Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/tEHQFHa2f8KrhHKllClbeVg0NJE.roa
File:                     tEHQFHa2f8KrhHKllClbeVg0NJE.roa (raw, json)
Hash identifier:          d2Hn6J51pZZm8t2NWyb8YpJ5GRHxu/oydfuouY++j+M=
Subject key identifier:   B4:41:D0:14:76:B6:7F:C2:AB:84:72:A5:94:29:5B:79:58:34:34:91
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       0198AF33307C0F2BFA891AE5090FFDC0AE9F
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/tEHQFHa2f8KrhHKllClbeVg0NJE.roa
Signing time:             Fri 15 Aug 2025 19:27:04 +0000
ROA not before:           Fri 15 Aug 2025 19:27:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58136
IP address blocks:        170.168.9.0/24 maxlen: 24
                          170.168.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 11:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:af:33:30:7c:0f:2b:fa:89:1a:e5:09:0f:fd:c0:ae:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Aug 15 19:27:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b441d01476b67fc2ab8472a594295b7958343491
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:25:33:7c:d3:92:08:27:11:54:fd:52:e3:0a:
                    56:be:95:bf:f8:d6:6e:2d:74:0a:a0:8e:82:d7:b2:
                    0e:7e:35:c6:6c:c2:a6:f5:83:c4:ea:a1:6e:47:9f:
                    5c:01:73:55:41:42:ec:ce:43:da:b9:ad:b7:2a:0d:
                    98:3d:22:40:72:2d:3d:cf:39:a0:bf:17:02:a5:ef:
                    ce:a8:cb:73:45:52:db:25:b7:45:3b:d4:21:d1:3c:
                    e3:e9:71:0e:6d:28:e9:b2:8c:04:ad:38:fc:24:c0:
                    20:aa:08:ee:71:f7:26:71:03:5f:d6:41:3e:fd:b3:
                    19:e8:4f:1f:e7:0e:fe:60:1b:0f:23:a0:8a:f6:64:
                    2c:72:b4:d4:19:52:f4:b2:a9:ac:43:e8:65:5f:12:
                    ea:d2:05:a9:3a:ff:2b:29:7c:c0:a8:bd:ad:8b:6b:
                    f4:66:ee:9b:65:fe:f8:55:f1:13:24:bc:d5:1e:64:
                    c7:ff:3f:d6:37:d3:a5:15:bf:2b:8a:18:42:ef:8c:
                    7d:24:cb:b3:e1:17:d3:1f:1b:b3:27:0a:9f:de:0f:
                    ca:d2:a6:3e:80:28:00:cc:bd:b3:ce:5a:85:45:55:
                    bd:55:2b:74:29:76:24:eb:30:5a:a0:d7:e1:38:cb:
                    d5:34:6c:dc:f1:c9:96:dc:1c:57:9a:78:09:8d:fb:
                    84:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:41:D0:14:76:B6:7F:C2:AB:84:72:A5:94:29:5B:79:58:34:34:91
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/tEHQFHa2f8KrhHKllClbeVg0NJE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.9.0-170.168.10.255

    Signature Algorithm: sha256WithRSAEncryption
         83:b0:f0:6f:38:a6:15:74:73:56:c9:4b:90:74:6f:0a:41:37:
         cc:cc:6e:7f:bf:b8:99:40:e8:0b:3f:d9:67:f5:4d:da:5e:c8:
         eb:d3:5e:2d:c6:f6:4e:92:cd:74:ba:e2:ec:90:ab:35:78:3e:
         ad:36:50:ce:0e:bf:4c:65:40:6a:18:83:26:c2:da:2f:95:c1:
         cd:fa:5a:ca:3e:72:06:1b:c0:86:e8:39:84:9e:be:39:63:c2:
         de:c2:fa:6b:df:61:b0:7f:b5:ae:8e:a0:39:ab:d5:95:21:92:
         7e:2e:cb:7b:d5:11:ea:f0:51:2e:40:c3:d2:1e:6e:89:4a:26:
         30:5d:a1:e0:b4:76:6b:14:e3:9e:cb:53:b5:05:6c:70:4d:6f:
         6a:dd:da:9a:2b:34:4b:a2:11:f1:bf:4a:dc:18:e6:f2:52:b0:
         c0:80:0a:61:b7:24:6a:a1:ed:1e:ff:4e:a8:e9:f7:9e:fd:c9:
         78:e4:cc:4a:28:05:2c:d8:b4:0c:8c:46:3e:3f:08:42:76:9e:
         49:0f:90:27:8a:61:c8:51:af:08:77:13:96:0e:f6:f9:a3:46:
         fa:91:0d:ac:a1:99:25:ef:41:b8:99:eb:2a:76:97:48:ec:c9:
         18:50:f3:96:5a:cd:30:ad:0e:07:cb:de:82:92:f4:de:cf:a7:
         70:dd:05:37
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZivMzB8Dyv6iRrlCQ/9wK6fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwODE1MTkyNzA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDQxZDAxNDc2YjY3ZmMyYWI4NDcyYTU5NDI5NWI3OTU4MzQzNDkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6SUzfNOSCCcRVP1S4wpWvpW/+NZu
LXQKoI6C17IOfjXGbMKm9YPE6qFuR59cAXNVQULszkPaua23Kg2YPSJAci09zzmg
vxcCpe/OqMtzRVLbJbdFO9Qh0Tzj6XEObSjpsowErTj8JMAgqgjucfcmcQNf1kE+
/bMZ6E8f5w7+YBsPI6CK9mQscrTUGVL0sqmsQ+hlXxLq0gWpOv8rKXzAqL2ti2v0
Zu6bZf74VfETJLzVHmTH/z/WN9OlFb8rihhC74x9JMuz4RfTHxuzJwqf3g/K0qY+
gCgAzL2zzlqFRVW9VSt0KXYk6zBaoNfhOMvVNGzc8cmW3BxXmngJjfuEPwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLRB0BR2tn/Cq4RypZQpW3lYNDSRMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvdEVIUUZIYTJmOEtyaEhLbGxDbGJlVmcwTkpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACqqAkD
BACqqAowDQYJKoZIhvcNAQELBQADggEBAIOw8G84phV0c1bJS5B0bwpBN8zMbn+/
uJlA6As/2Wf1TdpeyOvTXi3G9k6SzXS64uyQqzV4Pq02UM4Ov0xlQGoYgybC2i+V
wc36Wso+cgYbwIboOYSevjljwt7C+mvfYbB/ta6OoDmr1ZUhkn4uy3vVEerwUS5A
w9IebolKJjBdoeC0dmsU457LU7UFbHBNb2rd2porNEuiEfG/StwY5vJSsMCACmG3
JGqh7R7/Tqjp9579yXjkzEooBSzYtAyMRj4/CEJ2nkkPkCeKYchRrwh3E5YO9vmj
RvqRDayhmSXvQbiZ6yp2l0jsyRhQ85ZazTCtDgfL3oKS9N7Pp3DdBTc=
-----END CERTIFICATE-----