Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/eqLpbadI6DxIbhRZupEXKudotjY.roa
File:                     eqLpbadI6DxIbhRZupEXKudotjY.roa (raw, json)
Hash identifier:          bux+bpeo/gdPPfSH3/vhv2aBjG031fUkKa1/SZmYLY0=
Subject key identifier:   7A:A2:E9:6D:A7:48:E8:3C:48:6E:14:59:BA:91:17:2A:E7:68:B6:36
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0199C397528E2997DCA535BE7CF141617A8F
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/eqLpbadI6DxIbhRZupEXKudotjY.roa
Signing time:             Wed 08 Oct 2025 11:31:38 +0000
ROA not before:           Wed 08 Oct 2025 11:31:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214822
IP address blocks:        170.168.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:c3:97:52:8e:29:97:dc:a5:35:be:7c:f1:41:61:7a:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Oct  8 11:31:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7aa2e96da748e83c486e1459ba91172ae768b636
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:ca:c4:59:5d:22:dd:57:ee:4f:d5:2a:9b:65:
                    63:79:58:94:04:19:dd:74:3a:2c:34:4d:e8:6f:50:
                    8a:a0:fe:57:82:46:29:72:e3:ad:98:68:6b:fe:b4:
                    78:1d:46:32:62:17:09:e8:37:38:f8:f3:30:bb:08:
                    98:e5:09:6a:04:2f:f9:97:16:0c:bb:39:4f:be:ca:
                    99:1e:93:db:07:f4:7a:b1:0a:5e:27:57:69:9e:9b:
                    64:02:9a:2d:38:56:b1:d1:b0:11:c2:9a:d7:e0:34:
                    15:04:e2:30:b0:c0:08:e3:c0:c0:74:03:b1:1c:de:
                    9a:05:24:01:99:86:8d:10:94:70:8d:73:05:e4:c6:
                    35:a6:c0:e6:5a:c8:ed:e2:ab:5b:13:2c:3e:f9:ff:
                    42:c3:8e:8b:34:2d:42:cf:a7:ab:24:2b:ab:b3:c4:
                    98:ea:86:8b:b9:c8:3c:f2:48:c7:5d:2c:85:4c:49:
                    33:2f:cf:93:6d:dd:f8:d1:32:a5:df:01:da:0a:c0:
                    77:f8:14:52:c5:74:97:d8:c5:20:d1:73:0f:51:42:
                    26:94:c4:9c:59:bb:cd:ef:8d:a8:d8:0c:a0:ee:5b:
                    e9:57:88:5e:4c:4b:3c:37:e5:9b:10:ca:20:d1:ba:
                    41:88:f7:f0:e9:a4:43:72:88:c6:6f:4f:0c:76:de:
                    ab:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:A2:E9:6D:A7:48:E8:3C:48:6E:14:59:BA:91:17:2A:E7:68:B6:36
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/eqLpbadI6DxIbhRZupEXKudotjY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:5c:8e:24:cb:92:a8:fc:ed:2f:c0:8a:3b:76:c8:f6:75:01:
         f5:a6:ed:78:52:20:70:1b:d7:ad:63:2f:6e:e0:0b:30:b1:6f:
         e9:d1:2b:c5:98:b2:c2:3a:b4:f2:57:ed:5f:a5:a7:7f:db:45:
         ca:3f:a5:97:6e:d7:82:89:de:c6:33:a6:2a:6e:be:55:f2:8e:
         32:b6:ac:fc:aa:0f:90:d8:a2:66:d8:60:fc:52:f6:12:41:c3:
         04:fd:2b:26:27:32:d0:10:f7:e5:02:3a:68:d7:cf:3a:e2:b3:
         0a:7c:e8:74:e9:8e:39:97:5e:05:65:60:71:0a:f4:07:59:a8:
         d2:3b:7e:09:a8:27:42:bc:f5:1d:5d:3e:84:e5:3c:78:97:3b:
         8e:56:28:0e:8f:c5:19:86:a5:31:37:72:3f:28:bb:64:a4:e6:
         20:49:2a:4d:6f:b6:bf:d0:16:a4:d2:07:34:5f:a0:29:fa:19:
         ff:e1:64:ed:13:27:a0:f2:cf:b9:5e:f5:8f:ec:52:8f:a3:f3:
         0f:2b:42:2f:91:47:44:cf:20:7c:43:f4:a2:8c:29:64:04:cf:
         8f:05:95:f2:47:21:c0:54:19:85:e5:b1:86:9b:b0:48:3c:1e:
         05:30:bf:c3:bd:5e:fe:67:14:0f:d0:60:9e:d2:46:be:c0:01:
         2c:2a:09:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnDl1KOKZfcpTW+fPFBYXqPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMDA4MTEzMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWEyZTk2ZGE3NDhlODNjNDg2ZTE0NTliYTkxMTcyYWU3NjhiNjM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcrEWV0i3VfuT9Uqm2VjeViUBBnd
dDosNE3ob1CKoP5XgkYpcuOtmGhr/rR4HUYyYhcJ6Dc4+PMwuwiY5QlqBC/5lxYM
uzlPvsqZHpPbB/R6sQpeJ1dpnptkApotOFax0bARwprX4DQVBOIwsMAI48DAdAOx
HN6aBSQBmYaNEJRwjXMF5MY1psDmWsjt4qtbEyw++f9Cw46LNC1Cz6erJCurs8SY
6oaLucg88kjHXSyFTEkzL8+Tbd340TKl3wHaCsB3+BRSxXSX2MUg0XMPUUImlMSc
WbvN742o2Ayg7lvpV4heTEs8N+WbEMog0bpBiPfw6aRDcojGb08Mdt6rgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqi6W2nSOg8SG4UWbqRFyrnaLY2MB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvZXFMcGJhZEk2RHhJYmhSWnVwRVhLdWRvdGpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgPMA0G
CSqGSIb3DQEBCwUAA4IBAQAFXI4ky5Ko/O0vwIo7dsj2dQH1pu14UiBwG9etYy9u
4AswsW/p0SvFmLLCOrTyV+1fpad/20XKP6WXbteCid7GM6Yqbr5V8o4ytqz8qg+Q
2KJm2GD8UvYSQcME/SsmJzLQEPflAjpo18864rMKfOh06Y45l14FZWBxCvQHWajS
O34JqCdCvPUdXT6E5Tx4lzuOVigOj8UZhqUxN3I/KLtkpOYgSSpNb7a/0Bak0gc0
X6Ap+hn/4WTtEyeg8s+5XvWP7FKPo/MPK0IvkUdEzyB8Q/SijClkBM+PBZXyRyHA
VBmF5bGGm7BIPB4FML/DvV7+ZxQP0GCe0ka+wAEsKgn9
-----END CERTIFICATE-----