Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/zG_WsBN_ifHCDzCxW3N3oM2qY2c.roa
File:                     zG_WsBN_ifHCDzCxW3N3oM2qY2c.roa (raw, json)
Hash identifier:          zLekhnjBj+L7ziP9EcNrlNFSvn9kF/KCGg2U5W/dCpw=
Subject key identifier:   CC:6F:D6:B0:13:7F:89:F1:C2:0F:30:B1:5B:73:77:A0:CD:AA:63:67
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019EB2968E7E68CFD6ACA8C3AF6DA2E16325
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/zG_WsBN_ifHCDzCxW3N3oM2qY2c.roa
Signing time:             Wed 10 Jun 2026 17:31:11 +0000
ROA not before:           Wed 10 Jun 2026 17:31:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213870
IP address blocks:        138.249.144.0/22 maxlen: 22
                          138.249.144.0/24 maxlen: 24
                          138.249.145.0/24 maxlen: 24
                          138.249.146.0/24 maxlen: 24
                          138.249.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 07:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b2:96:8e:7e:68:cf:d6:ac:a8:c3:af:6d:a2:e1:63:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Jun 10 17:31:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=cc6fd6b0137f89f1c20f30b15b7377a0cdaa6367
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e0:08:16:31:d2:e1:71:a4:5a:d3:5b:4f:cc:
                    90:14:3f:c7:01:f9:15:17:a3:30:33:ba:a5:4f:d9:
                    7d:24:6a:57:07:bc:9a:b3:56:f1:9c:63:06:65:02:
                    be:7c:b2:51:dc:89:29:25:24:b7:3d:59:c3:8e:4d:
                    a4:76:9c:49:4d:c3:02:9f:fe:41:c8:ed:7a:68:d4:
                    f1:6f:cd:f1:aa:f6:1f:da:67:23:c6:31:ff:a6:bf:
                    9d:aa:29:84:15:d0:47:73:45:98:76:ec:a4:31:30:
                    52:f0:2e:72:fa:90:d7:98:e7:15:ea:7a:a6:4b:62:
                    05:62:2e:cd:98:b6:a6:78:88:a6:d4:16:31:96:1f:
                    41:0b:a0:f6:48:3f:3c:71:e9:80:37:62:84:88:d8:
                    f7:a1:4d:35:12:49:48:5f:de:2d:98:f8:d6:91:11:
                    6a:11:06:ba:79:55:86:b8:22:6d:c7:44:08:f0:de:
                    5e:0e:48:5c:65:5f:ff:fd:2c:98:b1:8a:d7:ee:e2:
                    33:b5:e7:e9:f7:37:10:05:bf:39:d5:c9:c2:9b:5f:
                    6e:2a:3b:0f:7a:cf:31:4e:07:84:0b:9d:30:25:a8:
                    99:f6:e5:fc:f8:bf:22:8d:19:cb:c4:e9:6b:5f:89:
                    fb:4a:d6:35:4d:af:43:55:b4:b6:94:61:12:af:67:
                    fc:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:6F:D6:B0:13:7F:89:F1:C2:0F:30:B1:5B:73:77:A0:CD:AA:63:67
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/zG_WsBN_ifHCDzCxW3N3oM2qY2c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:ce:fd:ca:fd:af:f3:33:93:8b:27:b1:4d:56:e1:45:c4:88:
         05:e9:99:f1:cf:c0:94:3c:d0:d8:ae:3c:40:65:c4:ab:62:ae:
         2f:1f:75:8d:93:d9:d7:88:cb:37:70:71:14:6e:9f:7f:7e:8e:
         3a:5f:47:2c:02:06:41:f3:c8:6d:1c:08:1c:3c:75:ca:93:1c:
         8e:07:a3:54:92:9f:24:2c:d0:c2:73:3c:0a:67:21:9a:7c:3f:
         07:55:66:c8:74:0f:08:5a:70:92:56:7f:e7:a8:c5:0e:f6:33:
         44:f9:35:2e:f6:70:08:09:71:54:59:45:d7:b8:51:dc:57:80:
         fe:43:ed:7f:de:60:26:92:27:94:3c:f8:81:70:b0:2c:ff:d7:
         c2:ad:15:f7:6b:08:3e:37:4a:71:58:b2:7a:70:5e:ba:07:72:
         2f:55:53:71:30:0f:8a:22:a7:77:1b:98:5d:ca:b1:73:7e:bc:
         8c:38:9e:68:4b:68:37:fe:ed:90:5a:26:61:c5:ec:97:cd:72:
         1a:ed:88:f2:94:21:5f:b1:d0:f3:83:74:30:fa:3c:87:a1:6d:
         9e:00:ac:cc:64:aa:ed:6c:0c:e1:c8:20:bf:2f:7a:a2:e0:d3:
         2a:3a:d7:f9:07:ed:a8:f0:4a:f7:59:3b:cb:87:e7:3e:bf:90:
         55:87:21:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6ylo5+aM/WrKjDr22i4WMlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwNjEwMTczMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzZmZDZiMDEzN2Y4OWYxYzIwZjMwYjE1YjczNzdhMGNkYWE2MzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+AIFjHS4XGkWtNbT8yQFD/HAfkV
F6MwM7qlT9l9JGpXB7yas1bxnGMGZQK+fLJR3IkpJSS3PVnDjk2kdpxJTcMCn/5B
yO16aNTxb83xqvYf2mcjxjH/pr+dqimEFdBHc0WYduykMTBS8C5y+pDXmOcV6nqm
S2IFYi7NmLameIim1BYxlh9BC6D2SD88cemAN2KEiNj3oU01EklIX94tmPjWkRFq
EQa6eVWGuCJtx0QI8N5eDkhcZV///SyYsYrX7uIztefp9zcQBb851cnCm19uKjsP
es8xTgeEC50wJaiZ9uX8+L8ijRnLxOlrX4n7StY1Ta9DVbS2lGESr2f8pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxv1rATf4nxwg8wsVtzd6DNqmNnMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvekdfV3NCTl9pZkhDRHpDeFczTjNvTTJxWTJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCivmQMA0G
CSqGSIb3DQEBCwUAA4IBAQA5zv3K/a/zM5OLJ7FNVuFFxIgF6Znxz8CUPNDYrjxA
ZcSrYq4vH3WNk9nXiMs3cHEUbp9/fo46X0csAgZB88htHAgcPHXKkxyOB6NUkp8k
LNDCczwKZyGafD8HVWbIdA8IWnCSVn/nqMUO9jNE+TUu9nAICXFUWUXXuFHcV4D+
Q+1/3mAmkieUPPiBcLAs/9fCrRX3awg+N0pxWLJ6cF66B3IvVVNxMA+KIqd3G5hd
yrFzfryMOJ5oS2g3/u2QWiZhxeyXzXIa7YjylCFfsdDzg3Qw+jyHoW2eAKzMZKrt
bAzhyCC/L3qi4NMqOtf5B+2o8Er3WTvLh+c+v5BVhyFx
-----END CERTIFICATE-----