Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lhF0BV42_rqUWKbUThrMjDtWFzw.roa
File:                     lhF0BV42_rqUWKbUThrMjDtWFzw.roa (raw, json)
Hash identifier:          F24HaqHKhEIaMEPCdV36gs8c832UGlYXBcV15EJRdTA=
Subject key identifier:   96:11:74:05:5E:36:FE:BA:94:58:A6:D4:4E:1A:CC:8C:3B:56:17:3C
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019DCE0C03E41F56290D143148EB0FFCF7B0
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lhF0BV42_rqUWKbUThrMjDtWFzw.roa
Signing time:             Mon 27 Apr 2026 08:26:27 +0000
ROA not before:           Mon 27 Apr 2026 08:26:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200993
IP address blocks:        2a0d:d940:50::/46 maxlen: 48
                          2a0d:d940:5e::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:0c:03:e4:1f:56:29:0d:14:31:48:eb:0f:fc:f7:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Apr 27 08:26:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=961174055e36feba9458a6d44e1acc8c3b56173c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d6:66:83:97:55:86:8b:9a:06:89:65:58:7e:
                    6a:3e:4c:7d:b0:c2:47:7e:c0:14:4d:d6:41:60:f8:
                    64:0e:0d:47:ef:4f:e1:5a:5c:98:4d:43:59:06:c4:
                    ab:37:e8:22:77:6d:ab:55:09:a4:49:19:15:45:39:
                    ea:c3:56:26:94:30:a9:3d:9e:19:73:3a:50:42:62:
                    8f:6b:8a:71:21:29:64:9b:3c:59:e9:6d:4e:41:84:
                    5e:3d:8d:af:94:81:7e:59:f6:80:77:d0:83:14:7c:
                    c7:c6:d7:41:a3:67:b9:8a:f0:d4:a0:cc:cf:82:3e:
                    16:27:6b:98:1a:e3:cc:4c:fc:5f:cb:9d:0f:cf:01:
                    f2:b7:88:17:94:0d:19:89:42:a3:e1:36:89:99:f6:
                    d4:a8:02:26:53:6e:2b:a1:f7:ec:4f:ed:22:83:78:
                    8f:6d:a5:7c:7a:5f:1f:05:1f:42:cb:d3:84:be:70:
                    b8:68:63:b5:64:03:d1:e6:7b:9a:43:97:59:67:49:
                    f6:77:d4:2f:82:05:ab:48:3a:c4:c4:6d:d2:c3:6f:
                    02:8f:c3:8d:a0:2d:cd:dd:33:db:9f:18:b1:46:6e:
                    5c:c7:9e:63:76:97:21:a1:33:4e:96:95:0d:d5:80:
                    3c:de:b5:07:06:1a:e1:7a:58:1d:2b:4f:70:91:bf:
                    3e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:11:74:05:5E:36:FE:BA:94:58:A6:D4:4E:1A:CC:8C:3B:56:17:3C
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/lhF0BV42_rqUWKbUThrMjDtWFzw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:50::/46
                  2a0d:d940:5e::/48

    Signature Algorithm: sha256WithRSAEncryption
         54:1d:73:ac:7c:8f:c0:0c:64:c9:79:f0:3d:54:47:de:e6:48:
         9a:a8:32:0a:c9:79:52:11:6c:02:c0:46:54:5c:2d:b9:95:61:
         06:f1:4d:5f:26:da:25:43:3b:55:64:6e:af:50:3d:9f:b1:32:
         a7:c8:9b:81:16:6b:3f:28:2d:90:1b:01:e2:39:7c:54:31:a2:
         02:62:bd:dd:5a:9a:9c:01:00:fc:23:e7:e3:4b:8b:f6:ff:5f:
         1b:95:db:86:bd:5b:0c:3e:98:83:f6:24:f6:c1:07:1a:c2:f1:
         49:8b:2a:23:ea:c5:39:01:3e:59:c6:f2:9e:51:fc:1f:3c:46:
         70:f5:e0:b5:e3:62:3b:a2:45:72:7a:04:80:02:22:4a:65:29:
         25:5b:f9:ca:a0:f5:de:e3:0e:3f:9b:27:d6:dc:81:32:7e:d4:
         ad:90:08:29:88:52:0a:83:d9:6a:d7:59:e7:6b:f4:a1:d2:be:
         f9:7b:f0:8f:67:42:40:b3:da:83:ed:9f:79:4e:5c:3d:1b:40:
         60:93:88:d3:cf:80:bf:ab:2b:7c:a9:c4:c1:a4:09:0a:61:8e:
         2a:31:7c:4c:c7:b1:70:99:48:4d:bc:b9:2f:e9:03:ce:54:1c:
         d4:1f:91:97:3b:eb:f6:9a:9b:be:42:86:0a:91:92:b4:25:9a:
         09:5b:33:08
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ3ODAPkH1YpDRQxSOsP/PewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjYwNDI3MDgyNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjExNzQwNTVlMzZmZWJhOTQ1OGE2ZDQ0ZTFhY2M4YzNiNTYxNzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNZmg5dVhouaBollWH5qPkx9sMJH
fsAUTdZBYPhkDg1H70/hWlyYTUNZBsSrN+gid22rVQmkSRkVRTnqw1YmlDCpPZ4Z
czpQQmKPa4pxISlkmzxZ6W1OQYRePY2vlIF+WfaAd9CDFHzHxtdBo2e5ivDUoMzP
gj4WJ2uYGuPMTPxfy50PzwHyt4gXlA0ZiUKj4TaJmfbUqAImU24roffsT+0ig3iP
baV8el8fBR9Cy9OEvnC4aGO1ZAPR5nuaQ5dZZ0n2d9QvggWrSDrExG3Sw28Cj8ON
oC3N3TPbnxixRm5cx55jdpchoTNOlpUN1YA83rUHBhrhelgdK09wkb8+JQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJYRdAVeNv66lFim1E4azIw7Vhc8MB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvbGhGMEJWNDJfcnFVV0tiVVRock1qRHRXRnp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAAjASAwcCKg3ZQABQ
AwcAKg3ZQABeMA0GCSqGSIb3DQEBCwUAA4IBAQBUHXOsfI/ADGTJefA9VEfe5kia
qDIKyXlSEWwCwEZUXC25lWEG8U1fJtolQztVZG6vUD2fsTKnyJuBFms/KC2QGwHi
OXxUMaICYr3dWpqcAQD8I+fjS4v2/18blduGvVsMPpiD9iT2wQcawvFJiyoj6sU5
AT5ZxvKeUfwfPEZw9eC142I7okVyegSAAiJKZSklW/nKoPXe4w4/myfW3IEyftSt
kAgpiFIKg9lq11nna/Sh0r75e/CPZ0JAs9qD7Z95Tlw9G0Bgk4jTz4C/qyt8qcTB
pAkKYY4qMXxMx7FwmUhNvLkv6QPOVBzUH5GXO+v2mpu+QoYKkZK0JZoJWzMI
-----END CERTIFICATE-----