Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/Ew2u4fx_aQ9zMEtqOWMhDa5V7nE.roa
File:                     Ew2u4fx_aQ9zMEtqOWMhDa5V7nE.roa (raw, json)
Hash identifier:          x28lvMc0qdwGJwKWszESdc/fXn/X5nd+KMthC+H7owI=
Subject key identifier:   13:0D:AE:E1:FC:7F:69:0F:73:30:4B:6A:39:63:21:0D:AE:55:EE:71
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019663F173DD9F220103B5AC2DBCF3888075
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/Ew2u4fx_aQ9zMEtqOWMhDa5V7nE.roa
Signing time:             Wed 23 Apr 2025 18:38:10 +0000
ROA not before:           Wed 23 Apr 2025 18:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57724
IP address blocks:        91.192.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 17:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:63:f1:73:dd:9f:22:01:03:b5:ac:2d:bc:f3:88:80:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Apr 23 18:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=130daee1fc7f690f73304b6a3963210dae55ee71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:66:4a:05:0b:53:f9:e8:f6:34:55:a7:b8:8f:
                    96:4f:aa:44:43:2a:7b:3a:85:0f:a0:a5:81:40:24:
                    b8:1d:0f:7b:d5:22:07:ff:9c:d7:bf:8c:94:13:72:
                    94:5d:d8:d9:1d:ae:76:9c:f7:8e:bf:d8:b6:24:84:
                    6e:35:ca:a8:12:9f:af:6e:2a:72:99:6f:ad:ac:a4:
                    21:a6:95:94:e0:78:28:04:72:b9:58:6c:70:74:53:
                    37:0d:cd:88:be:d0:5f:c2:0e:a0:62:4d:80:7b:78:
                    21:e3:b3:df:5a:15:df:34:02:2f:fc:23:0e:af:0d:
                    af:ed:2e:8b:ff:ae:68:53:b0:6a:f2:cf:65:ce:8c:
                    4d:f3:9c:29:02:a7:98:6e:55:3b:d5:20:3b:d0:de:
                    c0:ba:3b:3c:1f:73:a9:3c:30:7b:41:84:8d:5c:2f:
                    09:ed:3f:ef:db:ed:c5:62:6e:d4:de:dc:85:60:e7:
                    23:5f:ae:bf:47:4c:34:e3:1a:a9:9f:94:b2:76:ab:
                    d0:07:01:d7:3c:59:3d:0a:33:5a:e5:6c:67:7f:ab:
                    07:14:7d:15:a6:72:75:c6:f4:81:4f:ec:f9:34:f8:
                    d3:23:a0:e0:e1:e7:f4:4d:ed:6d:43:13:22:b9:0e:
                    61:0b:b1:6c:f0:1f:9f:82:2b:4f:08:04:99:53:a6:
                    13:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0D:AE:E1:FC:7F:69:0F:73:30:4B:6A:39:63:21:0D:AE:55:EE:71
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/Ew2u4fx_aQ9zMEtqOWMhDa5V7nE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:a8:a1:ab:e4:4c:fb:58:5e:68:5a:e3:fe:73:a3:9e:17:d0:
         27:6e:1e:a6:cc:c7:56:25:c5:cf:a4:d8:40:69:63:0d:00:04:
         b1:e1:2c:91:bc:d0:53:fb:67:c0:84:4c:47:24:45:00:67:cd:
         23:89:35:23:46:b3:ec:5d:95:4b:e4:01:57:6a:79:c9:e7:87:
         f7:1d:f9:de:0d:9a:65:ca:15:03:10:34:00:6b:bf:0c:c1:0c:
         1e:4d:01:8f:df:85:c8:69:c3:5d:c7:42:42:82:d6:9f:8a:85:
         0e:21:aa:b2:f7:9c:70:21:25:92:db:35:41:83:aa:0e:ed:3c:
         59:74:b2:09:42:cb:04:6d:8d:0e:da:ed:59:21:2e:8b:4c:8a:
         32:73:df:4b:f8:1c:ee:85:94:e8:57:f5:58:1e:95:93:98:e4:
         a3:8f:5c:13:06:97:07:81:94:52:50:3c:a2:94:f6:72:ce:b0:
         15:76:d4:69:9a:b4:97:54:06:83:66:18:c6:2f:f4:14:18:1a:
         aa:85:be:a1:d7:38:af:8a:d5:d5:cd:88:23:8c:5b:53:58:3f:
         5a:be:9e:82:5f:61:25:6e:7e:3e:87:a4:4a:7a:28:77:32:fe:
         a1:4f:64:46:66:00:6f:08:81:2f:ee:6b:ad:dc:76:55:b7:78:
         4e:5b:28:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZj8XPdnyIBA7WsLbzziIB1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjUwNDIzMTgzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzBkYWVlMWZjN2Y2OTBmNzMzMDRiNmEzOTYzMjEwZGFlNTVlZTcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwWZKBQtT+ej2NFWnuI+WT6pEQyp7
OoUPoKWBQCS4HQ971SIH/5zXv4yUE3KUXdjZHa52nPeOv9i2JIRuNcqoEp+vbipy
mW+trKQhppWU4HgoBHK5WGxwdFM3Dc2IvtBfwg6gYk2Ae3gh47PfWhXfNAIv/CMO
rw2v7S6L/65oU7Bq8s9lzoxN85wpAqeYblU71SA70N7Aujs8H3OpPDB7QYSNXC8J
7T/v2+3FYm7U3tyFYOcjX66/R0w04xqpn5SydqvQBwHXPFk9CjNa5Wxnf6sHFH0V
pnJ1xvSBT+z5NPjTI6Dg4ef0Te1tQxMiuQ5hC7Fs8B+fgitPCASZU6YT3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMNruH8f2kPczBLajljIQ2uVe5xMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvRXcydTRmeF9hUTl6TUV0cU9XTWhEYTVWN25FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8BcMA0G
CSqGSIb3DQEBCwUAA4IBAQCEqKGr5Ez7WF5oWuP+c6OeF9Anbh6mzMdWJcXPpNhA
aWMNAASx4SyRvNBT+2fAhExHJEUAZ80jiTUjRrPsXZVL5AFXannJ54f3HfneDZpl
yhUDEDQAa78MwQweTQGP34XIacNdx0JCgtafioUOIaqy95xwISWS2zVBg6oO7TxZ
dLIJQssEbY0O2u1ZIS6LTIoyc99L+BzuhZToV/VYHpWTmOSjj1wTBpcHgZRSUDyi
lPZyzrAVdtRpmrSXVAaDZhjGL/QUGBqqhb6h1zivitXVzYgjjFtTWD9avp6CX2El
bn4+h6RKeih3Mv6hT2RGZgBvCIEv7mut3HZVt3hOWyjP
-----END CERTIFICATE-----