Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/rzq199fZhDX4Cc8b8HUXyKGHh0E.roa
File:                     rzq199fZhDX4Cc8b8HUXyKGHh0E.roa (raw, json)
Hash identifier:          N/ksDgvXEt9GD0GA+U9O8KGTZ3RLHe23yCW5y1ZB8wA=
Subject key identifier:   AF:3A:B5:F7:D7:D9:84:35:F8:09:CF:1B:F0:75:17:C8:A1:87:87:41
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       01992F933DE048D56D6B1A59491187204AF0
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/rzq199fZhDX4Cc8b8HUXyKGHh0E.roa
Signing time:             Tue 09 Sep 2025 17:43:22 +0000
ROA not before:           Tue 09 Sep 2025 17:43:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198769
IP address blocks:        170.168.65.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:2f:93:3d:e0:48:d5:6d:6b:1a:59:49:11:87:20:4a:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Sep  9 17:43:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af3ab5f7d7d98435f809cf1bf07517c8a1878741
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:68:1a:5b:44:04:13:cf:53:f5:30:42:1a:bd:
                    25:0b:4e:9f:0c:9d:f7:d9:0a:85:d2:0c:7b:3b:ff:
                    a4:3e:17:50:2e:6c:ba:17:29:78:2e:b7:75:fc:7e:
                    bd:6b:bc:64:bb:73:f6:4a:a1:cd:67:39:77:f1:7e:
                    4e:10:66:e4:85:14:fa:1c:b2:4f:44:c2:a9:d4:96:
                    08:fb:1d:7e:d2:0e:4b:e6:d5:98:d4:55:25:31:30:
                    23:be:65:04:fa:d8:d3:75:53:a2:d7:53:f2:a4:f1:
                    51:9f:4f:06:e5:d2:02:2c:81:b8:ec:11:c0:cd:a6:
                    58:06:a5:3e:37:14:69:0f:08:ad:b6:f7:55:d8:85:
                    94:b3:b8:38:5c:2c:72:60:fd:48:9f:ae:95:bf:53:
                    95:37:bd:23:f0:4d:10:ec:95:1c:0e:a7:8f:36:20:
                    6b:e4:2f:c5:50:f8:da:c1:7f:26:12:6f:a6:ed:47:
                    44:d5:d3:87:88:14:b7:f1:12:c2:56:7c:bb:27:6d:
                    74:6e:9a:cd:c4:37:35:7f:aa:69:d2:a6:e1:eb:5f:
                    72:74:a2:42:77:f0:bd:5b:ca:dd:bd:87:39:57:32:
                    9f:44:1b:54:5b:00:cc:1b:35:53:8a:ac:4a:b7:76:
                    01:18:05:c7:61:89:df:29:cc:43:cf:91:59:2f:ff:
                    e6:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:3A:B5:F7:D7:D9:84:35:F8:09:CF:1B:F0:75:17:C8:A1:87:87:41
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/rzq199fZhDX4Cc8b8HUXyKGHh0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:2a:2d:9f:75:1b:13:1c:92:09:92:d4:2b:e6:a8:7b:eb:e6:
         4b:85:29:85:74:02:00:bc:97:04:47:ee:b4:fa:ca:a5:d0:10:
         7f:dd:07:a7:28:32:0a:0b:5c:cb:d3:dd:36:f6:21:09:ab:f3:
         c4:de:d6:b3:86:a4:c3:94:20:b2:d3:cd:52:c1:0e:51:59:fa:
         24:68:78:3b:ce:d1:f7:fe:2b:3b:6b:00:61:0b:e6:59:27:05:
         1f:ce:ad:90:54:ae:74:54:05:94:16:9d:f4:5b:f6:c0:77:b2:
         57:79:fe:39:c0:dd:5d:fb:7a:ee:20:62:e2:40:90:c9:8f:12:
         c8:81:5c:ff:d5:8c:98:8d:40:3c:de:1f:26:ac:46:b8:e8:6e:
         21:69:24:fa:52:f0:5b:a8:3b:58:84:2f:eb:11:f9:3e:40:4b:
         cc:89:e2:9d:aa:63:ce:08:a0:be:70:ae:8c:81:e1:54:16:de:
         93:2a:f4:a0:e8:5e:a9:4f:c5:58:58:ee:1c:6b:14:77:05:ee:
         05:dc:39:08:6b:f8:e4:03:c6:a6:40:c7:b2:27:65:fc:f0:4b:
         dd:34:eb:ab:2d:58:52:ba:0c:96:cf:12:e9:7d:b8:94:e9:90:
         87:f7:bd:5f:ba:07:8e:34:48:14:57:3d:6d:1f:a0:75:f3:c9:
         cb:75:45:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZkvkz3gSNVtaxpZSRGHIErwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwOTA5MTc0MzIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjNhYjVmN2Q3ZDk4NDM1ZjgwOWNmMWJmMDc1MTdjOGExODc4NzQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGgaW0QEE89T9TBCGr0lC06fDJ33
2QqF0gx7O/+kPhdQLmy6Fyl4Lrd1/H69a7xku3P2SqHNZzl38X5OEGbkhRT6HLJP
RMKp1JYI+x1+0g5L5tWY1FUlMTAjvmUE+tjTdVOi11PypPFRn08G5dICLIG47BHA
zaZYBqU+NxRpDwittvdV2IWUs7g4XCxyYP1In66Vv1OVN70j8E0Q7JUcDqePNiBr
5C/FUPjawX8mEm+m7UdE1dOHiBS38RLCVny7J210bprNxDc1f6pp0qbh619ydKJC
d/C9W8rdvYc5VzKfRBtUWwDMGzVTiqxKt3YBGAXHYYnfKcxDz5FZL//mtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK86tffX2YQ1+AnPG/B1F8ihh4dBMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvcnpxMTk5ZlpoRFg0Q2M4YjhIVVh5S0dIaDBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqqhBMA0G
CSqGSIb3DQEBCwUAA4IBAQBHKi2fdRsTHJIJktQr5qh76+ZLhSmFdAIAvJcER+60
+sql0BB/3QenKDIKC1zL09029iEJq/PE3tazhqTDlCCy081SwQ5RWfokaHg7ztH3
/is7awBhC+ZZJwUfzq2QVK50VAWUFp30W/bAd7JXef45wN1d+3ruIGLiQJDJjxLI
gVz/1YyYjUA83h8mrEa46G4haST6UvBbqDtYhC/rEfk+QEvMieKdqmPOCKC+cK6M
geFUFt6TKvSg6F6pT8VYWO4caxR3Be4F3DkIa/jkA8amQMeyJ2X88EvdNOurLVhS
ugyWzxLpfbiU6ZCH971fugeONEgUVz1tH6B188nLdUWD
-----END CERTIFICATE-----