Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/LRXsSCxx86CLesNJKeOeTrlrwn8.roa
File:                     LRXsSCxx86CLesNJKeOeTrlrwn8.roa (raw, json)
Hash identifier:          kdj6YYvl7MEcvX3spzUJ1SgOMW5L2ddIfDgnmB2dG7w=
Subject key identifier:   2D:15:EC:48:2C:71:F3:A0:8B:7A:C3:49:29:E3:9E:4E:B9:6B:C2:7F
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019CBD6C751FD7919ADB3A867BECA2308A97
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/LRXsSCxx86CLesNJKeOeTrlrwn8.roa
Signing time:             Thu 05 Mar 2026 09:55:27 +0000
ROA not before:           Thu 05 Mar 2026 09:55:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206446
IP address blocks:        185.186.66.0/24 maxlen: 24
                          194.56.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Mar 2026 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:bd:6c:75:1f:d7:91:9a:db:3a:86:7b:ec:a2:30:8a:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Mar  5 09:55:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d15ec482c71f3a08b7ac34929e39e4eb96bc27f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:7a:f3:7d:49:86:57:e8:3e:0b:3f:82:cf:53:
                    7d:6b:56:a3:cb:07:d2:cd:68:f1:a3:4b:36:fe:b9:
                    60:a5:57:00:6b:e6:71:f7:8d:8c:54:ca:04:5f:8c:
                    1c:7e:98:de:fc:fe:4f:32:4e:d4:b8:3f:5d:78:01:
                    1e:2d:36:79:bd:d3:f0:cb:df:3f:b4:b7:8a:4a:c2:
                    0f:e2:8a:61:33:ec:a8:94:bd:59:1b:a9:7e:d1:fc:
                    32:bf:6c:c3:ca:5f:b0:07:e9:64:4a:27:1a:2f:6e:
                    73:fa:4b:b9:b7:c8:d7:9e:a2:32:16:9c:4f:b8:7e:
                    50:87:46:64:ee:75:20:49:29:68:a0:31:83:1d:e8:
                    2e:f3:4c:d6:82:8d:51:01:e5:a4:8b:e2:23:d5:58:
                    64:57:cf:2e:24:06:d9:69:b0:d8:5a:aa:d5:4c:78:
                    60:5a:14:b7:f0:3b:31:64:5b:df:7a:c4:d6:05:e1:
                    28:97:3f:0f:52:e4:51:04:88:54:d8:d0:9a:ed:be:
                    6d:e0:e6:42:9a:8c:10:ce:2f:9d:21:45:5f:87:b2:
                    a9:98:39:75:69:73:42:6e:1c:0c:e3:eb:72:a0:77:
                    39:00:3d:65:31:08:5e:be:ce:aa:0a:4d:ce:46:92:
                    c7:0d:58:8b:ba:a8:36:27:8d:b8:a0:8f:fb:9c:04:
                    23:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:15:EC:48:2C:71:F3:A0:8B:7A:C3:49:29:E3:9E:4E:B9:6B:C2:7F
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/LRXsSCxx86CLesNJKeOeTrlrwn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.66.0/24
                  194.56.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:dd:52:c7:83:e3:58:40:79:0f:2c:ef:bb:01:85:da:2c:56:
         19:f4:2b:16:9b:b6:a5:50:a2:26:af:50:07:9f:94:c5:4f:b7:
         41:37:c5:53:49:99:58:84:df:a2:3c:89:fb:8a:39:b2:00:86:
         be:8d:db:17:9c:9e:db:62:b0:5d:57:b5:8f:df:47:d4:f9:06:
         4e:3d:fc:ff:f1:dc:15:14:90:41:b8:07:e8:98:1c:d3:93:d1:
         9a:65:bc:fe:a7:5f:47:36:3f:67:09:b9:2d:b1:ec:d6:e7:1a:
         a1:97:eb:f9:71:7d:e6:db:06:e8:3f:39:ea:b7:ab:e5:63:15:
         0f:5b:7b:52:71:be:07:9f:3d:51:2d:91:84:c1:70:b2:4f:ef:
         57:b8:9c:db:61:62:50:eb:5c:c9:84:ab:8f:ea:db:3c:c0:7d:
         2f:f9:2d:ea:af:39:06:8d:34:21:eb:15:c8:1b:11:bf:8f:46:
         78:74:fb:ca:b6:67:5f:3b:ae:38:46:1b:2e:36:d9:9c:ce:c9:
         b2:b8:ff:8b:e9:51:84:0f:3d:b3:86:08:65:9e:41:2d:e5:2e:
         99:43:c7:2f:32:3b:ea:77:e9:20:6c:f0:ee:52:8c:70:76:f0:
         a6:d4:3e:7a:65:c9:48:1b:24:e5:2a:26:37:03:43:b8:60:c7:
         df:ce:df:52
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZy9bHUf15Ga2zqGe+yiMIqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjYwMzA1MDk1NTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDE1ZWM0ODJjNzFmM2EwOGI3YWMzNDkyOWUzOWU0ZWI5NmJjMjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHrzfUmGV+g+Cz+Cz1N9a1ajywfS
zWjxo0s2/rlgpVcAa+Zx942MVMoEX4wcfpje/P5PMk7UuD9deAEeLTZ5vdPwy98/
tLeKSsIP4ophM+yolL1ZG6l+0fwyv2zDyl+wB+lkSicaL25z+ku5t8jXnqIyFpxP
uH5Qh0Zk7nUgSSlooDGDHegu80zWgo1RAeWki+Ij1VhkV88uJAbZabDYWqrVTHhg
WhS38DsxZFvfesTWBeEolz8PUuRRBIhU2NCa7b5t4OZCmowQzi+dIUVfh7KpmDl1
aXNCbhwM4+tyoHc5AD1lMQhevs6qCk3ORpLHDViLuqg2J424oI/7nAQj9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC0V7EgscfOgi3rDSSnjnk65a8J/MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvTFJYc1NDeHg4NkNMZXNOSktlT2VUcmxyd244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAubpCAwQA
wjjjMA0GCSqGSIb3DQEBCwUAA4IBAQBc3VLHg+NYQHkPLO+7AYXaLFYZ9CsWm7al
UKImr1AHn5TFT7dBN8VTSZlYhN+iPIn7ijmyAIa+jdsXnJ7bYrBdV7WP30fU+QZO
Pfz/8dwVFJBBuAfomBzTk9GaZbz+p19HNj9nCbktsezW5xqhl+v5cX3m2wboPznq
t6vlYxUPW3tScb4Hnz1RLZGEwXCyT+9XuJzbYWJQ61zJhKuP6ts8wH0v+S3qrzkG
jTQh6xXIGxG/j0Z4dPvKtmdfO644RhsuNtmczsmyuP+L6VGEDz2zhghlnkEt5S6Z
Q8cvMjvqd+kgbPDuUoxwdvCm1D56ZclIGyTlKiY3A0O4YMffzt9S
-----END CERTIFICATE-----