Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/T_okiph1wkfxGvnl69V0bdiWVCg.roa
File:                     T_okiph1wkfxGvnl69V0bdiWVCg.roa (raw, json)
Hash identifier:          K3keo5b5zdM51KQzReKtnCXMirlw2e9xT7eFLcgRzhw=
Subject key identifier:   4F:FA:24:8A:98:75:C2:47:F1:1A:F9:E5:EB:D5:74:6D:D8:96:54:28
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       01997BB157BA913856CA7D617F7912B2762E
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/T_okiph1wkfxGvnl69V0bdiWVCg.roa
Signing time:             Wed 24 Sep 2025 12:27:23 +0000
ROA not before:           Wed 24 Sep 2025 12:27:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210408
IP address blocks:        170.168.66.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 15:16:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:7b:b1:57:ba:91:38:56:ca:7d:61:7f:79:12:b2:76:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep 24 12:27:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4ffa248a9875c247f11af9e5ebd5746dd8965428
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:d3:50:12:c4:09:6a:c2:51:c7:39:49:47:41:
                    d1:28:8f:d3:40:54:14:3e:4b:5c:0b:8f:3d:d5:f1:
                    2c:94:fe:49:95:73:9e:6d:ba:64:3a:14:dd:05:0e:
                    40:ad:1c:f0:56:db:81:4c:e7:e5:a4:a2:22:74:16:
                    34:db:e9:56:5f:3b:7c:76:b1:44:b5:c0:23:01:3b:
                    3b:9b:c4:01:f0:38:f2:d9:57:dc:b7:38:ff:16:dc:
                    00:bb:8b:0b:95:70:77:2f:35:4f:e9:a8:9f:f9:eb:
                    6a:d1:02:6e:7d:72:48:8e:86:bc:09:50:a8:50:b4:
                    54:bf:80:9c:c7:77:9b:e1:70:0e:47:5b:3e:bd:7e:
                    2e:03:13:04:f5:7b:04:84:a4:25:6c:9a:12:70:41:
                    d1:b9:67:5c:d9:b4:c6:57:61:29:32:13:3a:a2:90:
                    74:e1:ef:b9:a2:7a:67:2c:49:e5:27:13:d8:a5:7c:
                    0e:34:c6:b4:ef:2f:f4:6f:46:2d:b3:c4:46:5d:4f:
                    1a:57:6b:89:66:ba:cd:47:a6:5f:6c:e5:5f:2e:22:
                    4d:c3:59:c2:f1:00:d8:c0:c4:23:b0:14:73:f1:ec:
                    b5:af:ea:a4:54:de:9e:7a:15:44:0b:f5:9c:4e:3c:
                    77:e3:6e:f8:48:c2:57:9b:64:70:50:62:41:aa:c6:
                    98:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:FA:24:8A:98:75:C2:47:F1:1A:F9:E5:EB:D5:74:6D:D8:96:54:28
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/T_okiph1wkfxGvnl69V0bdiWVCg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.66.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:c9:20:0b:4a:d6:ff:4b:6c:20:6d:9d:b5:da:a2:a1:86:bc:
         cf:31:1a:77:0b:32:3b:13:74:49:12:42:1a:f5:e1:51:92:d7:
         7e:fe:7c:0c:dd:92:a4:97:95:c7:5c:d4:ca:df:0b:ec:f5:10:
         57:d6:a8:89:1b:6d:88:df:ef:bf:11:0d:f9:08:83:10:f6:5e:
         77:11:37:11:c9:2d:e3:6e:3e:05:0b:84:42:d5:02:46:c3:b2:
         e2:7c:37:50:05:43:95:5b:13:60:93:ea:6a:b3:34:46:b0:b6:
         5e:cf:b9:8f:be:1e:92:bd:e5:2f:6a:cf:d5:45:e8:04:e2:70:
         c0:cb:31:fe:1e:70:4b:92:24:b5:05:de:82:14:d1:fe:9c:55:
         b2:b1:73:48:c0:77:b5:b6:ab:d7:6c:a6:26:fe:e2:ca:b0:b0:
         ca:58:bb:b2:91:4f:56:2f:0a:80:be:3b:57:55:3f:05:10:f1:
         ff:77:ea:1c:d0:1b:80:32:c4:15:9b:fe:63:de:19:93:36:d8:
         0e:17:6a:ac:40:ed:31:a1:8b:f7:26:15:ab:98:a7:38:98:ba:
         22:ea:f7:8d:b8:6e:72:b4:fe:9c:f7:aa:bb:2e:ff:e9:28:4e:
         d7:11:e1:cd:2f:56:fe:ae:cc:89:52:62:fa:cc:b6:84:15:98:
         1d:3e:1c:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl7sVe6kThWyn1hf3kSsnYuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTI0MTIyNzIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmZhMjQ4YTk4NzVjMjQ3ZjExYWY5ZTVlYmQ1NzQ2ZGQ4OTY1NDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9NQEsQJasJRxzlJR0HRKI/TQFQU
PktcC4891fEslP5JlXOebbpkOhTdBQ5ArRzwVtuBTOflpKIidBY02+lWXzt8drFE
tcAjATs7m8QB8Djy2Vfctzj/FtwAu4sLlXB3LzVP6aif+etq0QJufXJIjoa8CVCo
ULRUv4Ccx3eb4XAOR1s+vX4uAxME9XsEhKQlbJoScEHRuWdc2bTGV2EpMhM6opB0
4e+5onpnLEnlJxPYpXwONMa07y/0b0Yts8RGXU8aV2uJZrrNR6ZfbOVfLiJNw1nC
8QDYwMQjsBRz8ey1r+qkVN6eehVEC/WcTjx34274SMJXm2RwUGJBqsaYYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/6JIqYdcJH8Rr55evVdG3YllQoMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvVF9va2lwaDF3a2Z4R3ZubDY5VjBiZGlXVkNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhCMA0G
CSqGSIb3DQEBCwUAA4IBAQBHySALStb/S2wgbZ212qKhhrzPMRp3CzI7E3RJEkIa
9eFRktd+/nwM3ZKkl5XHXNTK3wvs9RBX1qiJG22I3++/EQ35CIMQ9l53ETcRyS3j
bj4FC4RC1QJGw7LifDdQBUOVWxNgk+pqszRGsLZez7mPvh6SveUvas/VRegE4nDA
yzH+HnBLkiS1Bd6CFNH+nFWysXNIwHe1tqvXbKYm/uLKsLDKWLuykU9WLwqAvjtX
VT8FEPH/d+oc0BuAMsQVm/5j3hmTNtgOF2qsQO0xoYv3JhWrmKc4mLoi6veNuG5y
tP6c96q7Lv/pKE7XEeHNL1b+rsyJUmL6zLaEFZgdPhxu
-----END CERTIFICATE-----