Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ZOB8mRwvmjDZwR71AwCsvVbjPBo.roa
File:                     ZOB8mRwvmjDZwR71AwCsvVbjPBo.roa (raw, json)
Hash identifier:          N4lgmqpJykHEHqqfmOzwZlQAUm1uN50itlJ4VrMgHm0=
Subject key identifier:   64:E0:7C:99:1C:2F:9A:30:D9:C1:1E:F5:03:00:AC:BD:56:E3:3C:1A
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019934BEFC1174CC729E7B890A9C4F4CD16A
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ZOB8mRwvmjDZwR71AwCsvVbjPBo.roa
Signing time:             Wed 10 Sep 2025 17:49:15 +0000
ROA not before:           Wed 10 Sep 2025 17:49:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61048
IP address blocks:        213.178.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 15:16:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:34:be:fc:11:74:cc:72:9e:7b:89:0a:9c:4f:4c:d1:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep 10 17:49:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=64e07c991c2f9a30d9c11ef50300acbd56e33c1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:de:97:5e:c7:2c:cc:16:74:3d:13:ee:c4:23:
                    df:a3:51:cf:28:bf:f5:59:bd:cb:29:0b:a6:ff:f8:
                    b7:9e:0f:72:f4:ea:fc:16:8f:68:30:8e:16:fb:15:
                    98:a9:12:a5:ed:c6:ff:70:b3:91:28:3d:cc:fc:0f:
                    57:b5:1d:9c:29:38:9d:d0:59:93:9e:80:69:40:99:
                    fb:ff:10:e2:8d:74:19:8f:e3:51:74:c8:48:3b:6c:
                    7b:36:a1:cd:97:5f:eb:08:3a:f2:b6:c6:96:dd:58:
                    09:68:3a:a4:9e:c8:42:29:af:7e:18:06:30:5d:40:
                    24:7c:d7:b5:7f:4f:02:f7:6e:fd:be:29:87:45:c5:
                    49:d9:12:f9:b3:f3:23:d4:e1:9f:60:4a:9f:a1:51:
                    4c:f4:31:54:e3:ec:53:6d:e2:58:84:9f:40:38:29:
                    5a:8d:88:99:05:0a:da:1d:5c:a1:ba:f8:5e:56:62:
                    bb:69:35:61:23:8d:47:bc:58:77:fa:e5:74:f5:8f:
                    a6:b1:28:2f:ed:69:07:70:81:86:a4:f4:86:5f:a0:
                    81:13:37:53:d6:5e:43:ab:c9:62:b0:31:d9:59:a8:
                    a9:eb:65:43:30:9c:31:ca:64:7d:7d:93:17:65:8e:
                    0d:97:00:e8:d9:96:44:86:19:78:d3:e6:41:8b:44:
                    59:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:E0:7C:99:1C:2F:9A:30:D9:C1:1E:F5:03:00:AC:BD:56:E3:3C:1A
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/ZOB8mRwvmjDZwR71AwCsvVbjPBo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:d8:36:32:95:45:e9:a2:07:cb:db:ec:a3:2c:57:88:fe:d0:
         75:76:fb:a7:a1:b8:e9:a5:a0:68:55:f5:f7:78:e1:76:e7:dd:
         f0:3e:73:08:8c:d5:76:95:f2:16:f4:b3:e2:ad:ff:4f:4a:27:
         2f:fc:61:1c:e1:57:8a:8b:6c:d9:ec:54:84:74:02:be:61:6a:
         2c:da:25:10:e7:30:cc:3b:cd:4e:9b:c8:cd:9f:47:99:0c:0a:
         9c:92:61:89:14:4e:5c:ba:f9:91:5e:ab:09:74:c1:33:db:cc:
         bd:30:54:44:d1:2d:76:13:bd:94:97:39:9f:ab:fc:90:e4:4f:
         98:65:0d:2c:40:ea:8f:67:f3:a2:6c:aa:ff:2a:d5:3c:3d:9d:
         11:11:44:b7:f9:ed:95:3e:84:c4:6e:c1:54:3c:f0:1f:e7:62:
         65:23:3e:57:a9:6c:01:90:35:71:28:9c:c9:08:79:48:07:8a:
         57:ff:3f:65:4a:06:59:ec:3d:c5:f6:d6:e2:e0:3a:45:6a:5c:
         df:15:91:02:fc:7a:e2:76:a9:3d:61:85:3f:a5:7e:27:64:e6:
         df:9a:8e:bf:3b:08:19:9b:c8:2b:3f:9c:25:5d:24:17:54:9e:
         cc:e1:43:ac:ad:5f:f2:a1:40:7d:85:9a:f2:25:f9:9d:05:1e:
         98:79:67:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZk0vvwRdMxynnuJCpxPTNFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTEwMTc0OTE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGUwN2M5OTFjMmY5YTMwZDljMTFlZjUwMzAwYWNiZDU2ZTMzYzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2N6XXscszBZ0PRPuxCPfo1HPKL/1
Wb3LKQum//i3ng9y9Or8Fo9oMI4W+xWYqRKl7cb/cLORKD3M/A9XtR2cKTid0FmT
noBpQJn7/xDijXQZj+NRdMhIO2x7NqHNl1/rCDrytsaW3VgJaDqknshCKa9+GAYw
XUAkfNe1f08C9279vimHRcVJ2RL5s/Mj1OGfYEqfoVFM9DFU4+xTbeJYhJ9AOCla
jYiZBQraHVyhuvheVmK7aTVhI41HvFh3+uV09Y+msSgv7WkHcIGGpPSGX6CBEzdT
1l5Dq8lisDHZWaip62VDMJwxymR9fZMXZY4NlwDo2ZZEhhl40+ZBi0RZ+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGTgfJkcL5ow2cEe9QMArL1W4zwaMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvWk9COG1Sd3ZtakRad1I3MUF3Q3N2VmJqUEJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1bKYMA0G
CSqGSIb3DQEBCwUAA4IBAQAB2DYylUXpogfL2+yjLFeI/tB1dvunobjppaBoVfX3
eOF2593wPnMIjNV2lfIW9LPirf9PSicv/GEc4VeKi2zZ7FSEdAK+YWos2iUQ5zDM
O81Om8jNn0eZDAqckmGJFE5cuvmRXqsJdMEz28y9MFRE0S12E72Ulzmfq/yQ5E+Y
ZQ0sQOqPZ/OibKr/KtU8PZ0REUS3+e2VPoTEbsFUPPAf52JlIz5XqWwBkDVxKJzJ
CHlIB4pX/z9lSgZZ7D3F9tbi4DpFalzfFZEC/Hridqk9YYU/pX4nZObfmo6/OwgZ
m8grP5wlXSQXVJ7M4UOsrV/yoUB9hZryJfmdBR6YeWd1
-----END CERTIFICATE-----