Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/eGKY3KhFjvib-P8KE1wLFiyqzQ8.roa
File:                     eGKY3KhFjvib-P8KE1wLFiyqzQ8.roa (raw, json)
Hash identifier:          A7CvZnQDDHHR/JHicSL3VrDNDOr26H9Dx1wMDK5KK34=
Subject key identifier:   78:62:98:DC:A8:45:8E:F8:9B:F8:FF:0A:13:5C:0B:16:2C:AA:CD:0F
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       01991627B26CC08E5EAC90FDF96AE3BDF6D3
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/eGKY3KhFjvib-P8KE1wLFiyqzQ8.roa
Signing time:             Thu 04 Sep 2025 19:15:24 +0000
ROA not before:           Thu 04 Sep 2025 19:15:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43991
IP address blocks:        170.168.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 23:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:16:27:b2:6c:c0:8e:5e:ac:90:fd:f9:6a:e3:bd:f6:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep  4 19:15:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=786298dca8458ef89bf8ff0a135c0b162caacd0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:60:01:3f:79:d1:83:a2:cb:98:dc:84:03:d5:
                    8e:dc:f7:33:4d:5a:92:52:90:7f:44:fe:57:df:64:
                    00:c0:8c:88:a5:44:81:15:c4:06:f2:c8:07:67:61:
                    3f:5b:9c:36:fb:7c:67:2d:f7:50:04:81:8f:c3:93:
                    8e:b3:e3:bc:6c:bd:e4:a5:ce:81:8a:47:35:9b:05:
                    51:0a:de:12:be:85:80:6e:e1:4c:c5:5f:80:7d:bb:
                    8b:b8:17:5a:fc:ea:d3:d2:ca:93:cb:af:a8:ce:24:
                    19:bd:26:8d:64:62:45:2a:f2:c2:df:a2:ae:68:01:
                    7e:2c:b8:95:e1:d2:7e:8a:c2:b5:bb:be:48:c5:59:
                    d4:50:8d:bb:c4:77:75:76:9f:54:09:bb:d1:69:17:
                    39:aa:1b:20:79:97:4b:0d:de:d0:4b:83:d7:37:36:
                    f1:7d:42:85:02:e9:24:60:93:ab:a9:a3:a6:d2:03:
                    dd:a8:4b:99:b9:3a:8b:2a:4c:94:2f:a6:bf:83:aa:
                    5b:3d:ce:bd:58:ba:20:35:96:be:9c:70:6d:f0:0c:
                    88:e5:dd:e7:36:b5:fd:a7:88:1d:8c:3f:ff:d6:e5:
                    d4:5f:3f:43:d1:30:4f:0d:c9:6b:0d:4e:a9:5d:13:
                    32:0e:62:bf:aa:65:28:07:a8:ae:cc:d1:45:95:80:
                    0b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:62:98:DC:A8:45:8E:F8:9B:F8:FF:0A:13:5C:0B:16:2C:AA:CD:0F
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/eGKY3KhFjvib-P8KE1wLFiyqzQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:5e:2f:97:8a:f8:7d:95:4e:69:9f:95:a2:56:11:9d:1c:f4:
         40:33:3c:c1:38:e7:57:9b:a3:a7:20:df:a5:8f:0b:13:72:8b:
         11:1b:13:f6:c0:af:c9:43:28:84:da:bb:f6:28:23:89:c3:e2:
         4f:fc:32:5a:30:2f:77:91:58:8f:5e:28:cb:ea:e1:87:40:64:
         33:1d:10:2d:4e:4f:e2:69:2d:0b:32:83:53:9e:a1:0f:9c:e5:
         df:1e:7f:62:69:05:88:6b:14:64:ce:24:85:d5:ae:a8:62:69:
         af:17:ba:57:ec:28:63:c0:4a:f1:fc:2b:d3:53:48:4d:8a:8e:
         3d:2f:85:37:a1:79:72:a5:4f:db:36:7a:15:3d:23:f9:99:e3:
         0c:6c:fe:87:77:f6:25:2a:4a:c8:95:66:f7:e5:e0:c9:c4:2b:
         82:29:3d:b3:5b:4c:38:6e:f0:c2:9d:11:ef:a0:7f:6d:ed:be:
         e3:20:93:cc:98:8e:09:0b:0e:a8:bb:3a:66:cc:75:93:b1:cb:
         87:e3:ce:4b:2c:10:7b:fe:12:b8:09:c3:35:4a:15:f5:b8:10:
         42:3b:fc:f8:1f:15:ea:91:1f:b8:49:cb:44:11:4b:48:63:1e:
         77:f8:c0:50:ad:2f:7e:57:3f:1c:6f:7c:09:dc:c2:47:1f:f3:
         5b:6d:10:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkWJ7JswI5erJD9+WrjvfbTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTA0MTkxNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODYyOThkY2E4NDU4ZWY4OWJmOGZmMGExMzVjMGIxNjJjYWFjZDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtWABP3nRg6LLmNyEA9WO3PczTVqS
UpB/RP5X32QAwIyIpUSBFcQG8sgHZ2E/W5w2+3xnLfdQBIGPw5OOs+O8bL3kpc6B
ikc1mwVRCt4SvoWAbuFMxV+AfbuLuBda/OrT0sqTy6+oziQZvSaNZGJFKvLC36Ku
aAF+LLiV4dJ+isK1u75IxVnUUI27xHd1dp9UCbvRaRc5qhsgeZdLDd7QS4PXNzbx
fUKFAukkYJOrqaOm0gPdqEuZuTqLKkyUL6a/g6pbPc69WLogNZa+nHBt8AyI5d3n
NrX9p4gdjD//1uXUXz9D0TBPDclrDU6pXRMyDmK/qmUoB6iuzNFFlYALEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhimNyoRY74m/j/ChNcCxYsqs0PMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvZUdLWTNLaEZqdmliLVA4S0Uxd0xGaXlxelE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhAMA0G
CSqGSIb3DQEBCwUAA4IBAQB0Xi+Xivh9lU5pn5WiVhGdHPRAMzzBOOdXm6OnIN+l
jwsTcosRGxP2wK/JQyiE2rv2KCOJw+JP/DJaMC93kViPXijL6uGHQGQzHRAtTk/i
aS0LMoNTnqEPnOXfHn9iaQWIaxRkziSF1a6oYmmvF7pX7ChjwErx/CvTU0hNio49
L4U3oXlypU/bNnoVPSP5meMMbP6Hd/YlKkrIlWb35eDJxCuCKT2zW0w4bvDCnRHv
oH9t7b7jIJPMmI4JCw6ouzpmzHWTscuH485LLBB7/hK4CcM1ShX1uBBCO/z4HxXq
kR+4SctEEUtIYx53+MBQrS9+Vz8cb3wJ3MJHH/NbbRBy
-----END CERTIFICATE-----