Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/qQ6r0WS7nvCo4nsKh6OKkdaJ5YM.roa
File:                     qQ6r0WS7nvCo4nsKh6OKkdaJ5YM.roa (raw, json)
Hash identifier:          GELtR1g8knQTesPEzLBaM1XhoLgQL3QBbZ20aAinOZ8=
Subject key identifier:   A9:0E:AB:D1:64:BB:9E:F0:A8:E2:7B:0A:87:A3:8A:91:D6:89:E5:83
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019DBA6F42D561276AD3365CB2150473B26F
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/qQ6r0WS7nvCo4nsKh6OKkdaJ5YM.roa
Signing time:             Thu 23 Apr 2026 13:02:26 +0000
ROA not before:           Thu 23 Apr 2026 13:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     35682
IP address blocks:        138.249.7.0/24 maxlen: 24
                          170.168.6.0/24 maxlen: 24
                          170.168.90.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 18:48:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ba:6f:42:d5:61:27:6a:d3:36:5c:b2:15:04:73:b2:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Apr 23 13:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a90eabd164bb9ef0a8e27b0a87a38a91d689e583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:40:c5:5a:65:8c:7a:06:a0:f4:07:20:e5:cb:
                    73:42:66:3f:7d:35:dc:fb:e9:60:34:4f:5e:5d:23:
                    8a:91:d7:86:95:17:94:1e:cd:23:a7:17:cd:5d:78:
                    dc:7a:01:da:9c:ba:c6:63:30:98:71:52:22:bc:78:
                    68:8f:43:a0:1c:24:9d:ae:07:4f:38:18:92:a8:3f:
                    cd:19:09:82:27:96:f2:40:9a:3d:83:34:df:62:49:
                    e7:d7:08:d0:27:a2:88:0c:6a:d2:e2:18:cd:82:a7:
                    de:91:07:15:b9:be:be:31:a8:4a:5b:b6:52:34:36:
                    3e:4b:e1:32:d1:79:1b:e8:66:8f:a4:36:15:46:62:
                    62:52:2b:6e:5b:ca:a2:f4:8e:33:2b:31:83:dc:9f:
                    32:7c:8c:01:ec:b9:aa:2d:7d:d8:b1:99:e3:00:55:
                    7d:61:fa:60:f2:59:99:6e:c1:7b:60:9a:20:86:0a:
                    c2:36:1c:c4:fd:5f:36:82:d2:dc:8a:8b:ca:6b:a5:
                    7c:5e:6e:dc:dc:a7:35:25:28:1b:07:d2:d0:e7:7b:
                    87:d3:0d:25:45:a7:d4:d6:b4:b2:82:4e:fd:fc:89:
                    f4:6e:84:a6:bc:ca:a8:8c:c9:2c:fd:31:ca:e6:52:
                    06:9f:50:57:3a:35:ea:8a:06:06:cd:54:65:6a:5e:
                    ad:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:0E:AB:D1:64:BB:9E:F0:A8:E2:7B:0A:87:A3:8A:91:D6:89:E5:83
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/qQ6r0WS7nvCo4nsKh6OKkdaJ5YM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.7.0/24
                  170.168.6.0/24
                  170.168.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:5c:10:ec:c3:50:63:ec:43:a9:aa:48:e9:22:1a:95:7b:35:
         22:29:af:6f:b9:cd:9a:0b:74:64:f5:77:64:85:8e:55:e8:d8:
         d2:49:34:67:9d:ee:10:c8:69:99:52:e4:9b:f7:09:94:53:0a:
         db:57:cc:8d:7d:91:bb:92:b4:cb:4b:ee:01:5f:13:fb:a5:8d:
         52:08:e6:82:a1:14:9c:d1:51:7b:81:70:9f:2e:51:64:c1:27:
         5e:42:c0:83:ed:72:c3:2c:50:a7:0d:b9:e1:7e:65:c7:c7:29:
         bc:95:49:cc:a1:a9:30:32:b4:03:8d:ce:ff:5f:ec:fe:f6:2b:
         42:a3:69:53:33:ca:c4:71:3d:1a:37:05:90:d0:a1:44:b4:2e:
         1b:53:f1:ea:d3:0a:85:98:72:ab:40:3e:5a:cd:04:99:77:bd:
         64:57:1c:50:6e:58:7f:d7:a0:2f:4d:3e:8a:8c:fc:34:47:0d:
         bf:5f:b4:e0:e9:48:b7:2e:31:11:c0:17:0c:00:72:40:14:7b:
         a9:c7:38:31:33:1c:07:3d:71:6a:03:35:de:64:b3:22:7e:1d:
         4e:96:c2:d6:72:85:2b:bb:72:68:5d:13:15:fa:43:02:5a:a6:
         14:fa:86:ad:d0:55:61:8b:e1:35:6e:83:ea:3c:c0:72:94:f4:
         13:b1:f7:bc
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ26b0LVYSdq0zZcshUEc7JvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwNDIzMTMwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTBlYWJkMTY0YmI5ZWYwYThlMjdiMGE4N2EzOGE5MWQ2ODllNTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4UDFWmWMegag9Acg5ctzQmY/fTXc
++lgNE9eXSOKkdeGlReUHs0jpxfNXXjcegHanLrGYzCYcVIivHhoj0OgHCSdrgdP
OBiSqD/NGQmCJ5byQJo9gzTfYknn1wjQJ6KIDGrS4hjNgqfekQcVub6+MahKW7ZS
NDY+S+Ey0Xkb6GaPpDYVRmJiUituW8qi9I4zKzGD3J8yfIwB7LmqLX3YsZnjAFV9
Yfpg8lmZbsF7YJoghgrCNhzE/V82gtLciovKa6V8Xm7c3Kc1JSgbB9LQ53uH0w0l
RafU1rSygk79/In0boSmvMqojMks/THK5lIGn1BXOjXqigYGzVRlal6towIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKkOq9Fku57wqOJ7CoejipHWieWDMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvcVE2cjBXUzdudkNvNG5zS2g2T0trZGFKNVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAivkHAwQA
qqgGAwQAqqhaMA0GCSqGSIb3DQEBCwUAA4IBAQAOXBDsw1Bj7EOpqkjpIhqVezUi
Ka9vuc2aC3Rk9XdkhY5V6NjSSTRnne4QyGmZUuSb9wmUUwrbV8yNfZG7krTLS+4B
XxP7pY1SCOaCoRSc0VF7gXCfLlFkwSdeQsCD7XLDLFCnDbnhfmXHxym8lUnMoakw
MrQDjc7/X+z+9itCo2lTM8rEcT0aNwWQ0KFEtC4bU/Hq0wqFmHKrQD5azQSZd71k
VxxQblh/16AvTT6KjPw0Rw2/X7Tg6Ui3LjERwBcMAHJAFHupxzgxMxwHPXFqAzXe
ZLMifh1OlsLWcoUru3JoXRMV+kMCWqYU+oat0FVhi+E1boPqPMBylPQTsfe8
-----END CERTIFICATE-----