:87:1d:da:4a:b6:
         e5:60:39:7a:bb:66:ed:2d:ec:94:33:69:88:f6:a6:03:f7:76:
         33:14:4a:44:00:b7:73:3b:c6:ac:7c:98:5a:53:84:9f:58:26:
         ac:89:71:5d:84:90:89:b9:73:46:d1:87:0e:93:5d:a8:9e:8c:
         86:11:30:c3:49:8e:35:17:25:fd:3d:56:6c:19:9a:70:c1:d1:
         80:5c:73:de:b7:11:32:1c:0d:27:cc:0a:e0:89:10:b9:33:31:
         58:9d:bf:53:b0:a1:87:99:9e:ef:5d:29:c0:bd:93:52:a0:fa:
         ec:c5:a7:e8:c2:f0:f9:22:db:dd:53:bd:b8:bb:5a:4d:85:a4:
         89:ba:cf:92:cf:89:08:17:8e:34:f6:3a:80:c9:86:5a:d6:b8:
         4a:04:b8:cf:94:95:c4:05:b0:4e:e1:f9:c8:69:4d:f4:41:74:
         52:a7:03:d6:8b:6f:b9:1c:09:c3:d3:f7:19:ab:db:c7:0c:de:
         cf:23:7a:a1:49:23:b7:a5:bf:eb:c6:ce:97:55:15:a7:33:9f:
         24:39:e1:77:f9:f2:a4:d6:0c:0f:a4:e1:65:e6:a4:54:99:84:
         b2:72:a2:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjqlJtS7aiGFlaOmtIbywhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODI3MDgxMTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDI4OTJkNjAwNWYzM2U0NzM5NmM3MmZmMmJiZGMxZWM3ZDBmYTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLMfPxICGZ6D8YXIk17kH1KAhN5T
r1W+M83P+29NiW8OoWWM/JNwKI68KjadBCp5qA/SEOvEfkuhDReGZNm7wnDV5gq+
i9Qdlv24y/3vvPiNwoZCS/dL3GYT0otrhpGWWSslbe+5TOcnQkxgCIsI3myDWQJG
g0/iKVQ1ZixvwVUyKLCcDW7f38rSrBrKQamWVhDWVSeB8BPArx8fmZfbMwSr41Io
Fw+0mhcArH7/TlaplBeXChTmASIV24x4qTaqAkfimslwWGm67BeDAvN7uKya8GwS
Vs76Ak5DL46ynDmTQWpIKfUilSsTbwXVKz3tLXnzbXKjebSUwoDFSpSnvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAoktYAXzPkc5bHL/K73B7H0PobMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvRUNpUzFnQmZNLVJ6bHNjdjhydmNIc2ZRLWhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgWMA0G
CSqGSIb3DQEBCwUAA4IBAQArUILsWX6jZGZaIjJ7QePeCS6dQ0UXnCes8ud5lFOb
hx3aSrblYDl6u2btLeyUM2mI9qYD93YzFEpEALdzO8asfJhaU4SfWCasiXFdhJCJ
uXNG0YcOk12onoyGETDDSY41FyX9PVZsGZpwwdGAXHPetxEyHA0nzArgiRC5MzFY
nb9TsKGHmZ7vXSnAvZNSoPrsxafowvD5ItvdU724u1pNhaSJus+Sz4kIF4409jqA
yYZa1rhKBLjPlJXEBbBO4fnIaU30QXRSpwPWi2+5HAnD0/cZq9vHDN7PI3qhSSO3
pb/rxs6XVRWnM58kOeF3+fKk1gwPpOFl5qRUmYSycqKu
-----END CERTIFICATE-----