Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/MPEdUFAwwNl9aY-P6A1x2lbRNwU.roa
File:                     MPEdUFAwwNl9aY-P6A1x2lbRNwU.roa (raw, json)
Hash identifier:          7cCVIaT8d4HCz2083/cYwiEo65a9UZXIALgTGjbldQg=
Subject key identifier:   30:F1:1D:50:50:30:C0:D9:7D:69:8F:8F:E8:0D:71:DA:56:D1:37:05
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0198A5BED8F7CE830E1272F4A7EBAA65CEDE
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/MPEdUFAwwNl9aY-P6A1x2lbRNwU.roa
Signing time:             Wed 13 Aug 2025 23:23:24 +0000
ROA not before:           Wed 13 Aug 2025 23:23:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30788
IP address blocks:        170.168.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:a5:be:d8:f7:ce:83:0e:12:72:f4:a7:eb:aa:65:ce:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug 13 23:23:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=30f11d505030c0d97d698f8fe80d71da56d13705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:e2:c9:ad:b1:0e:62:f6:b0:0e:af:5b:da:25:
                    54:04:e6:99:6d:73:dd:1a:5c:0f:a3:82:50:35:5b:
                    cf:19:a2:b1:90:de:b9:40:41:f9:5e:00:e2:72:d1:
                    38:3a:1d:3c:cd:99:0a:53:8b:fe:51:43:d4:17:55:
                    59:c7:1b:2e:fa:41:66:76:e4:ba:7b:88:0c:34:2a:
                    4e:cd:0e:93:02:e1:6a:43:b0:a2:24:c1:28:d9:9b:
                    32:68:bf:8b:ff:6f:cf:33:c9:e7:64:32:75:95:83:
                    07:97:09:8a:1e:cf:01:4b:2d:92:3e:75:03:89:0b:
                    cf:26:37:5a:6a:66:49:4f:a5:2d:6e:9a:f5:17:30:
                    96:2b:1c:39:53:b0:aa:5d:ac:7a:45:76:d8:2e:1f:
                    93:b7:68:6b:75:4f:b2:e5:39:84:f6:38:70:7c:81:
                    d4:67:42:6b:c5:44:7c:cc:a3:55:fa:08:f6:82:e9:
                    03:82:50:f0:e2:ce:8c:91:00:05:13:84:39:2d:bd:
                    0b:97:77:fb:2f:a7:b4:43:4c:0b:e3:76:b8:2a:62:
                    27:a2:a2:d2:46:c8:6b:1a:88:b9:ca:ce:fe:01:77:
                    36:4c:7b:d5:15:81:02:1d:63:1d:66:79:e5:ff:8e:
                    44:2d:fb:bd:31:4d:f0:d6:03:d6:43:8a:56:35:3e:
                    b1:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:F1:1D:50:50:30:C0:D9:7D:69:8F:8F:E8:0D:71:DA:56:D1:37:05
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/MPEdUFAwwNl9aY-P6A1x2lbRNwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:be:ed:ac:0a:d8:13:c6:9c:f6:22:3a:29:19:00:06:0a:8e:
         db:42:80:9b:74:24:95:e2:1e:07:6b:8c:80:c2:ef:19:d4:59:
         8a:12:9b:0b:a8:3f:07:ef:c2:55:4d:03:8b:40:20:2f:1f:a3:
         9f:9a:49:1c:48:40:50:26:39:be:c7:17:4b:b9:9b:a5:c3:cd:
         88:46:d7:20:40:d4:53:7d:4a:c2:b4:51:31:9c:38:26:3e:0f:
         6b:32:d3:51:26:c6:e1:a4:79:49:51:9b:60:1c:8f:01:f3:0c:
         3d:71:23:43:c7:9b:3d:e6:90:a5:86:7c:45:57:d6:63:c6:ae:
         53:ba:0b:ed:39:a4:02:0a:4b:95:9a:96:fa:42:3e:3f:92:c1:
         3e:cb:cf:d0:03:ed:d4:4e:89:c5:51:db:f8:64:63:90:bb:44:
         40:bd:64:34:ec:96:08:fc:21:dc:92:a4:68:6a:ff:7a:71:e2:
         a1:70:f6:c3:ac:4c:71:bd:8f:59:4d:88:90:c6:57:db:8f:c8:
         49:9a:c4:6c:de:a8:7e:8a:e0:43:e4:de:f3:88:d3:b9:c1:49:
         1c:f2:00:3a:b2:10:30:83:2d:c4:ad:4c:4e:82:ee:9e:3a:70:
         a5:4e:4a:b9:44:cb:33:5c:ed:f8:d6:62:4e:af:01:35:1b:4d:
         c8:80:45:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZilvtj3zoMOEnL0p+uqZc7eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODEzMjMyMzI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGYxMWQ1MDUwMzBjMGQ5N2Q2OThmOGZlODBkNzFkYTU2ZDEzNzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsuLJrbEOYvawDq9b2iVUBOaZbXPd
GlwPo4JQNVvPGaKxkN65QEH5XgDictE4Oh08zZkKU4v+UUPUF1VZxxsu+kFmduS6
e4gMNCpOzQ6TAuFqQ7CiJMEo2ZsyaL+L/2/PM8nnZDJ1lYMHlwmKHs8BSy2SPnUD
iQvPJjdaamZJT6Utbpr1FzCWKxw5U7CqXax6RXbYLh+Tt2hrdU+y5TmE9jhwfIHU
Z0JrxUR8zKNV+gj2gukDglDw4s6MkQAFE4Q5Lb0Ll3f7L6e0Q0wL43a4KmInoqLS
RshrGoi5ys7+AXc2THvVFYECHWMdZnnl/45ELfu9MU3w1gPWQ4pWNT6x/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDDxHVBQMMDZfWmPj+gNcdpW0TcFMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvTVBFZFVGQXd3Tmw5YVktUDZBMXgybGJSTndVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhBMA0G
CSqGSIb3DQEBCwUAA4IBAQBUvu2sCtgTxpz2IjopGQAGCo7bQoCbdCSV4h4Ha4yA
wu8Z1FmKEpsLqD8H78JVTQOLQCAvH6OfmkkcSEBQJjm+xxdLuZulw82IRtcgQNRT
fUrCtFExnDgmPg9rMtNRJsbhpHlJUZtgHI8B8ww9cSNDx5s95pClhnxFV9Zjxq5T
ugvtOaQCCkuVmpb6Qj4/ksE+y8/QA+3UTonFUdv4ZGOQu0RAvWQ07JYI/CHckqRo
av96ceKhcPbDrExxvY9ZTYiQxlfbj8hJmsRs3qh+iuBD5N7ziNO5wUkc8gA6shAw
gy3ErUxOgu6eOnClTkq5RMszXO341mJOrwE1G03IgEWH
-----END CERTIFICATE-----