Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/1tYxApoMMcMulGp-_2AoJXb8Tpw.roa
File:                     1tYxApoMMcMulGp-_2AoJXb8Tpw.roa (raw, json)
Hash identifier:          iWquyFy/TovDUw+qdNO+m2GgLvIUUvWLC4eT94NvvFg=
Subject key identifier:   D6:D6:31:02:9A:0C:31:C3:2E:94:6A:7E:FF:60:28:25:76:FC:4E:9C
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019D218553E5F41BDF68A168C393A45FE28F
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/1tYxApoMMcMulGp-_2AoJXb8Tpw.roa
Signing time:             Tue 24 Mar 2026 20:24:39 +0000
ROA not before:           Tue 24 Mar 2026 20:24:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201002
IP address blocks:        138.249.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 15:17:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:21:85:53:e5:f4:1b:df:68:a1:68:c3:93:a4:5f:e2:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Mar 24 20:24:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6d631029a0c31c32e946a7eff60282576fc4e9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:e9:2a:56:6e:9d:91:88:c2:13:6b:7d:a8:d5:
                    4b:fa:63:f4:10:b3:8c:03:11:31:db:f4:0e:db:88:
                    b0:d4:f9:c4:ce:a2:fd:d7:b6:8d:24:98:2b:d3:3b:
                    80:95:db:e5:29:38:06:e3:64:5e:a8:a7:b2:ee:64:
                    ff:22:87:0f:cc:43:73:e5:65:1e:bc:39:20:62:5d:
                    d4:ed:e9:7d:e5:ba:d3:96:b2:8e:a7:f9:4f:d4:62:
                    90:38:f0:5d:dc:9f:97:bf:c5:a4:93:24:02:5d:d8:
                    5c:54:05:f6:f2:3e:04:99:40:7f:c5:05:7a:d9:78:
                    9a:31:a6:a0:f4:3e:fa:52:f8:80:f1:75:db:e8:06:
                    bf:12:78:0f:aa:35:d2:e2:cc:52:45:52:b9:90:6f:
                    97:f7:7c:0d:78:e2:cc:44:94:42:a0:00:4e:38:62:
                    b4:4e:2d:83:01:62:96:4d:04:21:f6:37:d8:17:ea:
                    5e:83:f9:85:c6:ee:1b:10:0f:e9:66:63:16:37:22:
                    81:91:c0:89:0c:f5:09:c3:40:51:a9:c0:2e:76:a0:
                    2d:4c:c4:2e:ba:18:8b:79:03:a2:8a:28:13:d6:8b:
                    fb:6d:51:c2:a1:fd:46:05:c3:88:2a:24:d9:2a:2f:
                    eb:d8:df:f5:be:69:d4:d0:72:02:28:a7:04:68:79:
                    c4:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:D6:31:02:9A:0C:31:C3:2E:94:6A:7E:FF:60:28:25:76:FC:4E:9C
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/1tYxApoMMcMulGp-_2AoJXb8Tpw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:0d:50:eb:fa:e6:f5:65:05:05:57:78:4c:70:0a:39:fd:e6:
         32:47:5d:9a:54:b2:b7:85:c0:0e:a5:be:af:f4:ec:6e:3f:30:
         51:2c:d9:b1:3a:ba:4e:5f:02:65:27:6d:89:8c:58:12:a5:34:
         ee:e0:8a:b0:d0:55:c3:fd:3e:61:b9:3d:2f:ea:8a:3f:6b:d1:
         1a:d8:e8:78:ce:33:77:5e:f2:c1:c9:77:82:6c:e1:d2:fc:a3:
         d4:18:62:0a:07:e3:52:af:7a:53:fd:be:fc:9f:eb:b5:a0:11:
         31:56:4b:9d:6f:93:cb:50:6b:36:44:86:6d:38:de:4a:5f:38:
         ca:fd:41:ac:aa:77:27:45:b5:97:e3:86:29:39:f4:91:e5:af:
         9a:6b:05:f9:51:8e:48:c4:b3:2d:7f:d5:aa:6e:0a:d7:38:90:
         ec:1b:81:e9:54:94:6f:96:a2:ff:68:61:48:78:dd:cb:d3:97:
         a2:10:3f:e7:c8:d3:56:05:cf:6f:df:98:4f:db:57:4e:19:50:
         44:95:b9:04:df:b1:36:0d:0c:57:c9:79:5d:b2:24:c6:65:95:
         24:c5:9b:45:d6:79:c5:cb:18:27:79:e5:45:7d:fb:67:c5:f0:
         44:4c:ef:97:62:46:4d:8f:d9:59:e6:93:a7:4e:f2:49:0a:0c:
         69:fd:b0:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0hhVPl9BvfaKFow5OkX+KPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMzI0MjAyNDM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmQ2MzEwMjlhMGMzMWMzMmU5NDZhN2VmZjYwMjgyNTc2ZmM0ZTljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwOkqVm6dkYjCE2t9qNVL+mP0ELOM
AxEx2/QO24iw1PnEzqL917aNJJgr0zuAldvlKTgG42ReqKey7mT/IocPzENz5WUe
vDkgYl3U7el95brTlrKOp/lP1GKQOPBd3J+Xv8WkkyQCXdhcVAX28j4EmUB/xQV6
2XiaMaag9D76UviA8XXb6Aa/EngPqjXS4sxSRVK5kG+X93wNeOLMRJRCoABOOGK0
Ti2DAWKWTQQh9jfYF+peg/mFxu4bEA/pZmMWNyKBkcCJDPUJw0BRqcAudqAtTMQu
uhiLeQOiiigT1ov7bVHCof1GBcOIKiTZKi/r2N/1vmnU0HICKKcEaHnEtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbWMQKaDDHDLpRqfv9gKCV2/E6cMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvMXRZeEFwb01NY011bEdwLV8yQW9KWGI4VHB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAivmHMA0G
CSqGSIb3DQEBCwUAA4IBAQAxDVDr+ub1ZQUFV3hMcAo5/eYyR12aVLK3hcAOpb6v
9OxuPzBRLNmxOrpOXwJlJ22JjFgSpTTu4Iqw0FXD/T5huT0v6oo/a9Ea2Oh4zjN3
XvLByXeCbOHS/KPUGGIKB+NSr3pT/b78n+u1oBExVkudb5PLUGs2RIZtON5KXzjK
/UGsqncnRbWX44YpOfSR5a+aawX5UY5IxLMtf9WqbgrXOJDsG4HpVJRvlqL/aGFI
eN3L05eiED/nyNNWBc9v35hP21dOGVBElbkE37E2DQxXyXldsiTGZZUkxZtF1nnF
yxgneeVFfftnxfBETO+XYkZNj9lZ5pOnTvJJCgxp/bBP
-----END CERTIFICATE-----