Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/kLbwtoR1-PJ1iVx7zIS8OZRHmbo.roa
File:                     kLbwtoR1-PJ1iVx7zIS8OZRHmbo.roa (raw, json)
Hash identifier:          zzpiAI5dZ3DlISifut9W8VJhobMr0FAEbnu/KPId+O8=
Subject key identifier:   90:B6:F0:B6:84:75:F8:F2:75:89:5C:7B:CC:84:BC:39:94:47:99:BA
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0198F0EC5568D0614DE755ED51402270AB97
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/kLbwtoR1-PJ1iVx7zIS8OZRHmbo.roa
Signing time:             Thu 28 Aug 2025 13:44:36 +0000
ROA not before:           Thu 28 Aug 2025 13:44:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61223
IP address blocks:        170.168.23.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 09 Sep 2025 08:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:f0:ec:55:68:d0:61:4d:e7:55:ed:51:40:22:70:ab:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug 28 13:44:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90b6f0b68475f8f275895c7bcc84bc39944799ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ba:9e:71:f7:4f:46:d5:87:71:4c:bd:96:e8:
                    d9:de:08:ea:fe:03:7d:0c:71:7c:e5:05:b3:ca:e7:
                    4a:98:5e:64:97:11:58:ce:50:33:c8:40:9e:d6:bd:
                    52:62:8d:42:3f:13:92:9e:77:46:42:78:25:fd:56:
                    7e:05:97:53:f4:1d:cb:2d:76:3a:bb:46:bc:02:88:
                    c6:e7:8b:8a:19:53:4e:ea:51:70:92:aa:76:de:34:
                    1c:b6:3d:6b:bc:31:0b:33:d6:fc:77:14:34:0f:c1:
                    1b:62:d2:cf:a2:80:99:83:cb:27:e8:16:d1:e7:89:
                    fb:51:45:43:f8:3f:ae:7d:c1:5f:c7:97:93:82:00:
                    66:e3:0b:df:62:0b:71:b8:7a:04:65:e3:88:0f:8c:
                    3d:b9:74:fa:05:76:15:a8:a8:61:f6:20:38:b1:f8:
                    18:eb:6f:96:df:c9:ed:c4:46:a3:fd:9e:8e:9d:01:
                    67:67:03:27:89:9d:53:c8:97:08:8f:47:7d:50:0d:
                    e3:fd:3f:f1:ec:fd:0c:6b:18:c5:99:65:87:0c:34:
                    8b:1b:32:ed:44:d0:8a:ac:92:ce:f2:0b:b6:f9:8c:
                    f4:fa:d0:28:fd:d0:d6:a3:f0:4d:6c:dc:1b:1c:ac:
                    83:aa:e4:5f:c7:e7:53:57:7f:ff:f6:fb:7c:d4:8b:
                    69:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B6:F0:B6:84:75:F8:F2:75:89:5C:7B:CC:84:BC:39:94:47:99:BA
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/kLbwtoR1-PJ1iVx7zIS8OZRHmbo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:aa:68:23:e0:35:c0:df:c5:be:39:d4:66:24:2d:95:44:ac:
         54:07:89:38:6d:59:b5:fd:01:36:32:96:54:d8:6f:fb:ad:85:
         b7:0c:79:50:87:d6:18:e2:a9:65:4d:78:07:c9:b2:12:ef:4b:
         d5:40:44:f0:35:82:19:ed:67:a7:08:a0:de:1a:5e:70:c0:bc:
         10:0a:b6:15:ee:46:bc:a1:6d:eb:7a:83:7d:ed:07:ff:2b:83:
         c6:4a:ee:b1:68:b4:ca:ee:2f:7b:cd:b2:1a:ac:77:a6:49:3d:
         91:3b:34:3a:d2:0b:60:7d:9b:8a:30:9b:05:ed:97:09:38:26:
         89:79:9d:e4:8d:d6:f2:82:e1:e1:4c:e0:97:e3:09:aa:18:18:
         d1:c7:15:77:8e:c0:66:b3:31:11:ef:2c:c9:64:15:37:6e:96:
         f4:b5:8a:8d:54:e2:03:fd:57:dc:26:80:9c:27:f2:e4:03:84:
         32:e5:df:0f:95:ed:d5:1d:d6:a0:87:c7:87:37:2e:02:39:b4:
         42:59:f9:49:9b:be:06:27:54:0a:2e:31:fb:a2:f7:a1:47:90:
         4f:59:10:5b:18:5b:e6:2a:8b:71:a5:88:f1:44:4c:ef:f7:a5:
         b0:5c:d6:d8:9b:a9:63:53:0c:a9:81:f0:bd:0e:cd:9d:f9:14:
         09:94:87:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjw7FVo0GFN51XtUUAicKuXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODI4MTM0NDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI2ZjBiNjg0NzVmOGYyNzU4OTVjN2JjYzg0YmMzOTk0NDc5OWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbqecfdPRtWHcUy9lujZ3gjq/gN9
DHF85QWzyudKmF5klxFYzlAzyECe1r1SYo1CPxOSnndGQngl/VZ+BZdT9B3LLXY6
u0a8AojG54uKGVNO6lFwkqp23jQctj1rvDELM9b8dxQ0D8EbYtLPooCZg8sn6BbR
54n7UUVD+D+ufcFfx5eTggBm4wvfYgtxuHoEZeOID4w9uXT6BXYVqKhh9iA4sfgY
62+W38ntxEaj/Z6OnQFnZwMniZ1TyJcIj0d9UA3j/T/x7P0MaxjFmWWHDDSLGzLt
RNCKrJLO8gu2+Yz0+tAo/dDWo/BNbNwbHKyDquRfx+dTV3//9vt81ItpWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC28LaEdfjydYlce8yEvDmUR5m6MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEva0xid3RvUjEtUEoxaVZ4N3pJUzhPWlJIbWJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgXMA0G
CSqGSIb3DQEBCwUAA4IBAQByqmgj4DXA38W+OdRmJC2VRKxUB4k4bVm1/QE2MpZU
2G/7rYW3DHlQh9YY4qllTXgHybIS70vVQETwNYIZ7WenCKDeGl5wwLwQCrYV7ka8
oW3reoN97Qf/K4PGSu6xaLTK7i97zbIarHemST2ROzQ60gtgfZuKMJsF7ZcJOCaJ
eZ3kjdbyguHhTOCX4wmqGBjRxxV3jsBmszER7yzJZBU3bpb0tYqNVOID/VfcJoCc
J/LkA4Qy5d8Ple3VHdagh8eHNy4CObRCWflJm74GJ1QKLjH7ovehR5BPWRBbGFvm
KotxpYjxREzv96WwXNbYm6ljUwypgfC9Ds2d+RQJlIde
-----END CERTIFICATE-----