Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/apuSX4_xVK2C0NA4ZV73mzFZRoQ.roa
File:                     apuSX4_xVK2C0NA4ZV73mzFZRoQ.roa (raw, json)
Hash identifier:          NqfBhuOwQWOxil/tC7HLfuFs6fFmvk9JXrZ09wIGjfs=
Subject key identifier:   6A:9B:92:5F:8F:F1:54:AD:82:D0:D0:38:65:5E:F7:9B:31:59:46:84
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0199387E74B95D623284889821349E37FF1F
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/apuSX4_xVK2C0NA4ZV73mzFZRoQ.roa
Signing time:             Thu 11 Sep 2025 11:17:15 +0000
ROA not before:           Thu 11 Sep 2025 11:17:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29226
IP address blocks:        170.168.11.0/24 maxlen: 24
                          170.168.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:38:7e:74:b9:5d:62:32:84:88:98:21:34:9e:37:ff:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep 11 11:17:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6a9b925f8ff154ad82d0d038655ef79b31594684
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:02:05:ea:aa:15:43:ca:38:72:b6:3f:3f:db:
                    95:6a:71:54:82:af:87:3f:17:d3:04:54:8b:ef:84:
                    78:a2:e2:99:55:82:df:15:6c:dd:35:c4:90:f3:ce:
                    7b:f8:b6:9d:a2:e5:f4:42:60:9f:4f:a2:f9:71:50:
                    78:eb:24:07:8e:bc:cb:0e:bd:43:93:cc:0c:aa:86:
                    ea:29:1e:bb:03:13:dd:d0:bc:ab:8c:96:41:77:bd:
                    de:8d:6d:94:d2:3f:c8:5b:05:30:a0:e2:85:d1:c2:
                    f2:60:fb:9a:be:d6:83:41:00:24:26:96:a2:e4:40:
                    48:70:59:bc:46:aa:a8:05:5d:ed:a0:14:8f:9f:e0:
                    05:08:b2:2a:5b:ca:af:ad:b1:e3:8f:15:74:3b:90:
                    e3:c2:e8:e9:06:fd:60:0b:74:a4:59:23:2f:a5:5d:
                    20:d0:d9:34:d9:34:c2:42:e4:c2:fc:90:35:86:0b:
                    f4:42:a0:54:fc:a4:1c:1f:dc:35:b1:84:a5:d7:25:
                    f9:96:0a:1f:8d:17:e7:c4:93:bf:d3:09:3e:95:53:
                    55:08:c0:21:c5:4d:2d:b5:10:d2:91:76:74:8b:b7:
                    2c:82:b5:1a:1a:bb:af:00:7a:31:d9:c9:dd:e1:2c:
                    22:65:9f:20:14:90:ac:ac:10:91:03:aa:b9:e0:e9:
                    ab:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:9B:92:5F:8F:F1:54:AD:82:D0:D0:38:65:5E:F7:9B:31:59:46:84
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/apuSX4_xVK2C0NA4ZV73mzFZRoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.11.0/24
                  170.168.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:96:60:79:ef:07:bb:8a:7e:c4:d7:1d:03:6c:bd:0b:f3:64:
         fd:7d:86:b3:60:ee:a6:22:a7:2d:b4:8c:59:0f:18:0e:43:62:
         c2:e7:be:5e:f8:5c:88:9d:f3:7a:2b:39:b6:81:fb:a2:cf:16:
         0e:c6:43:45:10:cc:b7:8a:0f:4b:b4:3d:38:be:47:f0:8f:c3:
         74:de:35:42:e2:d4:bf:2c:14:fa:3d:6d:94:3d:7a:f8:23:3c:
         2d:b6:b6:78:56:1b:19:aa:4d:04:f6:b9:80:61:76:c5:96:38:
         1a:e6:28:67:b0:3a:5d:7a:1d:3e:98:30:05:12:6c:07:87:91:
         4a:30:df:9a:01:45:7e:d5:0c:9d:e0:92:2e:8a:c4:a2:73:ed:
         6f:e8:e6:4e:11:6c:0c:51:fb:06:ad:50:07:98:3e:ad:d5:fb:
         da:38:c4:75:47:18:13:15:40:5e:4a:db:43:02:81:d3:db:76:
         fb:29:27:84:25:44:58:c3:1c:bc:fe:e9:99:1b:2f:32:b2:c7:
         9b:3a:c6:8f:03:c7:f3:8c:d1:d1:a0:54:60:6a:f2:da:f4:25:
         9e:20:d4:b5:4f:2e:6b:67:2c:26:22:8e:81:74:d6:89:72:c5:
         a4:e2:43:7f:df:9b:12:6a:2c:fe:64:fa:0c:3c:11:6d:35:0f:
         52:ed:55:c3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZk4fnS5XWIyhIiYITSeN/8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTExMTExNzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTliOTI1ZjhmZjE1NGFkODJkMGQwMzg2NTVlZjc5YjMxNTk0Njg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAIF6qoVQ8o4crY/P9uVanFUgq+H
PxfTBFSL74R4ouKZVYLfFWzdNcSQ8857+LadouX0QmCfT6L5cVB46yQHjrzLDr1D
k8wMqobqKR67AxPd0LyrjJZBd73ejW2U0j/IWwUwoOKF0cLyYPuavtaDQQAkJpai
5EBIcFm8RqqoBV3toBSPn+AFCLIqW8qvrbHjjxV0O5DjwujpBv1gC3SkWSMvpV0g
0Nk02TTCQuTC/JA1hgv0QqBU/KQcH9w1sYSl1yX5lgofjRfnxJO/0wk+lVNVCMAh
xU0ttRDSkXZ0i7csgrUaGruvAHox2cnd4SwiZZ8gFJCsrBCRA6q54OmrTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGqbkl+P8VStgtDQOGVe95sxWUaEMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvYXB1U1g0X3hWSzJDME5BNFpWNzNtekZaUm9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqqgLAwQA
qqhBMA0GCSqGSIb3DQEBCwUAA4IBAQAPlmB57we7in7E1x0DbL0L82T9fYazYO6m
IqcttIxZDxgOQ2LC575e+FyInfN6Kzm2gfuizxYOxkNFEMy3ig9LtD04vkfwj8N0
3jVC4tS/LBT6PW2UPXr4IzwttrZ4VhsZqk0E9rmAYXbFljga5ihnsDpdeh0+mDAF
EmwHh5FKMN+aAUV+1Qyd4JIuisSic+1v6OZOEWwMUfsGrVAHmD6t1fvaOMR1RxgT
FUBeSttDAoHT23b7KSeEJURYwxy8/umZGy8yssebOsaPA8fzjNHRoFRgavLa9CWe
INS1Ty5rZywmIo6BdNaJcsWk4kN/35sSaiz+ZPoMPBFtNQ9S7VXD
-----END CERTIFICATE-----