Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/GSSKLYs6KH2vI051gVcqPGClagI.roa
File:                     GSSKLYs6KH2vI051gVcqPGClagI.roa (raw, json)
Hash identifier:          5fRBzXlBWSUp8W8Q/3Av7UFLSfpV9DWUU2rlNdT9hKc=
Subject key identifier:   19:24:8A:2D:8B:3A:28:7D:AF:23:4E:75:81:57:2A:3C:60:A5:6A:02
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019A0FEBCDEF5B7380C1437D028CA1CDE800
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/GSSKLYs6KH2vI051gVcqPGClagI.roa
Signing time:             Thu 23 Oct 2025 07:15:03 +0000
ROA not before:           Thu 23 Oct 2025 07:15:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214727
IP address blocks:        170.168.76.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:0f:eb:cd:ef:5b:73:80:c1:43:7d:02:8c:a1:cd:e8:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Oct 23 07:15:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19248a2d8b3a287daf234e7581572a3c60a56a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:f0:26:65:ae:32:89:42:17:ff:fb:ba:63:48:
                    f4:99:be:49:14:1b:b7:80:df:d4:b2:35:cc:a1:b4:
                    56:b2:80:9e:2b:44:23:3b:a9:ff:f5:d6:fa:3e:b6:
                    b3:8d:d1:44:e0:4c:34:f6:0b:a0:73:b8:5a:b8:cc:
                    6d:a6:f3:7e:4d:df:10:9d:be:85:46:7e:d9:2a:94:
                    47:ae:57:5e:59:44:ee:7b:1a:2b:73:bf:31:e9:d5:
                    0b:b3:89:30:87:96:9f:37:a9:9a:72:91:f6:d4:8b:
                    60:eb:54:74:c9:f2:58:0e:4e:af:1e:cd:28:80:1d:
                    60:25:37:05:c2:5b:17:e6:df:aa:ef:73:1b:26:0c:
                    06:10:26:d6:c0:c0:6e:0d:60:53:aa:13:ca:55:32:
                    df:73:b7:ea:f7:7c:fe:4c:aa:07:d6:cc:73:0a:00:
                    37:23:07:36:05:95:61:b5:31:58:97:e2:80:e3:a7:
                    2b:10:62:1d:73:67:28:47:2c:04:99:b0:44:c3:7a:
                    01:0c:10:9d:64:29:5c:06:0f:48:ec:61:d1:45:6d:
                    1c:eb:2e:e7:9b:f3:b4:ae:e0:6f:f2:11:5b:9c:b7:
                    2e:3b:cb:2c:f9:b4:8b:7f:d4:44:4e:97:e8:69:ec:
                    e7:ee:59:18:05:3d:ab:71:cd:67:92:02:18:59:bf:
                    0d:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:24:8A:2D:8B:3A:28:7D:AF:23:4E:75:81:57:2A:3C:60:A5:6A:02
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/GSSKLYs6KH2vI051gVcqPGClagI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:98:18:df:ef:8c:54:76:1b:ed:90:04:c2:58:3c:0b:e6:c7:
         39:36:92:c5:a9:e0:02:f0:c7:35:c9:88:08:2b:6e:d2:f5:e1:
         ab:bd:78:f2:64:74:de:1a:d9:39:dc:75:82:b8:87:7e:98:73:
         82:f4:d0:58:90:9d:e0:69:d6:ca:fa:a4:d1:9a:04:d8:c7:48:
         46:bd:a8:26:38:1a:6d:3a:aa:96:45:22:1d:e8:fa:58:31:b5:
         20:75:1c:06:f8:83:06:77:1e:8b:08:88:fc:d7:2d:c9:71:f5:
         21:bc:39:eb:91:ec:15:cf:d6:4c:d6:da:6c:11:22:96:e2:76:
         83:1a:71:06:db:04:f5:f2:83:de:04:74:19:df:4a:f2:12:48:
         d6:3b:2a:af:f4:3e:31:cc:49:e7:2a:9e:d2:a3:5c:23:0c:af:
         bd:4b:0b:98:b7:5c:02:4f:04:56:1c:57:35:5c:4f:ac:1d:11:
         50:dd:e9:54:e6:2a:9b:77:fb:25:00:96:c7:a5:e5:0e:9c:33:
         65:74:8b:92:54:ae:62:cb:1b:24:14:98:28:d2:5e:91:d9:a1:
         45:2b:97:70:f1:e9:7a:9d:a1:21:43:11:fe:dc:45:3b:f4:3e:
         fe:1f:11:c7:d8:44:5d:1f:ad:47:eb:c7:48:9b:88:fb:c1:ac:
         77:8a:50:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoP683vW3OAwUN9AoyhzegAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMDIzMDcxNTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTI0OGEyZDhiM2EyODdkYWYyMzRlNzU4MTU3MmEzYzYwYTU2YTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn/AmZa4yiUIX//u6Y0j0mb5JFBu3
gN/UsjXMobRWsoCeK0QjO6n/9db6PrazjdFE4Ew09gugc7hauMxtpvN+Td8Qnb6F
Rn7ZKpRHrldeWUTuexorc78x6dULs4kwh5afN6macpH21Itg61R0yfJYDk6vHs0o
gB1gJTcFwlsX5t+q73MbJgwGECbWwMBuDWBTqhPKVTLfc7fq93z+TKoH1sxzCgA3
Iwc2BZVhtTFYl+KA46crEGIdc2coRywEmbBEw3oBDBCdZClcBg9I7GHRRW0c6y7n
m/O0ruBv8hFbnLcuO8ss+bSLf9RETpfoaezn7lkYBT2rcc1nkgIYWb8NLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkkii2LOih9ryNOdYFXKjxgpWoCMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvR1NTS0xZczZLSDJ2STA1MWdWY3FQR0NsYWdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhMMA0G
CSqGSIb3DQEBCwUAA4IBAQCamBjf74xUdhvtkATCWDwL5sc5NpLFqeAC8Mc1yYgI
K27S9eGrvXjyZHTeGtk53HWCuId+mHOC9NBYkJ3gadbK+qTRmgTYx0hGvagmOBpt
OqqWRSId6PpYMbUgdRwG+IMGdx6LCIj81y3JcfUhvDnrkewVz9ZM1tpsESKW4naD
GnEG2wT18oPeBHQZ30ryEkjWOyqv9D4xzEnnKp7So1wjDK+9SwuYt1wCTwRWHFc1
XE+sHRFQ3elU5iqbd/slAJbHpeUOnDNldIuSVK5iyxskFJgo0l6R2aFFK5dw8el6
naEhQxH+3EU79D7+HxHH2ERdH61H68dIm4j7wax3ilCh
-----END CERTIFICATE-----