Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/TModgO_PU5OnnkGE6q0_vI2aPqc.roa
File:                     TModgO_PU5OnnkGE6q0_vI2aPqc.roa (raw, json)
Hash identifier:          AXNbtSpjk74wJYzTSlOP5KukS8xXVwQ3OiqFq5D3FaY=
Subject key identifier:   4C:CA:1D:80:EF:CF:53:93:A7:9E:41:84:EA:AD:3F:BC:8D:9A:3E:A7
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0199772A48292100F7B886B41EA658A815CB
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/TModgO_PU5OnnkGE6q0_vI2aPqc.roa
Signing time:             Tue 23 Sep 2025 15:21:23 +0000
ROA not before:           Tue 23 Sep 2025 15:21:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57013
IP address blocks:        170.168.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 13:35:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:77:2a:48:29:21:00:f7:b8:86:b4:1e:a6:58:a8:15:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep 23 15:21:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4cca1d80efcf5393a79e4184eaad3fbc8d9a3ea7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:5e:eb:42:5c:05:2f:83:23:3e:80:1c:63:f3:
                    e9:bf:f4:fc:9b:e6:65:08:50:db:a1:9c:22:24:89:
                    14:f5:6f:71:ab:75:57:48:78:3a:af:87:1a:b5:a2:
                    9b:83:2c:57:f9:c1:08:c8:7e:0b:d1:e3:63:08:73:
                    81:6d:1d:64:52:5c:ed:74:22:4f:8f:e3:51:34:e4:
                    fb:cf:58:02:5d:f0:cf:5e:66:78:bc:70:3d:46:90:
                    dd:8f:87:1a:d9:02:47:d6:b8:92:93:76:9f:1d:19:
                    51:de:30:29:38:4e:e7:e4:69:17:9b:0a:95:63:c7:
                    f6:a0:b7:3a:f7:b9:bd:9d:1d:d4:b0:45:ba:cb:06:
                    35:ae:53:fb:a8:38:3b:4e:de:46:db:fd:21:c5:5c:
                    e3:34:63:80:bd:ef:0e:64:3e:28:3e:1f:be:d8:60:
                    93:3d:59:6d:80:03:5b:6e:17:0c:b6:65:c1:5a:03:
                    d8:4d:a8:8f:6f:6b:09:6a:ff:2f:d0:e8:45:fd:8c:
                    51:43:ac:07:76:31:6b:5e:e7:3d:c6:4b:16:3f:67:
                    d2:70:63:17:ce:d9:69:6e:9c:7d:eb:c5:05:5f:92:
                    e2:10:df:72:c2:a0:fb:07:64:1d:a5:cd:0c:35:b3:
                    d0:c6:00:99:56:49:29:09:30:ca:12:32:7f:79:12:
                    ff:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4C:CA:1D:80:EF:CF:53:93:A7:9E:41:84:EA:AD:3F:BC:8D:9A:3E:A7
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/TModgO_PU5OnnkGE6q0_vI2aPqc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:86:09:8a:05:bc:f6:a3:83:f4:8b:00:e5:b3:6f:07:5a:0d:
         16:04:d5:f9:3d:87:a8:ea:0e:7c:7b:b6:c2:4e:38:24:bd:33:
         f4:79:3a:ee:c2:4e:a7:69:d8:4c:b0:e3:1e:57:17:a8:6c:74:
         f6:e2:18:68:79:fa:e3:55:f8:03:3f:0a:94:29:90:b6:f4:c3:
         7a:60:8c:91:50:0a:97:85:a5:53:ad:ba:5d:b5:e9:48:b3:51:
         12:24:72:6b:c0:12:b7:9d:8f:27:5d:d5:8c:9c:af:04:d4:f0:
         e9:08:26:32:17:2d:ec:86:9e:aa:2a:ea:0d:41:55:97:e7:06:
         e3:0c:42:f2:f4:03:de:29:33:b3:61:0d:49:21:d3:70:80:84:
         99:d1:69:66:48:ba:6d:dd:57:91:ce:5e:f3:b9:37:1e:4c:a3:
         12:6a:b3:52:1a:83:fa:8b:9a:a2:11:05:c2:5d:15:c3:98:72:
         26:f4:a9:b5:7d:85:10:56:9a:03:14:ab:c7:23:af:23:b2:03:
         a1:d7:3f:cd:eb:f7:d1:a3:ab:df:e4:01:01:be:e7:2f:7d:66:
         9a:70:12:74:c3:ab:2f:4d:63:e5:23:81:12:c3:a8:cf:b3:0c:
         23:1a:58:e2:4d:30:d8:30:86:52:62:b5:89:14:06:f9:41:33:
         57:96:78:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl3KkgpIQD3uIa0HqZYqBXLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTIzMTUyMTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2NhMWQ4MGVmY2Y1MzkzYTc5ZTQxODRlYWFkM2ZiYzhkOWEzZWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA117rQlwFL4MjPoAcY/Ppv/T8m+Zl
CFDboZwiJIkU9W9xq3VXSHg6r4cataKbgyxX+cEIyH4L0eNjCHOBbR1kUlztdCJP
j+NRNOT7z1gCXfDPXmZ4vHA9RpDdj4ca2QJH1riSk3afHRlR3jApOE7n5GkXmwqV
Y8f2oLc697m9nR3UsEW6ywY1rlP7qDg7Tt5G2/0hxVzjNGOAve8OZD4oPh++2GCT
PVltgANbbhcMtmXBWgPYTaiPb2sJav8v0OhF/YxRQ6wHdjFrXuc9xksWP2fScGMX
ztlpbpx968UFX5LiEN9ywqD7B2Qdpc0MNbPQxgCZVkkpCTDKEjJ/eRL/UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEzKHYDvz1OTp55BhOqtP7yNmj6nMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvVE1vZGdPX1BVNU9ubmtHRTZxMF92STJhUHFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhDMA0G
CSqGSIb3DQEBCwUAA4IBAQAGhgmKBbz2o4P0iwDls28HWg0WBNX5PYeo6g58e7bC
TjgkvTP0eTruwk6nadhMsOMeVxeobHT24hhoefrjVfgDPwqUKZC29MN6YIyRUAqX
haVTrbpdtelIs1ESJHJrwBK3nY8nXdWMnK8E1PDpCCYyFy3shp6qKuoNQVWX5wbj
DELy9APeKTOzYQ1JIdNwgISZ0WlmSLpt3VeRzl7zuTceTKMSarNSGoP6i5qiEQXC
XRXDmHIm9Km1fYUQVpoDFKvHI68jsgOh1z/N6/fRo6vf5AEBvucvfWaacBJ0w6sv
TWPlI4ESw6jPswwjGljiTTDYMIZSYrWJFAb5QTNXlnhe
-----END CERTIFICATE-----