Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/LtVnv4gEDvUzm6zHA7DrO8mNb9g.roa
File:                     LtVnv4gEDvUzm6zHA7DrO8mNb9g.roa (raw, json)
Hash identifier:          9IQm7/FLuF2MqQqZeHtxvpDmIo7qlEWjqcmMENiM6Ao=
Subject key identifier:   2E:D5:67:BF:88:04:0E:F5:33:9B:AC:C7:03:B0:EB:3B:C9:8D:6F:D8
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019D452CCECEEDF0FE11F9D60F3E9B44E1FC
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/LtVnv4gEDvUzm6zHA7DrO8mNb9g.roa
Signing time:             Tue 31 Mar 2026 18:34:17 +0000
ROA not before:           Tue 31 Mar 2026 18:34:17 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        80.246.232.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 Apr 2026 03:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:45:2c:ce:ce:ed:f0:fe:11:f9:d6:0f:3e:9b:44:e1:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Mar 31 18:34:17 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ed567bf88040ef5339bacc703b0eb3bc98d6fd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:39:42:de:6e:4e:45:8f:e6:42:39:a9:24:92:
                    06:fe:b1:0f:b8:7f:bc:05:92:bc:29:d9:3a:47:e4:
                    51:54:37:83:e2:af:60:c9:55:e2:31:8b:63:a1:d5:
                    f0:26:b6:f3:f5:7e:ad:72:3b:f8:c1:1d:8a:95:6c:
                    6c:ea:0b:aa:28:8f:87:71:50:82:b5:3d:2c:9b:6c:
                    d2:fb:08:cf:f1:09:c4:ec:c9:b2:4f:90:6c:a6:c7:
                    62:24:c6:18:aa:b4:58:6b:a0:ac:60:82:37:0a:56:
                    d8:2c:8e:35:58:3a:be:45:b4:10:27:c3:7a:83:d1:
                    1d:13:85:33:d5:f1:2e:f2:3a:f7:c1:07:f0:21:77:
                    7c:dd:03:46:ad:82:28:12:66:18:4e:ff:45:87:e4:
                    7c:0d:34:9b:44:3b:40:e0:b7:40:fd:b3:3d:57:e9:
                    05:23:37:80:c5:80:57:e3:57:f6:16:f6:12:12:80:
                    e6:df:02:ac:25:97:c9:33:59:ee:e9:83:3e:f0:c8:
                    d5:59:3b:72:e9:6f:03:38:b2:22:20:79:c6:ec:8b:
                    7b:5d:39:6b:14:b3:2b:fa:7c:78:87:ac:8b:41:95:
                    0c:f9:d2:66:06:7b:f9:60:58:5a:91:35:e7:e5:08:
                    59:e1:a3:08:06:6e:c7:87:44:59:c9:07:c9:f4:c4:
                    09:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:D5:67:BF:88:04:0E:F5:33:9B:AC:C7:03:B0:EB:3B:C9:8D:6F:D8
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/LtVnv4gEDvUzm6zHA7DrO8mNb9g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.246.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:f2:09:ce:35:95:5f:2e:0a:5c:b7:34:3b:3f:6b:82:da:ee:
         15:0c:bb:c6:79:42:25:99:a0:81:33:37:83:4e:da:f9:83:a7:
         2e:e3:d5:83:4a:7a:a1:00:41:af:5a:1c:26:82:a9:f8:85:75:
         a5:2a:62:ad:32:e6:5f:51:2c:e3:74:1e:2e:20:90:43:04:54:
         3a:b9:d8:14:6b:ca:cb:fa:29:7f:94:82:69:af:e9:23:9c:13:
         6d:e0:e2:98:4e:a4:6b:ec:03:aa:1f:35:1d:d7:48:f4:e6:3f:
         57:a8:0e:54:c7:16:d3:44:8b:00:aa:5d:e6:a0:75:39:22:21:
         a1:b1:25:8d:3c:f2:3f:cb:26:93:38:c8:7f:7d:e9:01:25:4d:
         ab:6e:fb:42:8f:a7:bd:be:7e:5c:3d:a5:ec:e6:78:6a:5b:2d:
         54:b8:fd:ce:e7:05:0d:3a:00:5d:37:8a:c7:7a:05:60:13:65:
         57:8a:5a:11:14:d0:9e:cc:96:8c:80:ad:8b:7c:0b:58:50:10:
         8e:cf:bf:af:1a:fb:da:c0:d5:29:01:51:72:f8:04:31:0a:18:
         23:4b:93:f3:8c:24:4d:3a:4c:7c:6f:c0:3c:f7:46:d3:f2:eb:
         d1:ce:b5:2f:ac:63:62:a8:8a:6d:9c:30:f3:a9:cf:22:ce:3b:
         3c:a1:d2:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1FLM7O7fD+EfnWDz6bROH8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjYwMzMxMTgzNDE3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWQ1NjdiZjg4MDQwZWY1MzM5YmFjYzcwM2IwZWIzYmM5OGQ2ZmQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzlC3m5ORY/mQjmpJJIG/rEPuH+8
BZK8Kdk6R+RRVDeD4q9gyVXiMYtjodXwJrbz9X6tcjv4wR2KlWxs6guqKI+HcVCC
tT0sm2zS+wjP8QnE7MmyT5BspsdiJMYYqrRYa6CsYII3ClbYLI41WDq+RbQQJ8N6
g9EdE4Uz1fEu8jr3wQfwIXd83QNGrYIoEmYYTv9Fh+R8DTSbRDtA4LdA/bM9V+kF
IzeAxYBX41f2FvYSEoDm3wKsJZfJM1nu6YM+8MjVWTty6W8DOLIiIHnG7It7XTlr
FLMr+nx4h6yLQZUM+dJmBnv5YFhakTXn5QhZ4aMIBm7Hh0RZyQfJ9MQJ2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7VZ7+IBA71M5usxwOw6zvJjW/YMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvTHRWbnY0Z0VEdlV6bTZ6SEE3RHJPOG1OYjlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDUPboMA0G
CSqGSIb3DQEBCwUAA4IBAQAp8gnONZVfLgpctzQ7P2uC2u4VDLvGeUIlmaCBMzeD
Ttr5g6cu49WDSnqhAEGvWhwmgqn4hXWlKmKtMuZfUSzjdB4uIJBDBFQ6udgUa8rL
+il/lIJpr+kjnBNt4OKYTqRr7AOqHzUd10j05j9XqA5UxxbTRIsAql3moHU5IiGh
sSWNPPI/yyaTOMh/fekBJU2rbvtCj6e9vn5cPaXs5nhqWy1UuP3O5wUNOgBdN4rH
egVgE2VXiloRFNCezJaMgK2LfAtYUBCOz7+vGvvawNUpAVFy+AQxChgjS5PzjCRN
Okx8b8A890bT8uvRzrUvrGNiqIptnDDzqc8izjs8odLA
-----END CERTIFICATE-----