Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/tQYGzWPjnY5fWUZOGa_1B_AKgBE.roa
File:                     tQYGzWPjnY5fWUZOGa_1B_AKgBE.roa (raw, json)
Hash identifier:          CYh32m5ucDOJnYbub3OIyYuSREoTDIjemGaC7sZe4CU=
Subject key identifier:   B5:06:06:CD:63:E3:9D:8E:5F:59:46:4E:19:AF:F5:07:F0:0A:80:11
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019EDBC829CAA45D973C3B635CC8844A30BA
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/tQYGzWPjnY5fWUZOGa_1B_AKgBE.roa
Signing time:             Thu 18 Jun 2026 17:29:48 +0000
ROA not before:           Thu 18 Jun 2026 17:29:48 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     43641
IP address blocks:        138.249.6.0/24 maxlen: 24
                          138.249.134.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Jun 2026 04:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:db:c8:29:ca:a4:5d:97:3c:3b:63:5c:c8:84:4a:30:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jun 18 17:29:48 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b50606cd63e39d8e5f59464e19aff507f00a8011
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:df:ce:8c:e1:c5:83:3b:61:70:1b:13:56:bd:
                    bf:63:4b:bc:35:7a:f8:8c:0f:18:17:1a:a9:db:d0:
                    c1:91:a0:5e:33:33:b4:37:93:dd:91:4a:24:a7:eb:
                    30:87:df:73:58:fa:82:96:fc:f9:6d:11:e9:b0:d7:
                    c1:c6:18:b1:53:32:a6:db:8b:12:80:7e:91:cc:1a:
                    a9:e8:ef:b2:10:2e:76:c7:20:6c:02:9b:7d:dc:51:
                    e9:5b:02:0d:9f:c4:e5:22:19:4a:2f:33:80:19:99:
                    80:a8:ed:6f:12:1c:5c:26:d5:ef:04:f8:b9:b5:37:
                    b6:bb:10:75:bb:ad:44:09:de:32:e5:dd:6c:34:cf:
                    3a:1f:97:0c:98:ef:cf:04:22:ad:30:32:0d:c2:75:
                    83:41:10:c4:54:97:da:ae:2d:e0:98:f1:d4:bb:74:
                    6f:2a:15:4a:e7:b4:f2:85:b0:1d:1e:32:c4:14:d1:
                    88:88:02:c5:88:60:87:5c:fe:aa:04:66:91:dd:c1:
                    8e:c6:db:86:6d:1d:e9:5e:a2:10:f5:9b:eb:18:f8:
                    2d:c7:09:33:d9:8d:57:a0:b7:b2:59:ef:bf:f1:9d:
                    d0:f1:70:3b:6d:e3:55:f7:c9:52:34:bf:86:ec:24:
                    35:e3:aa:03:ae:79:30:54:3a:1e:4e:1c:26:fc:34:
                    98:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:06:06:CD:63:E3:9D:8E:5F:59:46:4E:19:AF:F5:07:F0:0A:80:11
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/tQYGzWPjnY5fWUZOGa_1B_AKgBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.6.0/24
                  138.249.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:ad:7e:bf:aa:8b:cd:e0:63:71:ae:b6:9f:f9:53:91:ff:66:
         47:52:8b:16:9e:48:5a:ba:40:27:18:43:1c:8a:f8:8c:0b:9b:
         e9:6b:5d:ef:14:8b:9b:da:29:09:3e:44:ce:e4:6a:de:d5:d9:
         5e:84:b6:38:4c:12:5d:92:fd:8f:62:e2:77:9c:a5:06:30:ea:
         6d:7f:65:9b:eb:2a:24:48:11:f9:4d:68:78:1d:c5:80:21:e1:
         7e:5f:7d:95:b8:e1:8c:7e:74:0b:1d:22:c3:80:70:05:31:63:
         5c:ec:f6:b5:73:3c:0e:17:89:e7:98:78:53:84:5d:99:3f:38:
         bc:91:29:5b:dd:f2:27:d0:e1:8b:33:55:84:30:cd:81:87:31:
         17:08:d7:c4:fe:24:a2:fc:7b:71:b2:18:17:01:9f:b4:a0:18:
         20:ba:be:1d:f4:0c:10:03:c2:b1:c2:6e:40:7c:e9:eb:94:66:
         14:b2:0e:48:81:00:37:c4:48:bc:56:ce:79:d1:ab:b1:7b:be:
         37:4c:8f:32:0d:96:05:28:45:33:46:aa:e5:1f:98:2b:61:1e:
         86:d4:3a:5e:5c:23:bb:9d:8d:95:07:d4:8f:b1:2c:e5:47:4c:
         5c:64:85:f9:20:6c:8c:8c:97:38:5f:b8:75:97:83:d3:2b:cb:
         7f:8f:1f:92
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ7byCnKpF2XPDtjXMiESjC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwNjE4MTcyOTQ4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTA2MDZjZDYzZTM5ZDhlNWY1OTQ2NGUxOWFmZjUwN2YwMGE4MDExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApt/OjOHFgzthcBsTVr2/Y0u8NXr4
jA8YFxqp29DBkaBeMzO0N5PdkUokp+swh99zWPqClvz5bRHpsNfBxhixUzKm24sS
gH6RzBqp6O+yEC52xyBsApt93FHpWwINn8TlIhlKLzOAGZmAqO1vEhxcJtXvBPi5
tTe2uxB1u61ECd4y5d1sNM86H5cMmO/PBCKtMDINwnWDQRDEVJfari3gmPHUu3Rv
KhVK57TyhbAdHjLEFNGIiALFiGCHXP6qBGaR3cGOxtuGbR3pXqIQ9ZvrGPgtxwkz
2Y1XoLeyWe+/8Z3Q8XA7beNV98lSNL+G7CQ146oDrnkwVDoeThwm/DSYPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLUGBs1j452OX1lGThmv9QfwCoARMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvdFFZR3pXUGpuWTVmV1VaT0dhXzFCX0FLZ0JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAivkGAwQA
ivmGMA0GCSqGSIb3DQEBCwUAA4IBAQBtrX6/qovN4GNxrraf+VOR/2ZHUosWnkha
ukAnGEMciviMC5vpa13vFIub2ikJPkTO5Gre1dlehLY4TBJdkv2PYuJ3nKUGMOpt
f2Wb6yokSBH5TWh4HcWAIeF+X32VuOGMfnQLHSLDgHAFMWNc7Pa1czwOF4nnmHhT
hF2ZPzi8kSlb3fIn0OGLM1WEMM2BhzEXCNfE/iSi/HtxshgXAZ+0oBggur4d9AwQ
A8Kxwm5AfOnrlGYUsg5IgQA3xEi8Vs550auxe743TI8yDZYFKEUzRqrlH5grYR6G
1DpeXCO7nY2VB9SPsSzlR0xcZIX5IGyMjJc4X7h1l4PTK8t/jx+S
-----END CERTIFICATE-----