Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/K7B04UdrXsN9ElBgi-NmCNsXu2M.roa
File:                     K7B04UdrXsN9ElBgi-NmCNsXu2M.roa (raw, json)
Hash identifier:          kc5GimuEockkKZ7W8F2Yp/TQtH314c83/GSi4IsknAY=
Subject key identifier:   2B:B0:74:E1:47:6B:5E:C3:7D:12:50:60:8B:E3:66:08:DB:17:BB:63
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019DF8336BCC835710D41FA469EE466AC6BC
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/K7B04UdrXsN9ElBgi-NmCNsXu2M.roa
Signing time:             Tue 05 May 2026 12:53:32 +0000
ROA not before:           Tue 05 May 2026 12:53:32 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214822
IP address blocks:        170.168.1.0/24 maxlen: 24
                          170.168.15.0/24 maxlen: 24
                          170.168.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f8:33:6b:cc:83:57:10:d4:1f:a4:69:ee:46:6a:c6:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: May  5 12:53:32 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2bb074e1476b5ec37d1250608be36608db17bb63
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7b:c3:8f:49:9a:b5:ae:05:b7:04:3a:bf:b2:
                    d9:ea:43:20:de:85:02:b5:9b:72:46:14:78:00:cb:
                    cd:d9:25:07:e0:2e:2f:ec:d7:3f:3b:b2:e8:30:01:
                    0e:17:7d:a5:a4:51:ee:fd:ee:2d:82:b2:32:2e:c4:
                    e2:f9:c6:6c:37:33:91:67:a7:99:cf:54:19:e3:ae:
                    ca:98:0a:eb:e5:f5:6c:51:f8:23:a9:b4:2e:1f:6a:
                    e6:b1:39:4d:68:55:bd:97:ee:2b:a5:ff:5c:b9:b5:
                    8c:b2:2e:4b:d5:41:0e:d2:92:1a:a6:81:85:0c:c5:
                    a9:a9:cd:64:d6:47:23:99:c1:e9:07:29:60:ae:ff:
                    83:2d:c4:0b:02:ca:da:27:4a:94:18:41:98:b9:a9:
                    88:fb:47:42:c8:af:38:da:a5:d2:92:0f:23:07:2a:
                    a3:59:45:4f:33:53:90:a8:93:ca:1c:cb:4e:01:e8:
                    a0:b5:02:b7:f4:d2:7c:57:80:57:0d:f9:73:81:51:
                    73:e2:20:f9:d0:3d:9a:7f:71:bb:92:59:59:ba:65:
                    e9:c0:d9:ca:f1:c6:7d:87:27:92:7b:b8:bf:94:b7:
                    97:8d:9c:e2:6b:97:15:ac:6f:80:4a:84:26:75:6a:
                    1b:69:90:78:2e:e3:01:30:e7:94:ac:84:41:1b:d8:
                    e5:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B0:74:E1:47:6B:5E:C3:7D:12:50:60:8B:E3:66:08:DB:17:BB:63
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/K7B04UdrXsN9ElBgi-NmCNsXu2M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.1.0/24
                  170.168.15.0/24
                  170.168.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:a2:b7:4d:ea:94:7e:19:50:f8:6e:a9:cf:c6:c2:35:d2:86:
         8a:d9:c1:8a:25:04:e3:a5:67:ce:74:4f:eb:33:35:e5:d7:23:
         3d:28:24:b2:74:a9:ee:42:6b:73:f0:85:33:f6:ae:c1:0a:d9:
         96:bf:f4:79:28:2a:ff:07:db:ba:4e:d1:26:50:b0:41:ca:4e:
         66:c6:e3:15:ce:59:93:d1:1a:45:a9:fc:60:a2:27:b5:39:ad:
         ec:84:7e:05:66:51:77:48:d1:cd:2f:f1:a2:0e:bc:da:0e:b3:
         5b:50:9b:8e:e2:e4:d3:dd:e5:be:e1:5e:ec:15:d8:34:c6:e0:
         1b:d5:79:b0:51:72:de:2b:d9:17:b8:77:03:21:a3:b8:3b:23:
         06:5f:27:0c:54:14:0a:b8:65:55:4b:ac:75:7e:ef:02:93:b1:
         a7:83:7c:56:c2:db:29:e1:7e:78:c4:3d:bc:2c:b9:91:98:08:
         9c:23:1f:32:c0:b6:00:a2:a6:5b:93:75:e5:78:18:96:e6:52:
         6e:a4:03:4a:e6:b8:ce:d0:c8:a8:bd:58:69:39:44:4d:3f:a5:
         2c:59:a6:91:9f:97:42:07:b1:c2:b9:a4:51:a3:5a:c2:c9:95:
         94:eb:15:59:61:59:ef:b0:ae:92:2e:0e:f2:65:b7:89:21:e0:
         a4:d6:3d:51
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ34M2vMg1cQ1B+kae5Gasa8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwNTA1MTI1MzMyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmIwNzRlMTQ3NmI1ZWMzN2QxMjUwNjA4YmUzNjYwOGRiMTdiYjYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArnvDj0mata4FtwQ6v7LZ6kMg3oUC
tZtyRhR4AMvN2SUH4C4v7Nc/O7LoMAEOF32lpFHu/e4tgrIyLsTi+cZsNzORZ6eZ
z1QZ467KmArr5fVsUfgjqbQuH2rmsTlNaFW9l+4rpf9cubWMsi5L1UEO0pIapoGF
DMWpqc1k1kcjmcHpBylgrv+DLcQLAsraJ0qUGEGYuamI+0dCyK842qXSkg8jByqj
WUVPM1OQqJPKHMtOAeigtQK39NJ8V4BXDflzgVFz4iD50D2af3G7kllZumXpwNnK
8cZ9hyeSe7i/lLeXjZzia5cVrG+ASoQmdWobaZB4LuMBMOeUrIRBG9jlNwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCuwdOFHa17DfRJQYIvjZgjbF7tjMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvSzdCMDRVZHJYc045RWxCZ2ktTm1DTnNYdTJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAqqgBAwQA
qqgPAwQAqqgtMA0GCSqGSIb3DQEBCwUAA4IBAQCOordN6pR+GVD4bqnPxsI10oaK
2cGKJQTjpWfOdE/rMzXl1yM9KCSydKnuQmtz8IUz9q7BCtmWv/R5KCr/B9u6TtEm
ULBByk5mxuMVzlmT0RpFqfxgoie1Oa3shH4FZlF3SNHNL/GiDrzaDrNbUJuO4uTT
3eW+4V7sFdg0xuAb1XmwUXLeK9kXuHcDIaO4OyMGXycMVBQKuGVVS6x1fu8Ck7Gn
g3xWwtsp4X54xD28LLmRmAicIx8ywLYAoqZbk3XleBiW5lJupANK5rjO0MiovVhp
OURNP6UsWaaRn5dCB7HCuaRRo1rCyZWU6xVZYVnvsK6SLg7yZbeJIeCk1j1R
-----END CERTIFICATE-----