Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/hV0xmLCbVI0Z_lGTFBFJ_1EjqIw.roa
File:                     hV0xmLCbVI0Z_lGTFBFJ_1EjqIw.roa (raw, json)
Hash identifier:          RD3HFxDZxmlQMlFFIU1sLkxHbAxzrxh/5RzNMozB7Tg=
Subject key identifier:   85:5D:31:98:B0:9B:54:8D:19:FE:51:93:14:11:49:FF:51:23:A8:8C
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       01990A3B83A0BDF365882BE3598A983ECBCF
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/hV0xmLCbVI0Z_lGTFBFJ_1EjqIw.roa
Signing time:             Tue 02 Sep 2025 11:41:36 +0000
ROA not before:           Tue 02 Sep 2025 11:41:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209133
IP address blocks:        170.168.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 17:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:0a:3b:83:a0:bd:f3:65:88:2b:e3:59:8a:98:3e:cb:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep  2 11:41:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=855d3198b09b548d19fe5193141149ff5123a88c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:39:f8:3a:36:51:e3:1b:17:45:e4:b7:46:25:
                    63:d4:6f:e4:a7:2e:ff:1d:f8:5b:93:5c:87:b8:0c:
                    ba:30:6f:ea:d8:46:68:92:0a:c1:88:a6:92:ff:d4:
                    eb:de:b9:00:48:78:2e:d3:3f:d7:66:76:ef:43:d1:
                    df:11:b3:40:78:06:d8:19:ef:1f:96:0e:a7:aa:f7:
                    22:af:07:71:f6:e9:de:3e:d6:4c:bc:be:80:e1:93:
                    2b:be:9d:10:7e:40:d2:05:b2:8d:47:38:98:2c:ac:
                    79:5e:18:63:63:66:d9:9a:24:fb:64:1a:f7:f1:9e:
                    71:e1:24:2e:a6:22:df:a1:59:ab:81:50:db:96:6e:
                    3e:d8:e7:d5:84:77:87:16:be:a5:bc:ba:55:18:f5:
                    05:8d:56:87:c0:7e:59:ff:14:19:ac:c7:a0:f9:cf:
                    58:d1:21:b7:8e:12:a2:ba:2b:b7:00:34:0c:bf:00:
                    f6:49:ca:e7:19:79:08:c3:b4:36:cd:56:b9:f3:4a:
                    b3:ce:d1:cc:c9:cd:b6:5d:a4:df:75:c6:7a:3a:9b:
                    db:6c:0c:41:86:cb:8f:b0:08:0a:67:af:1d:84:99:
                    25:df:7d:70:83:4e:05:b9:33:aa:c2:e3:e8:e8:e3:
                    51:36:a8:23:04:3f:4e:ec:a8:ab:59:7e:fd:a3:94:
                    fb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:5D:31:98:B0:9B:54:8D:19:FE:51:93:14:11:49:FF:51:23:A8:8C
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/hV0xmLCbVI0Z_lGTFBFJ_1EjqIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:84:66:a1:59:90:5d:75:bf:a8:0d:c0:03:8f:ac:f9:de:5f:
         34:4a:4d:9a:c8:ec:5c:4c:37:07:49:22:49:42:0a:3c:d1:61:
         59:68:79:dc:34:a8:5a:e6:18:03:2a:de:69:f9:51:3d:2c:31:
         4e:de:38:24:fd:72:1d:04:a5:33:57:64:48:96:8a:0f:a7:f7:
         8f:0c:be:06:04:f1:bd:d1:68:8a:96:32:18:5b:a3:a2:40:ce:
         42:3a:71:08:f4:ae:a4:9e:22:95:27:b7:ec:09:c9:b4:79:b8:
         94:03:8a:ac:de:c9:99:f3:f1:23:61:b9:d9:d7:d9:15:e9:c0:
         93:a3:4c:94:eb:8b:91:fb:35:88:3f:f9:77:62:32:03:5e:0d:
         5f:f2:89:f1:d2:af:0d:27:da:91:c2:f9:fa:46:5f:f7:1f:5d:
         9f:5d:03:ff:ae:59:44:b1:aa:27:9e:a9:b1:b8:07:f0:de:d3:
         53:90:e3:67:09:b2:c3:98:40:b9:f6:63:c0:85:ec:2d:a8:92:
         7d:cb:cf:6c:b1:a4:c3:2c:9f:0f:f0:fc:32:01:c5:d0:c0:4f:
         74:b7:f1:2b:35:d8:44:83:e3:66:9d:75:47:0b:6c:42:fc:d1:
         48:22:ee:8b:9d:4a:54:a9:7b:b2:3d:ca:47:a1:27:f5:b8:bd:
         44:7a:a6:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkKO4OgvfNliCvjWYqYPsvPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTAyMTE0MTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTVkMzE5OGIwOWI1NDhkMTlmZTUxOTMxNDExNDlmZjUxMjNhODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwjn4OjZR4xsXReS3RiVj1G/kpy7/
Hfhbk1yHuAy6MG/q2EZokgrBiKaS/9Tr3rkASHgu0z/XZnbvQ9HfEbNAeAbYGe8f
lg6nqvcirwdx9unePtZMvL6A4ZMrvp0QfkDSBbKNRziYLKx5XhhjY2bZmiT7ZBr3
8Z5x4SQupiLfoVmrgVDblm4+2OfVhHeHFr6lvLpVGPUFjVaHwH5Z/xQZrMeg+c9Y
0SG3jhKiuiu3ADQMvwD2ScrnGXkIw7Q2zVa580qzztHMyc22XaTfdcZ6OpvbbAxB
hsuPsAgKZ68dhJkl331wg04FuTOqwuPo6ONRNqgjBD9O7KirWX79o5T7sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIVdMZiwm1SNGf5RkxQRSf9RI6iMMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvaFYweG1MQ2JWSTBaX2xHVEZCRkpfMUVqcUl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhIMA0G
CSqGSIb3DQEBCwUAA4IBAQB5hGahWZBddb+oDcADj6z53l80Sk2ayOxcTDcHSSJJ
Qgo80WFZaHncNKha5hgDKt5p+VE9LDFO3jgk/XIdBKUzV2RIlooPp/ePDL4GBPG9
0WiKljIYW6OiQM5COnEI9K6kniKVJ7fsCcm0ebiUA4qs3smZ8/EjYbnZ19kV6cCT
o0yU64uR+zWIP/l3YjIDXg1f8onx0q8NJ9qRwvn6Rl/3H12fXQP/rllEsaonnqmx
uAfw3tNTkONnCbLDmEC59mPAhewtqJJ9y89ssaTDLJ8P8PwyAcXQwE90t/ErNdhE
g+NmnXVHC2xC/NFIIu6LnUpUqXuyPcpHoSf1uL1Eeqav
-----END CERTIFICATE-----