Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/67XLgvy5-EJhzDzUdma4CUcWao4.roa
File:                     67XLgvy5-EJhzDzUdma4CUcWao4.roa (raw, json)
Hash identifier:          z6WP7ovAzgPUaZn0tQEif7/RdVds7DnCsGW3nzuU0/8=
Subject key identifier:   EB:B5:CB:82:FC:B9:F8:42:61:CC:3C:D4:76:66:B8:09:47:16:6A:8E
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019A3A34150D77FB288A4C6D2A57FDF6D959
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/67XLgvy5-EJhzDzUdma4CUcWao4.roa
Signing time:             Fri 31 Oct 2025 12:18:03 +0000
ROA not before:           Fri 31 Oct 2025 12:18:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57013
IP address blocks:        170.168.0.0/24 maxlen: 24
                          170.168.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:3a:34:15:0d:77:fb:28:8a:4c:6d:2a:57:fd:f6:d9:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Oct 31 12:18:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ebb5cb82fcb9f84261cc3cd47666b80947166a8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:d9:f6:f1:73:01:12:65:e0:80:4a:04:c5:e4:
                    9d:a8:ab:a6:9f:c4:08:c6:c6:05:78:87:91:91:5b:
                    44:6b:bb:fc:66:c5:15:36:e1:13:5c:66:15:99:06:
                    52:50:f3:e8:29:9f:31:4f:89:5d:aa:95:45:b8:48:
                    e8:80:d7:ae:c6:18:41:e8:88:66:4c:76:c3:60:03:
                    64:7a:30:01:79:03:37:d0:6e:1e:e8:e6:37:7b:3d:
                    2a:3e:10:7c:17:90:d5:4b:d2:48:fc:54:d6:68:5f:
                    5a:8e:b8:52:73:30:a8:09:fb:a0:05:1b:44:75:ac:
                    1c:e7:7e:73:25:51:69:67:66:f2:36:f8:0f:aa:0b:
                    cd:d1:fd:60:30:53:30:c6:8e:8c:84:2a:26:e2:60:
                    0c:67:d8:12:11:7f:06:3b:4b:c2:63:bd:18:ea:b9:
                    bc:9c:cd:f6:ae:56:09:5d:1c:a6:e8:f5:fa:21:91:
                    cc:35:75:cd:ad:9e:a3:bb:15:2b:76:3a:34:be:14:
                    94:13:03:c9:c5:b0:2f:60:66:32:e6:5e:19:4e:32:
                    45:36:65:d6:de:9f:b7:73:09:87:ed:39:a5:f6:ee:
                    52:c2:20:f2:82:f6:1b:fd:90:92:2d:47:7c:c3:13:
                    19:c3:5f:91:63:04:39:74:47:eb:4b:56:6c:db:18:
                    ba:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:B5:CB:82:FC:B9:F8:42:61:CC:3C:D4:76:66:B8:09:47:16:6A:8E
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/67XLgvy5-EJhzDzUdma4CUcWao4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  170.168.0.0/24
                  170.168.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:5a:25:98:c2:28:75:d0:34:bb:cb:11:be:1e:95:74:8d:b2:
         ed:80:8e:b4:22:32:2d:77:1e:c3:1c:e1:70:68:51:1c:3b:54:
         00:19:41:e2:66:7d:e3:0e:72:e2:8a:6b:7c:bc:27:99:78:7b:
         cf:d2:47:93:bd:e3:11:53:4a:dd:e5:94:a4:6b:bb:b0:2b:ee:
         34:78:a6:5c:ef:58:1f:0f:01:6f:9b:92:b9:2d:f7:3f:c2:25:
         f9:87:33:03:9e:77:ad:f6:e2:ef:31:6e:68:d1:a0:a2:6f:09:
         37:6f:80:03:29:cb:9c:13:5d:53:cc:6f:34:59:7a:2f:65:1f:
         ec:78:87:8c:b0:9e:90:e1:45:c8:eb:e4:e4:52:63:16:cf:1f:
         95:39:32:1f:a1:b5:83:b3:3a:b4:d6:ea:06:47:1b:2e:ac:a8:
         8f:7b:84:e7:8d:f0:9c:c2:6a:65:b0:ee:af:d3:b3:99:f5:55:
         78:92:70:1d:d3:ae:44:ad:d8:f3:4b:67:db:3a:3c:68:47:aa:
         12:bd:b1:d6:ae:fe:dd:15:5a:10:a9:f9:00:43:ec:90:9e:a0:
         a0:b8:2a:cc:0a:8a:ae:be:dd:93:de:b2:9b:97:e7:7c:74:b2:
         5c:d6:20:3e:93:66:36:e3:e3:46:e7:77:8c:49:de:6f:d7:da:
         4b:8c:3d:31
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZo6NBUNd/soikxtKlf99tlZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUxMDMxMTIxODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmI1Y2I4MmZjYjlmODQyNjFjYzNjZDQ3NjY2YjgwOTQ3MTY2YThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNn28XMBEmXggEoExeSdqKumn8QI
xsYFeIeRkVtEa7v8ZsUVNuETXGYVmQZSUPPoKZ8xT4ldqpVFuEjogNeuxhhB6Ihm
THbDYANkejABeQM30G4e6OY3ez0qPhB8F5DVS9JI/FTWaF9ajrhSczCoCfugBRtE
dawc535zJVFpZ2byNvgPqgvN0f1gMFMwxo6MhCom4mAMZ9gSEX8GO0vCY70Y6rm8
nM32rlYJXRym6PX6IZHMNXXNrZ6juxUrdjo0vhSUEwPJxbAvYGYy5l4ZTjJFNmXW
3p+3cwmH7Tml9u5SwiDygvYb/ZCSLUd8wxMZw1+RYwQ5dEfrS1Zs2xi6mQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOu1y4L8ufhCYcw81HZmuAlHFmqOMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvNjdYTGd2eTUtRUpoekR6VWRtYTRDVWNXYW80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqqgAAwQA
qqhDMA0GCSqGSIb3DQEBCwUAA4IBAQAUWiWYwih10DS7yxG+HpV0jbLtgI60IjIt
dx7DHOFwaFEcO1QAGUHiZn3jDnLiimt8vCeZeHvP0keTveMRU0rd5ZSka7uwK+40
eKZc71gfDwFvm5K5Lfc/wiX5hzMDnnet9uLvMW5o0aCibwk3b4ADKcucE11TzG80
WXovZR/seIeMsJ6Q4UXI6+TkUmMWzx+VOTIfobWDszq01uoGRxsurKiPe4TnjfCc
wmplsO6v07OZ9VV4knAd065ErdjzS2fbOjxoR6oSvbHWrv7dFVoQqfkAQ+yQnqCg
uCrMCoquvt2T3rKbl+d8dLJc1iA+k2Y24+NG53eMSd5v19pLjD0x
-----END CERTIFICATE-----