Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/QGxCdf3TLB2h2_ZUOVvSFq1o2IY.roa
File:                     QGxCdf3TLB2h2_ZUOVvSFq1o2IY.roa (raw, json)
Hash identifier:          A6DCigtRmmzHqMF35lYFek3GT8mHkaajXI6C/anG7uo=
Subject key identifier:   40:6C:42:75:FD:D3:2C:1D:A1:DB:F6:54:39:5B:D2:16:AD:68:D8:86
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0198CE49DF23160CE465C8429BD7BBAFD470
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/QGxCdf3TLB2h2_ZUOVvSFq1o2IY.roa
Signing time:             Thu 21 Aug 2025 20:20:04 +0000
ROA not before:           Thu 21 Aug 2025 20:20:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213348
IP address blocks:        170.168.44.0/24 maxlen: 24
                          170.168.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:ce:49:df:23:16:0c:e4:65:c8:42:9b:d7:bb:af:d4:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug 21 20:20:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=406c4275fdd32c1da1dbf654395bd216ad68d886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:67:67:bb:af:6f:aa:26:cb:01:f3:fe:29:41:
                    45:58:c0:2a:70:0a:58:e6:95:9d:54:9a:6f:8d:87:
                    37:61:f9:01:d3:59:2d:08:37:01:d1:3f:53:39:6c:
                    b0:b5:73:43:d2:74:c0:f3:94:6f:a1:a1:86:f1:75:
                    84:fc:21:ae:8d:1a:3d:69:e9:58:c6:cf:9e:63:9e:
                    e8:24:7b:f5:82:d8:9e:a1:c4:1d:76:97:e9:e3:dc:
                    e1:2b:8a:3c:16:ea:ef:2c:9f:95:85:30:54:10:5b:
                    ca:d6:7c:a6:d9:ab:0b:56:1f:20:ec:96:b6:06:a2:
                    04:9b:95:f6:64:1d:b3:46:82:71:d4:42:cf:70:06:
                    42:6a:19:13:32:ef:97:4f:39:bb:5d:da:dc:b5:73:
                    ea:90:08:a1:26:5d:a8:f7:22:d2:75:31:6c:ad:0b:
                    f4:79:d9:e1:fe:42:80:41:70:44:3d:66:9c:96:7d:
                    6f:ca:d9:a2:49:b7:05:61:cd:b8:60:f5:d6:07:80:
                    92:8b:76:fb:76:03:d6:fd:34:92:7f:e6:e2:d5:1e:
                    d1:67:24:9f:2a:28:99:c5:a2:46:5a:c7:8f:2e:c2:
                    c5:08:f9:c3:be:b1:d7:ca:27:f1:9d:fd:ea:71:74:
                    23:46:ce:28:04:ff:65:2c:af:6f:82:d8:6c:fb:fa:
                    fe:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:6C:42:75:FD:D3:2C:1D:A1:DB:F6:54:39:5B:D2:16:AD:68:D8:86
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/QGxCdf3TLB2h2_ZUOVvSFq1o2IY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         80:81:54:c2:90:5f:7d:0c:20:d0:18:de:0c:07:08:b5:c0:8c:
         a5:b7:12:bc:82:49:5f:6d:72:43:13:eb:3c:62:6e:23:a9:76:
         8a:a2:1a:b3:3e:8e:e0:69:3a:f9:3b:12:12:8e:3c:83:e5:5f:
         36:3f:19:02:c1:35:ab:3d:db:cb:6b:d3:70:d6:fe:11:ed:b9:
         aa:c9:c8:4d:f3:01:5a:93:af:6c:f2:30:4f:0b:88:75:e4:75:
         b0:0a:be:34:07:6c:db:95:aa:6f:62:0a:96:8b:20:82:00:0d:
         7b:28:4c:45:db:d3:69:97:29:44:c3:1d:11:c7:12:8b:a7:cb:
         63:a2:a2:5a:fc:2e:dd:8e:2c:f8:4f:bd:21:7a:51:d3:90:01:
         b8:92:d0:56:7e:22:0b:3a:37:b9:8e:d2:3d:81:d8:bb:fb:b1:
         c7:aa:78:82:07:03:dc:53:e6:c6:9a:fd:31:4b:f9:56:13:81:
         da:cb:18:be:9b:05:b2:a8:90:c3:df:9c:2a:bb:42:7a:1a:77:
         79:f9:89:0e:49:65:17:d4:ce:52:05:2e:d4:89:65:d9:54:d2:
         00:96:99:05:9d:f0:96:77:6a:25:05:bf:78:11:e4:0b:82:5e:
         e8:c2:a8:9a:0b:4e:4f:5a:56:dc:6b:33:c9:21:3e:14:1b:3a:
         9b:8a:90:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZjOSd8jFgzkZchCm9e7r9RwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODIxMjAyMDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDZjNDI3NWZkZDMyYzFkYTFkYmY2NTQzOTViZDIxNmFkNjhkODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2dnu69vqibLAfP+KUFFWMAqcApY
5pWdVJpvjYc3YfkB01ktCDcB0T9TOWywtXND0nTA85RvoaGG8XWE/CGujRo9aelY
xs+eY57oJHv1gtieocQddpfp49zhK4o8FurvLJ+VhTBUEFvK1nym2asLVh8g7Ja2
BqIEm5X2ZB2zRoJx1ELPcAZCahkTMu+XTzm7XdrctXPqkAihJl2o9yLSdTFsrQv0
ednh/kKAQXBEPWacln1vytmiSbcFYc24YPXWB4CSi3b7dgPW/TSSf+bi1R7RZySf
KiiZxaJGWsePLsLFCPnDvrHXyifxnf3qcXQjRs4oBP9lLK9vgths+/r+cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEBsQnX90ywdodv2VDlb0hataNiGMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvUUd4Q2RmM1RMQjJoMl9aVU9WdlNGcTFvMklZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBqqgsMA0G
CSqGSIb3DQEBCwUAA4IBAQCAgVTCkF99DCDQGN4MBwi1wIyltxK8gklfbXJDE+s8
Ym4jqXaKohqzPo7gaTr5OxISjjyD5V82PxkCwTWrPdvLa9Nw1v4R7bmqychN8wFa
k69s8jBPC4h15HWwCr40B2zblapvYgqWiyCCAA17KExF29NplylEwx0RxxKLp8tj
oqJa/C7djiz4T70helHTkAG4ktBWfiILOje5jtI9gdi7+7HHqniCBwPcU+bGmv0x
S/lWE4Hayxi+mwWyqJDD35wqu0J6Gnd5+YkOSWUX1M5SBS7UiWXZVNIAlpkFnfCW
d2olBb94EeQLgl7owqiaC05PWlbcazPJIT4UGzqbipAX
-----END CERTIFICATE-----