Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/lms_h40r3-LvmvS_QZG5u3K67Uw.roa
File:                     lms_h40r3-LvmvS_QZG5u3K67Uw.roa (raw, json)
Hash identifier:          sioeVX/bhxcVhyyVff9dr3QSj+48OLBpgP5/WVrFXzw=
Subject key identifier:   96:6B:3F:87:8D:2B:DF:E2:EF:9A:F4:BF:41:91:B9:BB:72:BA:ED:4C
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       0199F6D9E5887B490C6AED5A046926CE85DC
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/lms_h40r3-LvmvS_QZG5u3K67Uw.roa
Signing time:             Sat 18 Oct 2025 10:24:59 +0000
ROA not before:           Sat 18 Oct 2025 10:24:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205886
IP address blocks:        91.221.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Oct 2025 15:30:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:f6:d9:e5:88:7b:49:0c:6a:ed:5a:04:69:26:ce:85:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Oct 18 10:24:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=966b3f878d2bdfe2ef9af4bf4191b9bb72baed4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:8b:ae:2c:73:4a:52:c3:f8:34:0f:72:83:33:
                    24:62:ba:96:e8:a2:94:6d:c3:47:ee:60:3e:e3:21:
                    5f:bb:8e:87:93:5b:39:e9:6b:f7:ff:00:f6:52:c1:
                    f5:83:a0:a2:f6:0f:b4:ec:06:10:d9:d3:5a:7a:f1:
                    a4:1c:8d:d8:78:cf:bc:e9:85:6d:37:8b:84:e2:b6:
                    4c:95:83:46:02:33:03:52:58:91:5a:c8:a0:5a:46:
                    7e:50:f0:ee:49:33:00:93:d7:cd:d3:3c:46:38:87:
                    1a:2f:b4:52:28:1e:b5:5a:fc:f7:05:41:7d:a6:00:
                    4f:84:1b:80:1a:49:57:a3:02:c3:1b:19:b7:21:b6:
                    a0:21:b0:98:c3:e5:78:5e:f7:5b:ad:23:8d:4a:40:
                    48:e3:97:5e:31:38:cb:98:94:4e:f6:59:58:84:ab:
                    4e:c1:9c:44:02:1c:4d:90:b9:85:a7:74:1c:ac:26:
                    90:3f:ba:98:d3:e1:9a:4d:bb:25:9f:f8:1d:48:7f:
                    e1:e1:f8:bb:71:ac:5c:a8:21:ec:6a:41:20:f8:ca:
                    99:10:4a:20:e0:3e:8e:70:1f:0f:f1:3d:84:60:b5:
                    97:02:91:85:82:36:21:04:99:d4:02:2c:ae:86:6b:
                    68:31:af:5b:4d:3d:a4:9d:26:1a:1d:88:e7:6a:fb:
                    22:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:6B:3F:87:8D:2B:DF:E2:EF:9A:F4:BF:41:91:B9:BB:72:BA:ED:4C
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/lms_h40r3-LvmvS_QZG5u3K67Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.221.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:f7:b2:27:c5:69:13:4d:15:2a:6f:32:14:e0:98:75:07:5c:
         c6:e3:0f:4b:b0:ab:a0:70:35:7f:18:9f:4c:c7:6a:e5:3a:c3:
         0f:0f:38:b8:41:fc:82:df:93:fe:e8:b2:d6:ae:dd:6b:fb:8e:
         d2:00:e6:21:c2:9f:af:9a:5f:ab:e7:97:7e:c6:30:8b:e9:08:
         4e:4d:cf:22:cf:13:2c:92:65:57:49:bc:94:9c:a3:7f:43:d5:
         67:2b:d9:6b:a5:a0:c5:56:d8:e0:52:fc:e9:bf:ef:3f:03:57:
         18:23:4a:bd:55:1b:47:d3:27:43:2e:4e:e8:ed:9d:06:e0:25:
         f7:0e:9e:7f:16:02:cd:24:67:3d:d1:4e:23:c6:db:c2:a2:f3:
         cf:c2:a2:6c:f3:5b:b4:84:0c:a9:d1:40:78:43:8f:91:87:3b:
         67:47:03:53:c8:95:7c:be:63:49:4f:33:2a:72:4c:9c:5c:db:
         26:a3:f0:72:c3:24:4f:ac:ad:59:24:c1:74:b7:e9:87:f1:43:
         d5:57:23:56:03:63:c9:43:5d:da:62:27:12:e8:d6:99:07:2a:
         8f:0e:57:6a:ae:6a:06:b5:22:5d:d6:c5:e8:e1:57:e2:6c:30:
         fe:72:70:25:bd:1f:e9:9c:74:d6:b7:f3:5c:5c:c8:a2:3d:b1:
         6f:2e:c1:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZn22eWIe0kMau1aBGkmzoXcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjUxMDE4MTAyNDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjZiM2Y4NzhkMmJkZmUyZWY5YWY0YmY0MTkxYjliYjcyYmFlZDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYuuLHNKUsP4NA9ygzMkYrqW6KKU
bcNH7mA+4yFfu46Hk1s56Wv3/wD2UsH1g6Ci9g+07AYQ2dNaevGkHI3YeM+86YVt
N4uE4rZMlYNGAjMDUliRWsigWkZ+UPDuSTMAk9fN0zxGOIcaL7RSKB61Wvz3BUF9
pgBPhBuAGklXowLDGxm3IbagIbCYw+V4XvdbrSONSkBI45deMTjLmJRO9llYhKtO
wZxEAhxNkLmFp3QcrCaQP7qY0+GaTbsln/gdSH/h4fi7caxcqCHsakEg+MqZEEog
4D6OcB8P8T2EYLWXApGFgjYhBJnUAiyuhmtoMa9bTT2knSYaHYjnavsiaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJZrP4eNK9/i75r0v0GRubtyuu1MMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvbG1zX2g0MHIzLUx2bXZTX1FaRzV1M0s2N1V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW911MA0G
CSqGSIb3DQEBCwUAA4IBAQAi97InxWkTTRUqbzIU4Jh1B1zG4w9LsKugcDV/GJ9M
x2rlOsMPDzi4QfyC35P+6LLWrt1r+47SAOYhwp+vml+r55d+xjCL6QhOTc8izxMs
kmVXSbyUnKN/Q9VnK9lrpaDFVtjgUvzpv+8/A1cYI0q9VRtH0ydDLk7o7Z0G4CX3
Dp5/FgLNJGc90U4jxtvCovPPwqJs81u0hAyp0UB4Q4+RhztnRwNTyJV8vmNJTzMq
ckycXNsmo/BywyRPrK1ZJMF0t+mH8UPVVyNWA2PJQ13aYicS6NaZByqPDldqrmoG
tSJd1sXo4VfibDD+cnAlvR/pnHTWt/NcXMiiPbFvLsFK
-----END CERTIFICATE-----