Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LUMsiBwdcGbHz3sqHevDts_86dk.roa
File:                     LUMsiBwdcGbHz3sqHevDts_86dk.roa (raw, json)
Hash identifier:          RYUBfXKXvhD4f55RRnElIkcQIz6j1lXdBKVJowUCv20=
Subject key identifier:   2D:43:2C:88:1C:1D:70:66:C7:CF:7B:2A:1D:EB:C3:B6:CF:FC:E9:D9
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0198AA0A156F65D606DFB74E2482EABC1C75
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LUMsiBwdcGbHz3sqHevDts_86dk.roa
Signing time:             Thu 14 Aug 2025 19:24:04 +0000
ROA not before:           Thu 14 Aug 2025 19:24:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205429
IP address blocks:        170.168.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:aa:0a:15:6f:65:d6:06:df:b7:4e:24:82:ea:bc:1c:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug 14 19:24:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d432c881c1d7066c7cf7b2a1debc3b6cffce9d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:dd:41:1c:38:e2:88:10:ee:b6:91:a6:57:58:
                    c1:6c:1f:c0:c5:4f:9f:4c:a3:bb:c5:be:de:c2:52:
                    3b:5d:e4:89:96:2f:b0:20:1b:98:28:d5:d5:25:82:
                    8f:15:04:c4:10:3c:79:3f:de:1c:c6:16:38:80:60:
                    f2:e8:6c:8e:b0:f8:1c:f3:1c:e5:f4:99:0c:5a:e1:
                    87:9b:f3:93:45:f2:8d:57:ac:3f:fe:62:ae:28:88:
                    1e:f2:c3:82:65:07:b6:53:4b:1e:be:78:16:3f:ac:
                    98:ef:26:70:1e:07:db:79:9d:29:4f:23:e0:bf:42:
                    79:96:94:bb:20:a9:9b:5e:94:f7:b3:0d:1a:32:da:
                    63:be:7b:38:ba:66:e9:22:5d:98:d1:2a:e7:d4:37:
                    5c:89:82:63:16:3e:4a:54:8b:4c:43:5f:1a:4e:dc:
                    cf:e4:69:0f:1a:e3:9e:e0:2d:01:30:d3:3e:23:7b:
                    3e:90:cb:99:b6:03:22:59:a5:1f:b2:57:6f:7b:a2:
                    e7:b3:a1:bd:11:2e:fc:fe:76:e0:fb:aa:d9:16:0e:
                    68:1f:54:59:76:bb:6e:d0:a5:64:b5:7a:a8:3d:62:
                    ee:bf:52:37:0c:65:eb:da:47:4d:6a:db:22:ce:2e:
                    ca:2d:38:74:8a:b2:95:d8:1b:2e:ec:e5:30:e3:9f:
                    a1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:43:2C:88:1C:1D:70:66:C7:CF:7B:2A:1D:EB:C3:B6:CF:FC:E9:D9
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LUMsiBwdcGbHz3sqHevDts_86dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:10:ff:a6:4e:bb:e4:ce:e9:75:95:ae:ec:5c:df:14:b3:98:
         a3:1c:68:82:5a:03:14:ee:6f:54:5c:a8:f8:67:aa:b3:f9:a6:
         f1:62:a6:ae:39:e5:68:e3:61:d3:69:fb:d1:0e:80:df:97:1d:
         04:01:a6:f4:7f:bb:cc:b9:50:d5:d5:ee:26:2d:37:37:41:b7:
         68:17:45:58:59:4a:1b:81:0c:d0:91:cd:35:12:5e:7b:2d:31:
         cc:99:bd:ab:89:b7:6f:62:6d:76:d5:e2:4d:70:b4:0c:ef:0f:
         67:aa:ba:56:c8:7a:76:97:2c:a5:af:58:90:b5:31:11:b6:e1:
         a0:87:af:19:09:cb:63:20:56:3e:52:2f:74:4b:48:40:60:26:
         90:05:3e:a7:95:cf:5d:da:d2:27:46:2b:d0:01:e1:51:a7:5e:
         9a:0f:ce:16:93:c4:c3:15:14:ed:d7:1f:8a:1d:b8:42:17:7e:
         4d:79:5a:05:6c:6e:42:0d:cc:99:a8:97:cf:72:90:16:7f:06:
         1b:20:79:c5:de:75:b5:31:98:28:d9:ee:96:63:7c:7d:b9:97:
         00:31:1f:19:b9:67:a6:aa:c6:89:f1:78:4b:62:f5:5f:92:1e:
         8b:ae:59:c5:0f:ca:7a:f0:37:d8:67:b4:a9:f1:f3:5a:95:c1:
         e3:d4:5f:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiqChVvZdYG37dOJILqvBx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODE0MTkyNDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDQzMmM4ODFjMWQ3MDY2YzdjZjdiMmExZGViYzNiNmNmZmNlOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs91BHDjiiBDutpGmV1jBbB/AxU+f
TKO7xb7ewlI7XeSJli+wIBuYKNXVJYKPFQTEEDx5P94cxhY4gGDy6GyOsPgc8xzl
9JkMWuGHm/OTRfKNV6w//mKuKIge8sOCZQe2U0sevngWP6yY7yZwHgfbeZ0pTyPg
v0J5lpS7IKmbXpT3sw0aMtpjvns4umbpIl2Y0Srn1DdciYJjFj5KVItMQ18aTtzP
5GkPGuOe4C0BMNM+I3s+kMuZtgMiWaUfsldve6Lns6G9ES78/nbg+6rZFg5oH1RZ
drtu0KVktXqoPWLuv1I3DGXr2kdNatsizi7KLTh0irKV2Bsu7OUw45+hnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1DLIgcHXBmx897Kh3rw7bP/OnZMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvTFVNc2lCd2RjR2JIejNzcUhldkR0c184NmRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgNMA0G
CSqGSIb3DQEBCwUAA4IBAQAfEP+mTrvkzul1la7sXN8Us5ijHGiCWgMU7m9UXKj4
Z6qz+abxYqauOeVo42HTafvRDoDflx0EAab0f7vMuVDV1e4mLTc3QbdoF0VYWUob
gQzQkc01El57LTHMmb2ribdvYm121eJNcLQM7w9nqrpWyHp2lyylr1iQtTERtuGg
h68ZCctjIFY+Ui90S0hAYCaQBT6nlc9d2tInRivQAeFRp16aD84Wk8TDFRTt1x+K
HbhCF35NeVoFbG5CDcyZqJfPcpAWfwYbIHnF3nW1MZgo2e6WY3x9uZcAMR8ZuWem
qsaJ8XhLYvVfkh6LrlnFD8p68DfYZ7Sp8fNalcHj1F8C
-----END CERTIFICATE-----