Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/lbH01O_hBjur5zMbB6nFwH6jV-M.roa
File:                     lbH01O_hBjur5zMbB6nFwH6jV-M.roa (raw, json)
Hash identifier:          Fh2sQdI/bxydxVblUEDRzHsLdP9WDZ+GiS2qsXlgYtE=
Subject key identifier:   95:B1:F4:D4:EF:E1:06:3B:AB:E7:33:1B:07:A9:C5:C0:7E:A3:57:E3
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       019E878F2A6D51E785B8D21F4ADC3A4C4439
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/lbH01O_hBjur5zMbB6nFwH6jV-M.roa
Signing time:             Tue 02 Jun 2026 08:59:27 +0000
ROA not before:           Tue 02 Jun 2026 08:59:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29802
IP address blocks:        89.21.86.0/24 maxlen: 24
                          109.122.43.0/24 maxlen: 24
                          109.122.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 15:08:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:87:8f:2a:6d:51:e7:85:b8:d2:1f:4a:dc:3a:4c:44:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: Jun  2 08:59:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95b1f4d4efe1063babe7331b07a9c5c07ea357e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:f0:76:a6:d8:f3:8d:cb:d8:8f:56:97:b6:76:
                    50:71:de:44:b1:97:c9:61:06:5b:41:1d:e2:8c:3b:
                    50:98:2a:2b:2f:0e:3e:65:d1:31:11:c2:71:8a:23:
                    15:e6:67:7c:e6:06:dc:08:31:34:97:3e:ac:90:59:
                    3f:31:3b:15:7b:be:3b:94:8c:63:e4:4e:c7:b5:64:
                    49:6f:9b:4a:79:17:0b:27:d6:18:d0:d5:13:a3:6e:
                    0d:91:66:ca:5b:fc:0a:72:dc:ad:7b:bc:91:e1:66:
                    66:9e:2c:13:fa:05:e5:e5:01:89:42:a7:63:df:20:
                    1c:8a:33:fa:56:ed:ce:9e:f9:9c:47:ba:28:2d:ee:
                    1b:75:82:a6:fe:d6:ed:bf:c2:59:18:79:a9:2c:4d:
                    4e:b5:21:14:8b:8a:81:7b:ef:53:6a:d1:21:95:f4:
                    6a:64:e3:03:31:35:b3:d8:0f:fb:ce:86:8c:0b:1b:
                    42:14:70:7e:5a:23:60:2b:89:de:ea:55:4b:e3:b3:
                    4d:ac:7e:c1:bb:5b:e3:a2:93:0a:37:de:b0:2b:ed:
                    44:bf:c1:7d:1a:61:5b:ba:8a:e5:1b:1c:26:41:2a:
                    76:24:44:e8:52:89:13:76:38:11:44:c7:91:a1:32:
                    1e:02:7d:cc:03:47:10:c9:e4:5a:61:e2:22:1f:26:
                    a0:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:B1:F4:D4:EF:E1:06:3B:AB:E7:33:1B:07:A9:C5:C0:7E:A3:57:E3
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/lbH01O_hBjur5zMbB6nFwH6jV-M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.21.86.0/24
                  109.122.43.0/24
                  109.122.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:fe:5b:ba:09:7b:d5:56:d7:12:78:18:74:ed:a4:bb:c3:df:
         b2:61:1c:bf:c7:b6:e4:72:5f:b7:4d:c9:83:7f:93:b6:1b:36:
         ab:dc:0f:d4:73:41:1f:c6:b6:af:f1:d2:b1:01:9a:9b:14:3d:
         c3:f9:2b:1c:32:cb:46:d6:be:65:be:22:a5:6c:65:10:52:a5:
         4e:ae:34:42:9e:9f:12:6c:82:f1:ba:fb:85:b7:22:87:c4:df:
         9d:3a:61:3c:85:e8:fb:c2:c5:51:62:45:f8:4f:03:b8:ff:ba:
         37:74:23:92:7d:5e:4e:7a:ce:05:a0:61:d9:89:de:e5:ec:c0:
         3d:2a:d1:6c:98:57:c8:44:da:c6:8a:8f:5e:e7:73:ba:e3:c4:
         b1:e2:70:17:f3:70:53:83:51:33:72:d3:d2:1a:ed:b0:55:56:
         12:51:c7:2f:76:10:dd:44:76:5c:c0:9d:27:a8:fa:b7:56:5d:
         4e:6a:27:a2:42:2a:9b:ad:c7:6a:df:57:5f:ae:44:7d:24:37:
         76:97:0a:e0:55:72:e3:3a:7c:05:d2:84:a1:91:d9:bd:ff:95:
         99:11:50:1f:af:0d:0a:db:a0:d7:3f:77:6b:2c:4f:54:3f:84:
         9b:12:61:15:31:c3:89:83:65:15:42:42:cd:a3:7a:8d:f5:8b:
         08:0f:b5:23
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ6HjyptUeeFuNIfStw6TEQ5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjYwNjAyMDg1OTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWIxZjRkNGVmZTEwNjNiYWJlNzMzMWIwN2E5YzVjMDdlYTM1N2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vB2ptjzjcvYj1aXtnZQcd5EsZfJ
YQZbQR3ijDtQmCorLw4+ZdExEcJxiiMV5md85gbcCDE0lz6skFk/MTsVe747lIxj
5E7HtWRJb5tKeRcLJ9YY0NUTo24NkWbKW/wKctyte7yR4WZmniwT+gXl5QGJQqdj
3yAcijP6Vu3OnvmcR7ooLe4bdYKm/tbtv8JZGHmpLE1OtSEUi4qBe+9TatEhlfRq
ZOMDMTWz2A/7zoaMCxtCFHB+WiNgK4ne6lVL47NNrH7Bu1vjopMKN96wK+1Ev8F9
GmFbuorlGxwmQSp2JEToUokTdjgRRMeRoTIeAn3MA0cQyeRaYeIiHyagOQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJWx9NTv4QY7q+czGwepxcB+o1fjMB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvbGJIMDFPX2hCanVyNXpNYkI2bkZ3SDZqVi1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWRVWAwQA
bXorAwQAbXotMA0GCSqGSIb3DQEBCwUAA4IBAQBS/lu6CXvVVtcSeBh07aS7w9+y
YRy/x7bkcl+3TcmDf5O2Gzar3A/Uc0Efxrav8dKxAZqbFD3D+SscMstG1r5lviKl
bGUQUqVOrjRCnp8SbILxuvuFtyKHxN+dOmE8hej7wsVRYkX4TwO4/7o3dCOSfV5O
es4FoGHZid7l7MA9KtFsmFfIRNrGio9e53O648Sx4nAX83BTg1EzctPSGu2wVVYS
UccvdhDdRHZcwJ0nqPq3Vl1OaieiQiqbrcdq31dfrkR9JDd2lwrgVXLjOnwF0oSh
kdm9/5WZEVAfrw0K26DXP3drLE9UP4SbEmEVMcOJg2UVQkLNo3qN9YsID7Uj
-----END CERTIFICATE-----