Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/lSPQiFcamFwrOMXbm4_0wnYLO1k.roa
File:                     lSPQiFcamFwrOMXbm4_0wnYLO1k.roa (raw, json)
Hash identifier:          wxkgrrI+lESZWSenzZcj+dm/I17XrlGhsPr/T4Nhz8A=
Subject key identifier:   95:23:D0:88:57:1A:98:5C:2B:38:C5:DB:9B:8F:F4:C2:76:0B:3B:59
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019875F3CF1E5EE609EC3704FB21F2DC8373
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/lSPQiFcamFwrOMXbm4_0wnYLO1k.roa
Signing time:             Mon 04 Aug 2025 16:39:29 +0000
ROA not before:           Mon 04 Aug 2025 16:39:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205799
IP address blocks:        170.168.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:75:f3:cf:1e:5e:e6:09:ec:37:04:fb:21:f2:dc:83:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug  4 16:39:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9523d088571a985c2b38c5db9b8ff4c2760b3b59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:51:2b:25:34:1c:84:a5:27:f7:e5:e4:b3:02:
                    45:72:19:c5:af:86:47:dd:54:85:f7:4f:0a:64:23:
                    aa:07:48:da:a3:2c:c0:7b:bc:57:47:11:d4:db:c1:
                    be:19:52:6e:15:db:0f:ec:0a:57:30:36:84:94:c9:
                    9d:75:0e:dd:ed:6c:4a:f9:f7:77:69:e6:a1:43:b0:
                    aa:69:14:7c:19:86:6b:cf:48:0f:8d:2b:4f:33:44:
                    09:88:61:b8:67:ca:34:c6:6a:02:d0:37:eb:42:ed:
                    1d:f9:cd:b1:48:d8:06:e7:39:44:74:31:dc:a7:1c:
                    b7:13:77:6d:d3:da:90:7d:2d:5f:f3:78:62:4e:d9:
                    e8:b4:a4:aa:1c:cf:8b:15:26:cc:f2:93:17:2e:7d:
                    ed:8b:05:a0:5e:fc:02:53:42:53:6b:24:ff:51:0e:
                    73:60:de:f1:09:03:42:cb:7a:56:c9:81:80:fe:ee:
                    5d:9e:23:c7:cb:8e:9d:a3:54:16:2a:a6:a4:0a:42:
                    3e:f3:28:e9:b2:ae:5d:d3:6f:ba:68:34:2c:98:22:
                    58:a4:18:15:93:31:70:64:40:0e:6c:67:59:ed:0f:
                    81:e2:33:89:96:16:fc:2a:a3:b6:77:9b:bb:13:c6:
                    6c:99:69:48:f0:d0:60:60:8e:72:13:79:17:c9:10:
                    48:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:23:D0:88:57:1A:98:5C:2B:38:C5:DB:9B:8F:F4:C2:76:0B:3B:59
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/lSPQiFcamFwrOMXbm4_0wnYLO1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:31:39:a9:bc:d2:b2:e8:e3:94:b5:67:b6:c8:a8:a2:f7:d6:
         e3:3f:76:98:94:37:f2:cb:80:8a:4e:ef:83:9d:e4:a3:20:c8:
         a7:5c:11:ad:e7:9f:32:ea:24:79:46:3b:7b:d0:98:2a:37:3f:
         e9:a3:91:61:76:54:b2:58:a5:8a:0e:f5:fb:ea:e1:c7:a5:b0:
         27:df:9f:98:03:70:41:c8:b2:33:ba:1b:aa:ee:fe:7e:9f:fd:
         62:8d:d0:01:74:89:f0:53:01:e1:48:b8:9b:b7:7e:12:7a:2f:
         2a:6e:86:72:c4:03:a2:6c:66:61:5e:b6:41:cd:cb:cc:99:86:
         dd:f2:49:43:3a:3a:55:2b:9c:be:f6:ab:ec:e2:52:f8:15:4c:
         67:0c:25:1f:0d:1c:51:e1:c6:6e:57:3c:54:58:eb:ed:7e:1d:
         9c:d2:08:1a:72:d6:51:f9:55:42:55:66:23:76:30:03:4c:f5:
         4c:e8:9a:dc:58:20:37:27:c2:69:04:05:d0:2a:ad:b8:77:7c:
         ec:03:0f:83:f2:1d:70:3c:b0:f9:6e:10:f2:2b:fd:35:a5:0c:
         e1:05:a4:a1:9b:e4:7f:a6:16:98:b4:2b:ae:d0:36:48:28:4b:
         34:27:c4:d7:98:5a:db:58:6d:4b:ef:30:66:e2:e4:48:91:83:
         2c:5d:70:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZh1888eXuYJ7DcE+yHy3INzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODA0MTYzOTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTIzZDA4ODU3MWE5ODVjMmIzOGM1ZGI5YjhmZjRjMjc2MGIzYjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1ErJTQchKUn9+XkswJFchnFr4ZH
3VSF908KZCOqB0jaoyzAe7xXRxHU28G+GVJuFdsP7ApXMDaElMmddQ7d7WxK+fd3
aeahQ7CqaRR8GYZrz0gPjStPM0QJiGG4Z8o0xmoC0DfrQu0d+c2xSNgG5zlEdDHc
pxy3E3dt09qQfS1f83hiTtnotKSqHM+LFSbM8pMXLn3tiwWgXvwCU0JTayT/UQ5z
YN7xCQNCy3pWyYGA/u5dniPHy46do1QWKqakCkI+8yjpsq5d02+6aDQsmCJYpBgV
kzFwZEAObGdZ7Q+B4jOJlhb8KqO2d5u7E8ZsmWlI8NBgYI5yE3kXyRBIdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUj0IhXGphcKzjF25uP9MJ2CztZMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvbFNQUWlGY2FtRndyT01YYm00XzB3bllMTzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqgRMA0G
CSqGSIb3DQEBCwUAA4IBAQBMMTmpvNKy6OOUtWe2yKii99bjP3aYlDfyy4CKTu+D
neSjIMinXBGt558y6iR5Rjt70JgqNz/po5FhdlSyWKWKDvX76uHHpbAn35+YA3BB
yLIzuhuq7v5+n/1ijdABdInwUwHhSLibt34Sei8qboZyxAOibGZhXrZBzcvMmYbd
8klDOjpVK5y+9qvs4lL4FUxnDCUfDRxR4cZuVzxUWOvtfh2c0ggactZR+VVCVWYj
djADTPVM6JrcWCA3J8JpBAXQKq24d3zsAw+D8h1wPLD5bhDyK/01pQzhBaShm+R/
phaYtCuu0DZIKEs0J8TXmFrbWG1L7zBm4uRIkYMsXXCu
-----END CERTIFICATE-----