Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/caVacysfCbUohZAFhJ9JHYKlAdc.roa
File:                     caVacysfCbUohZAFhJ9JHYKlAdc.roa (raw, json)
Hash identifier:          Zqdbo50w3LDDMJoG4kkuVsWzKZ9yVmJ3kItXM7dfw30=
Subject key identifier:   71:A5:5A:73:2B:1F:09:B5:28:85:90:05:84:9F:49:1D:82:A5:01:D7
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       01999A42083956D052968DCA7A12D036E57A
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/caVacysfCbUohZAFhJ9JHYKlAdc.roa
Signing time:             Tue 30 Sep 2025 10:54:02 +0000
ROA not before:           Tue 30 Sep 2025 10:54:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48207
IP address blocks:        170.168.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:9a:42:08:39:56:d0:52:96:8d:ca:7a:12:d0:36:e5:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep 30 10:54:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=71a55a732b1f09b528859005849f491d82a501d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3e:52:6b:1a:53:7d:7e:98:18:2a:eb:a1:e6:
                    8f:fe:3c:b7:2b:18:36:f9:dc:4e:ba:f7:e5:df:af:
                    a1:fa:5e:cb:ad:29:8d:6b:7c:6f:91:95:3d:9d:a8:
                    b6:6e:35:29:a2:db:a6:b0:a0:15:96:f1:2b:31:49:
                    49:8c:30:eb:0d:d3:3f:9f:12:d1:32:b3:ad:8d:0f:
                    56:4a:80:bf:05:3d:5e:ec:90:c0:1c:59:06:a7:fa:
                    4e:75:44:52:2c:27:01:a7:28:f7:6f:19:b6:7b:cc:
                    1e:25:1b:1f:0f:fc:c0:fe:a9:88:73:2e:92:90:7b:
                    c4:79:41:b5:cb:38:5b:6c:d7:6c:ba:0a:1d:5c:a0:
                    a2:44:eb:3d:73:a0:a9:f0:d2:da:a3:87:b4:13:28:
                    c4:fc:2c:f0:2a:ab:0d:78:d6:8a:d2:c4:e5:cd:57:
                    34:36:35:0a:b6:b9:69:cf:00:02:e2:55:b9:92:39:
                    17:18:d1:d8:1c:0b:b0:8a:59:9e:f1:14:ca:ff:1a:
                    f9:90:f1:c9:f2:fb:c0:b9:af:54:c1:eb:fd:fc:0d:
                    cb:58:b0:34:86:56:dc:7d:ff:23:c4:73:7d:83:78:
                    82:f4:10:25:b7:f7:84:aa:b3:90:73:17:e9:cd:74:
                    99:f2:0f:11:4f:5b:65:ac:ce:06:75:c6:ed:a7:42:
                    9d:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:A5:5A:73:2B:1F:09:B5:28:85:90:05:84:9F:49:1D:82:A5:01:D7
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/caVacysfCbUohZAFhJ9JHYKlAdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:a4:ec:55:cb:e0:24:aa:cc:ce:23:59:3d:6f:01:33:4c:b4:
         4d:84:e0:13:7d:21:2f:aa:e7:77:51:60:cb:5e:7e:0a:13:63:
         d7:f4:a4:5a:06:78:23:a3:01:e8:2d:62:ad:f6:08:c7:e5:b1:
         fd:5b:93:f6:2c:31:59:24:6a:25:7c:69:bd:fc:db:af:7f:c0:
         0c:c4:68:32:f7:fe:64:3b:fa:f1:39:3f:43:ed:90:bc:f2:2c:
         6b:47:a9:c9:1c:26:39:31:38:e6:60:9c:70:85:60:d6:f0:3e:
         c6:04:c0:be:84:e3:e4:ea:d9:fe:24:0c:1f:44:8a:26:50:d6:
         d9:f7:69:d8:42:8d:26:65:3a:0a:75:aa:a7:fe:5e:4a:09:1b:
         2c:85:83:99:e2:f9:39:af:bb:6f:02:88:55:ce:69:c2:29:8d:
         f6:df:5a:ff:1c:f7:dc:ac:bf:c7:aa:87:12:d6:c2:44:36:19:
         c8:bc:fb:4b:c3:a6:15:89:eb:d8:3b:47:dd:0e:6f:64:74:f4:
         65:4a:76:ce:9e:7d:92:29:1c:43:0a:8c:8c:68:23:af:79:1d:
         12:74:2a:65:67:7f:cb:43:b5:0d:2b:4f:1e:55:4c:8b:6d:78:
         e1:50:d1:e4:a7:53:96:72:b3:87:34:ca:8c:af:5b:45:05:1d:
         e0:94:c1:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZmaQgg5VtBSlo3KehLQNuV6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTMwMTA1NDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWE1NWE3MzJiMWYwOWI1Mjg4NTkwMDU4NDlmNDkxZDgyYTUwMWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj5SaxpTfX6YGCrroeaP/jy3Kxg2
+dxOuvfl36+h+l7LrSmNa3xvkZU9nai2bjUpotumsKAVlvErMUlJjDDrDdM/nxLR
MrOtjQ9WSoC/BT1e7JDAHFkGp/pOdURSLCcBpyj3bxm2e8weJRsfD/zA/qmIcy6S
kHvEeUG1yzhbbNdsugodXKCiROs9c6Cp8NLao4e0EyjE/CzwKqsNeNaK0sTlzVc0
NjUKtrlpzwAC4lW5kjkXGNHYHAuwilme8RTK/xr5kPHJ8vvAua9Uwev9/A3LWLA0
hlbcff8jxHN9g3iC9BAlt/eEqrOQcxfpzXSZ8g8RT1tlrM4Gdcbtp0KdEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHGlWnMrHwm1KIWQBYSfSR2CpQHXMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvY2FWYWN5c2ZDYlVvaFpBRmhKOUpIWUtsQWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhmMA0G
CSqGSIb3DQEBCwUAA4IBAQAbpOxVy+AkqszOI1k9bwEzTLRNhOATfSEvqud3UWDL
Xn4KE2PX9KRaBngjowHoLWKt9gjH5bH9W5P2LDFZJGolfGm9/Nuvf8AMxGgy9/5k
O/rxOT9D7ZC88ixrR6nJHCY5MTjmYJxwhWDW8D7GBMC+hOPk6tn+JAwfRIomUNbZ
92nYQo0mZToKdaqn/l5KCRsshYOZ4vk5r7tvAohVzmnCKY3231r/HPfcrL/HqocS
1sJENhnIvPtLw6YVievYO0fdDm9kdPRlSnbOnn2SKRxDCoyMaCOveR0SdCplZ3/L
Q7UNK08eVUyLbXjhUNHkp1OWcrOHNMqMr1tFBR3glMGX
-----END CERTIFICATE-----