Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/n9JcdAJk_0CmQbAcIsk5OQf4rEg.roa
File:                     n9JcdAJk_0CmQbAcIsk5OQf4rEg.roa (raw, json)
Hash identifier:          EJz2V8je5D8ufjc+9LcNLrHnDG0vfZWOkD5XW3OJi+w=
Subject key identifier:   9F:D2:5C:74:02:64:FF:40:A6:41:B0:1C:22:C9:39:39:07:F8:AC:48
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019898ED8A3C9AE513535EDDC89CABAFB3E1
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/n9JcdAJk_0CmQbAcIsk5OQf4rEg.roa
Signing time:             Mon 11 Aug 2025 11:39:20 +0000
ROA not before:           Mon 11 Aug 2025 11:39:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12389
IP address blocks:        170.168.18.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:98:ed:8a:3c:9a:e5:13:53:5e:dd:c8:9c:ab:af:b3:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug 11 11:39:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9fd25c740264ff40a641b01c22c9393907f8ac48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:af:46:0c:9d:b7:37:94:38:76:52:fc:da:f1:
                    de:1b:45:4b:96:65:93:fc:17:86:ad:e5:dc:72:4b:
                    20:25:37:8b:32:4d:eb:bf:52:bf:e2:ac:01:41:44:
                    07:25:91:5d:dc:db:ca:d9:27:6b:5c:87:e2:51:c7:
                    fa:05:2c:06:48:d4:2e:06:49:eb:6e:22:7d:67:94:
                    89:c9:d5:8c:df:4a:b3:78:b0:7f:f0:b0:11:56:80:
                    6c:2f:1e:a1:96:f8:c9:2e:79:18:f8:f3:64:00:2b:
                    58:8b:89:ff:29:8f:2d:34:1c:fc:3c:db:72:2c:9e:
                    ab:72:d8:ef:b0:e1:35:65:99:c5:61:82:fe:c9:ff:
                    f8:f5:2d:f1:31:16:93:75:16:28:fd:21:0d:66:8d:
                    d6:80:65:ec:26:a3:66:94:64:77:aa:2d:b1:ac:a0:
                    0a:a5:89:b3:7e:72:82:cc:d2:89:a3:19:1e:63:44:
                    73:6e:15:88:ce:60:2b:d0:ca:e6:25:a8:c2:3b:ae:
                    ac:05:e2:df:f9:63:5c:01:75:14:93:f1:bf:5f:f4:
                    9b:35:4f:79:ce:c2:87:05:81:52:93:90:0a:a8:07:
                    20:1f:d5:44:c8:f9:de:4a:91:13:37:1c:20:fc:69:
                    a9:56:44:1a:a5:e6:3b:62:d3:94:e0:3a:54:e0:ab:
                    ed:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:D2:5C:74:02:64:FF:40:A6:41:B0:1C:22:C9:39:39:07:F8:AC:48
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/n9JcdAJk_0CmQbAcIsk5OQf4rEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.18.0/23

    Signature Algorithm: sha256WithRSAEncryption
         75:6f:a1:c1:a9:90:9c:37:03:6e:57:a7:13:86:de:f6:a0:da:
         3f:29:cf:36:e6:8e:25:87:c5:48:2e:86:7b:34:97:d8:79:29:
         8c:b3:7a:f7:c6:72:0f:d9:87:7c:ff:d7:da:b9:2f:8f:09:5b:
         82:15:a7:d0:db:45:76:b5:51:b4:c9:47:19:14:91:9b:3c:7f:
         7a:31:40:96:c1:d9:52:5d:f5:c8:18:34:02:76:89:ed:d1:de:
         22:25:53:65:57:d0:3f:22:75:a8:48:f0:ea:b0:5c:4f:42:56:
         1c:1e:26:ae:b2:5c:24:aa:0a:70:08:50:37:87:ce:73:57:9a:
         67:eb:09:81:c8:70:cd:e8:c5:9f:7c:35:0a:7c:86:81:48:a1:
         d1:a4:64:4d:5a:80:c1:fc:41:40:2e:74:85:eb:c6:02:9f:20:
         00:3e:03:92:f5:74:a6:68:6b:db:bf:ab:fa:c9:95:2b:09:41:
         fa:6a:de:bb:3e:ce:e5:73:20:e2:cc:13:6e:9d:5f:c6:92:a7:
         fd:bd:fc:18:ad:3e:ac:20:fb:f2:41:1f:8e:cb:bb:20:e3:cf:
         a2:b0:bf:61:61:33:da:cb:cf:e5:51:13:6e:9f:d0:61:07:56:
         77:d5:12:70:59:33:db:e6:9b:41:4e:73:51:6d:2e:56:db:3a:
         96:00:b5:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiY7Yo8muUTU17dyJyrr7PhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODExMTEzOTIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZmQyNWM3NDAyNjRmZjQwYTY0MWIwMWMyMmM5MzkzOTA3ZjhhYzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK9GDJ23N5Q4dlL82vHeG0VLlmWT
/BeGreXccksgJTeLMk3rv1K/4qwBQUQHJZFd3NvK2SdrXIfiUcf6BSwGSNQuBknr
biJ9Z5SJydWM30qzeLB/8LARVoBsLx6hlvjJLnkY+PNkACtYi4n/KY8tNBz8PNty
LJ6rctjvsOE1ZZnFYYL+yf/49S3xMRaTdRYo/SENZo3WgGXsJqNmlGR3qi2xrKAK
pYmzfnKCzNKJoxkeY0RzbhWIzmAr0MrmJajCO66sBeLf+WNcAXUUk/G/X/SbNU95
zsKHBYFSk5AKqAcgH9VEyPneSpETNxwg/GmpVkQapeY7YtOU4DpU4Kvt9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ/SXHQCZP9ApkGwHCLJOTkH+KxIMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvbjlKY2RBSmtfMENtUWJBY0lzazVPUWY0ckVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBqqgSMA0G
CSqGSIb3DQEBCwUAA4IBAQB1b6HBqZCcNwNuV6cTht72oNo/Kc825o4lh8VILoZ7
NJfYeSmMs3r3xnIP2Yd8/9fauS+PCVuCFafQ20V2tVG0yUcZFJGbPH96MUCWwdlS
XfXIGDQCdont0d4iJVNlV9A/InWoSPDqsFxPQlYcHiauslwkqgpwCFA3h85zV5pn
6wmByHDN6MWffDUKfIaBSKHRpGRNWoDB/EFALnSF68YCnyAAPgOS9XSmaGvbv6v6
yZUrCUH6at67Ps7lcyDizBNunV/Gkqf9vfwYrT6sIPvyQR+Oy7sg48+isL9hYTPa
y8/lURNun9BhB1Z31RJwWTPb5ptBTnNRbS5W2zqWALUw
-----END CERTIFICATE-----