Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/REdUFTD36Vjx0MyMC2HkYd_FTTM.roa
File:                     REdUFTD36Vjx0MyMC2HkYd_FTTM.roa (raw, json)
Hash identifier:          50L4wzb4ZQO2SFJA/nMntslKz1epuZaxJcQ79rU4BY8=
Subject key identifier:   44:47:54:15:30:F7:E9:58:F1:D0:CC:8C:0B:61:E4:61:DF:C5:4D:33
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019A10A1FE627B7EB0F415C6F074C634C845
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/REdUFTD36Vjx0MyMC2HkYd_FTTM.roa
Signing time:             Thu 23 Oct 2025 10:34:03 +0000
ROA not before:           Thu 23 Oct 2025 10:34:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        170.168.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 26 Oct 2025 00:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:10:a1:fe:62:7b:7e:b0:f4:15:c6:f0:74:c6:34:c8:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Oct 23 10:34:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4447541530f7e958f1d0cc8c0b61e461dfc54d33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:22:88:c3:2c:50:16:e5:5e:0b:5d:3d:c4:b8:
                    f8:a6:73:17:8c:e5:19:53:01:05:83:e2:b5:a1:48:
                    c0:94:72:2e:93:58:38:b4:23:8e:d4:40:62:d2:ba:
                    fd:54:c5:20:04:a3:bc:6b:f6:7a:5b:98:89:06:68:
                    a9:46:6d:f6:2e:46:1b:43:17:4c:1b:f2:b1:39:f3:
                    cd:f9:13:12:b6:c3:9a:cd:01:d1:7c:96:1e:74:0e:
                    c0:65:5a:0c:64:4a:ab:32:79:06:95:08:5d:5d:b7:
                    c6:05:32:37:37:3e:be:8e:c5:fc:70:7c:cd:78:7d:
                    2d:f5:19:40:0e:0a:b1:1f:67:6d:d8:36:a2:e6:3a:
                    bf:95:12:15:b3:30:44:2d:af:c1:1a:8e:c1:b2:6b:
                    c4:aa:97:61:99:c8:48:a1:c0:b4:57:8d:04:16:ab:
                    11:f0:76:a2:b3:fb:48:79:14:db:f7:d5:18:cc:a0:
                    09:16:e9:e8:d4:1a:bb:f5:d7:43:f2:43:7c:da:50:
                    d5:54:0c:33:c7:c0:a9:3c:ea:d9:d4:c8:63:98:14:
                    d1:c4:19:df:20:cb:1c:86:6c:8d:41:ff:85:de:43:
                    ff:a7:66:4c:dd:a5:d9:d6:62:fc:07:2f:d3:16:df:
                    67:c2:6b:23:71:ab:8f:aa:f0:d9:92:b4:89:ac:59:
                    6a:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:47:54:15:30:F7:E9:58:F1:D0:CC:8C:0B:61:E4:61:DF:C5:4D:33
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/REdUFTD36Vjx0MyMC2HkYd_FTTM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:8f:01:f3:06:73:03:8d:0d:d3:ca:cc:e5:ff:14:67:7d:db:
         d2:8f:0a:62:d3:06:2a:f6:07:93:ff:39:2a:35:5c:2d:78:70:
         a2:05:e9:62:71:1f:8a:4b:f7:4f:8d:50:6b:7f:fb:b3:6f:b5:
         9a:bc:50:90:08:cc:bb:a6:4e:66:cb:6f:4a:fb:14:f1:5b:90:
         f2:c5:9c:5e:6c:a2:d6:8c:78:d0:95:08:c8:30:87:49:d8:b8:
         47:65:23:ad:76:28:e1:b6:e4:05:e0:49:4f:e2:08:98:34:87:
         42:a5:d3:9f:88:61:f8:69:b1:44:3b:25:06:54:79:c6:7b:fb:
         45:b3:9d:09:df:ba:a3:e1:bb:eb:f8:27:d8:fb:1a:ac:4e:bf:
         43:e5:22:75:55:0f:a9:a4:05:cf:d1:38:62:e6:5f:a2:14:31:
         db:83:bb:0c:ba:89:b5:50:0e:26:83:7e:2c:24:39:95:69:be:
         7d:fb:17:b8:0d:5f:73:84:f3:c8:12:48:4c:e9:1a:b7:90:88:
         70:7d:88:7b:e9:3a:ed:66:c2:ca:af:eb:03:25:3e:a7:eb:88:
         8b:90:b4:15:54:43:b3:ef:11:28:23:3a:10:02:2a:8b:c0:a7:
         80:93:a3:65:60:54:86:3d:7a:50:8f:35:97:fc:a2:6e:b3:e0:
         18:1c:f1:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZoQof5ie36w9BXG8HTGNMhFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMDIzMTAzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQ3NTQxNTMwZjdlOTU4ZjFkMGNjOGMwYjYxZTQ2MWRmYzU0ZDMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1iKIwyxQFuVeC109xLj4pnMXjOUZ
UwEFg+K1oUjAlHIuk1g4tCOO1EBi0rr9VMUgBKO8a/Z6W5iJBmipRm32LkYbQxdM
G/KxOfPN+RMStsOazQHRfJYedA7AZVoMZEqrMnkGlQhdXbfGBTI3Nz6+jsX8cHzN
eH0t9RlADgqxH2dt2Dai5jq/lRIVszBELa/BGo7BsmvEqpdhmchIocC0V40EFqsR
8Hais/tIeRTb99UYzKAJFuno1Bq79ddD8kN82lDVVAwzx8CpPOrZ1MhjmBTRxBnf
IMschmyNQf+F3kP/p2ZM3aXZ1mL8By/TFt9nwmsjcauPqvDZkrSJrFlqMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFERHVBUw9+lY8dDMjAth5GHfxU0zMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvUkVkVUZURDM2Vmp4ME15TUMySGtZZF9GVFRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhbMA0G
CSqGSIb3DQEBCwUAA4IBAQA+jwHzBnMDjQ3Tyszl/xRnfdvSjwpi0wYq9geT/zkq
NVwteHCiBelicR+KS/dPjVBrf/uzb7WavFCQCMy7pk5my29K+xTxW5DyxZxebKLW
jHjQlQjIMIdJ2LhHZSOtdijhtuQF4ElP4giYNIdCpdOfiGH4abFEOyUGVHnGe/tF
s50J37qj4bvr+CfY+xqsTr9D5SJ1VQ+ppAXP0Thi5l+iFDHbg7sMuom1UA4mg34s
JDmVab59+xe4DV9zhPPIEkhM6Rq3kIhwfYh76TrtZsLKr+sDJT6n64iLkLQVVEOz
7xEoIzoQAiqLwKeAk6NlYFSGPXpQjzWX/KJus+AYHPHm
-----END CERTIFICATE-----