Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LzdFGcpOH6doNkj-0mOVRgljU3U.roa
File:                     LzdFGcpOH6doNkj-0mOVRgljU3U.roa (raw, json)
Hash identifier:          hz7VfNPMIEYqZ7QmteopqWlcCpiOKO9i4oaCSjQ97sA=
Subject key identifier:   2F:37:45:19:CA:4E:1F:A7:68:36:48:FE:D2:63:95:46:09:63:53:75
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       019D147FC419E39B760A6B74F141F87B6855
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LzdFGcpOH6doNkj-0mOVRgljU3U.roa
Signing time:             Sun 22 Mar 2026 07:43:30 +0000
ROA not before:           Sun 22 Mar 2026 07:43:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214438
IP address blocks:        83.143.115.0/24 maxlen: 24
                          94.156.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 23 Mar 2026 07:43:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:14:7f:c4:19:e3:9b:76:0a:6b:74:f1:41:f8:7b:68:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar 22 07:43:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f374519ca4e1fa7683648fed263954609635375
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ab:0d:ad:6c:fb:4d:c7:0e:fa:a7:63:dd:5f:
                    1b:19:00:03:17:8c:da:86:cb:a6:a6:50:22:52:f4:
                    c5:90:b5:3c:94:88:8b:67:7c:2c:76:89:9f:ea:7e:
                    f9:96:b5:56:7a:ed:d3:2a:18:cd:c5:c8:13:78:9e:
                    58:6d:da:2d:2b:c1:1a:69:92:c8:f8:d5:f7:26:fc:
                    56:05:3a:d8:23:32:17:8d:cd:25:3e:1c:b0:39:06:
                    3c:14:90:87:63:a6:9d:4c:54:ce:b1:2b:f5:5f:4f:
                    c9:c1:1a:c8:39:62:e2:0c:b3:3c:04:b9:83:9b:33:
                    8b:28:4e:af:3c:18:b2:21:71:7f:e8:d4:cd:d1:b6:
                    0a:64:65:f0:a2:ad:b9:bd:2d:c0:90:a9:06:5a:26:
                    e3:af:36:d9:67:b6:8f:40:6d:28:06:a7:02:26:bb:
                    98:fa:c8:2c:d8:aa:26:74:43:f0:47:bc:84:8b:c9:
                    dc:ef:59:f4:ad:b7:17:87:f1:62:eb:d8:8a:f4:45:
                    cc:bb:97:38:a9:5d:65:b6:d6:1f:51:14:74:23:f3:
                    26:72:14:a0:b5:f3:33:a5:ec:92:62:f2:03:fd:70:
                    7a:65:5f:5e:49:68:3a:b8:29:0e:39:43:b5:79:86:
                    a3:11:c1:f7:62:91:7c:5e:8e:43:c7:cb:ca:87:ee:
                    2b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:37:45:19:CA:4E:1F:A7:68:36:48:FE:D2:63:95:46:09:63:53:75
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/LzdFGcpOH6doNkj-0mOVRgljU3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.143.115.0/24
                  94.156.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:af:75:d5:16:f1:f7:48:4b:a8:47:cd:63:7c:5c:30:ad:a5:
         61:76:f9:a9:77:59:c3:88:b3:4b:e8:e7:75:62:9e:ab:bc:17:
         7e:b8:77:91:72:1c:89:b9:a7:4b:40:41:b1:6e:08:4e:52:22:
         70:a5:92:64:2c:3d:ed:2e:c3:31:d2:b8:38:6f:a5:e6:f9:a9:
         b9:62:9a:6f:07:80:e3:31:08:14:40:25:67:e0:b9:6b:57:17:
         c4:f3:a9:6b:db:8c:50:f5:c5:d9:91:0f:00:2b:d0:bf:e9:04:
         fe:81:e5:c3:ee:49:a7:9d:b2:87:16:4a:c9:65:a4:00:f7:04:
         c7:05:57:86:ad:84:9f:7d:a5:1e:0c:19:b6:d1:c4:e8:e6:fd:
         0d:83:6c:91:f7:0e:2e:12:dd:23:2a:39:9c:22:3e:7d:73:e2:
         f2:8c:42:01:2b:ff:09:9a:46:77:08:bd:a3:0f:18:02:6b:5a:
         c1:a2:58:86:62:8b:88:3b:30:d4:d6:02:be:33:83:14:59:22:
         18:4a:a3:90:3b:78:fb:d0:9d:58:5b:a3:8f:98:d7:e4:76:01:
         57:b3:db:d2:7e:30:58:03:08:81:b6:fb:2f:b5:24:82:92:79:
         af:6a:70:f7:0d:27:83:6c:45:c6:6c:c6:ba:89:8e:0a:12:94:
         48:b3:65:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0Uf8QZ45t2Cmt08UH4e2hVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzIyMDc0MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjM3NDUxOWNhNGUxZmE3NjgzNjQ4ZmVkMjYzOTU0NjA5NjM1Mzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtqsNrWz7TccO+qdj3V8bGQADF4za
hsumplAiUvTFkLU8lIiLZ3wsdomf6n75lrVWeu3TKhjNxcgTeJ5YbdotK8EaaZLI
+NX3JvxWBTrYIzIXjc0lPhywOQY8FJCHY6adTFTOsSv1X0/JwRrIOWLiDLM8BLmD
mzOLKE6vPBiyIXF/6NTN0bYKZGXwoq25vS3AkKkGWibjrzbZZ7aPQG0oBqcCJruY
+sgs2KomdEPwR7yEi8nc71n0rbcXh/Fi69iK9EXMu5c4qV1lttYfURR0I/MmchSg
tfMzpeySYvID/XB6ZV9eSWg6uCkOOUO1eYajEcH3YpF8Xo5Dx8vKh+4rAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC83RRnKTh+naDZI/tJjlUYJY1N1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTHpkRkdjcE9INmRvTmtqLTBtT1ZSZ2xqVTNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAU49zAwQA
XpwIMA0GCSqGSIb3DQEBCwUAA4IBAQAgr3XVFvH3SEuoR81jfFwwraVhdvmpd1nD
iLNL6Od1Yp6rvBd+uHeRchyJuadLQEGxbghOUiJwpZJkLD3tLsMx0rg4b6Xm+am5
YppvB4DjMQgUQCVn4LlrVxfE86lr24xQ9cXZkQ8AK9C/6QT+geXD7kmnnbKHFkrJ
ZaQA9wTHBVeGrYSffaUeDBm20cTo5v0Ng2yR9w4uEt0jKjmcIj59c+LyjEIBK/8J
mkZ3CL2jDxgCa1rBoliGYouIOzDU1gK+M4MUWSIYSqOQO3j70J1YW6OPmNfkdgFX
s9vSfjBYAwiBtvsvtSSCknmvanD3DSeDbEXGbMa6iY4KEpRIs2Xa
-----END CERTIFICATE-----