Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LmmlSMouhEecTW9sKt_1v3UOOQs.roa
File:                     LmmlSMouhEecTW9sKt_1v3UOOQs.roa (raw, json)
Hash identifier:          dpnL22OLTxX3OAVeuzANT60HDgEErX/aLe7FmDzHOvk=
Subject key identifier:   2E:69:A5:48:CA:2E:84:47:9C:4D:6F:6C:2A:DF:F5:BF:75:0E:39:0B
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019DB960A70E7240679F26987DC9CBDA294E
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LmmlSMouhEecTW9sKt_1v3UOOQs.roa
Signing time:             Thu 23 Apr 2026 08:06:52 +0000
ROA not before:           Thu 23 Apr 2026 08:06:52 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63023
IP address blocks:        2a14:1101::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 Apr 2026 18:02:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b9:60:a7:0e:72:40:67:9f:26:98:7d:c9:cb:da:29:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Apr 23 08:06:52 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e69a548ca2e84479c4d6f6c2adff5bf750e390b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:16:7b:6b:92:01:b7:cd:4d:87:c4:39:1d:3c:
                    48:b8:e1:be:9f:96:b0:54:38:2a:e3:cc:2f:76:2a:
                    0a:d8:e0:5e:0e:03:98:75:6d:7c:ca:bb:b9:8c:ce:
                    b9:d3:95:45:d8:8b:45:6d:f7:e6:67:19:a8:14:cd:
                    a7:1a:2a:4f:6c:84:2d:9a:87:f0:6c:11:98:86:99:
                    a3:c0:4a:28:09:c0:76:06:64:2a:39:ce:d9:1e:f9:
                    d6:dc:56:24:db:94:cf:b1:3b:f7:0f:23:66:94:38:
                    e9:af:9a:99:bf:81:fc:d8:2c:30:aa:55:48:d4:14:
                    ff:8c:f4:17:bb:3d:61:c5:57:7e:07:7f:16:7c:6a:
                    5d:9f:e1:52:61:09:2a:14:d4:d2:f1:88:0a:a6:c3:
                    da:81:94:e5:ab:e7:b8:dc:a7:30:c3:ce:75:a7:77:
                    58:ff:0a:b5:bc:a5:8c:1c:d2:1e:30:f4:4b:78:c2:
                    d8:b3:eb:c0:28:9d:55:a7:88:e9:20:26:1b:7f:7e:
                    94:a5:d2:35:2e:93:76:93:aa:52:63:aa:fb:e0:1d:
                    ac:ad:ac:69:a7:2f:fc:5c:ea:9f:0b:98:21:f9:1f:
                    9a:f2:f5:61:ce:d5:cb:1f:0d:06:68:7c:c8:d8:f1:
                    2c:b6:86:07:3f:df:59:f0:b8:19:d1:d1:67:e9:48:
                    cb:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:69:A5:48:CA:2E:84:47:9C:4D:6F:6C:2A:DF:F5:BF:75:0E:39:0B
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/LmmlSMouhEecTW9sKt_1v3UOOQs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a14:1101::/32

    Signature Algorithm: sha256WithRSAEncryption
         65:c8:91:42:6b:af:c1:25:8b:af:25:99:c1:10:fa:90:4d:7e:
         bf:1b:1f:97:a7:67:6c:f3:e4:2e:4f:fe:e6:14:78:d1:43:90:
         61:58:e2:9a:c1:c1:fd:00:a8:2d:62:42:8a:57:98:f3:74:9a:
         6a:9e:35:f1:d7:88:76:87:69:a5:d8:b0:b4:fe:bd:93:1f:f3:
         42:02:71:50:e4:22:10:d0:43:da:d6:86:88:a6:b9:51:2f:f5:
         e1:15:4c:3e:a3:8f:b2:03:b3:9a:6f:dd:16:c6:95:79:32:cf:
         54:3b:3a:d1:af:dc:bc:54:e0:43:e3:e4:1a:f9:0c:af:f6:4b:
         7f:e5:3f:fd:ed:ec:0b:52:99:13:5a:7a:f3:32:5d:a2:4c:75:
         af:f2:6b:ce:76:13:47:fc:ee:f0:43:2c:fb:77:0c:72:50:47:
         ac:ee:2f:24:64:f6:6f:7a:52:e9:86:8f:7e:97:12:fa:99:70:
         ba:01:35:d9:4b:64:8b:a7:35:b8:fa:2d:ae:2d:91:cd:a4:96:
         20:c0:f0:fc:f3:00:fc:4d:a6:da:20:3a:c2:33:01:e5:d0:c5:
         44:05:dc:97:38:bb:1d:5a:0c:7b:8a:8e:3f:d2:1d:48:62:0e:
         9c:1a:68:44:63:66:ca:7f:76:93:20:b6:84:4b:20:e0:93:9c:
         77:cc:d7:db
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ25YKcOckBnnyaYfcnL2ilOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjYwNDIzMDgwNjUyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTY5YTU0OGNhMmU4NDQ3OWM0ZDZmNmMyYWRmZjViZjc1MGUzOTBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRZ7a5IBt81Nh8Q5HTxIuOG+n5aw
VDgq48wvdioK2OBeDgOYdW18yru5jM6505VF2ItFbffmZxmoFM2nGipPbIQtmofw
bBGYhpmjwEooCcB2BmQqOc7ZHvnW3FYk25TPsTv3DyNmlDjpr5qZv4H82CwwqlVI
1BT/jPQXuz1hxVd+B38WfGpdn+FSYQkqFNTS8YgKpsPagZTlq+e43Kcww851p3dY
/wq1vKWMHNIeMPRLeMLYs+vAKJ1Vp4jpICYbf36UpdI1LpN2k6pSY6r74B2sraxp
py/8XOqfC5gh+R+a8vVhztXLHw0GaHzI2PEstoYHP99Z8LgZ0dFn6UjL0wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC5ppUjKLoRHnE1vbCrf9b91DjkLMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvTG1tbFNNb3VoRWVjVFc5c0t0XzF2M1VPT1FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKhQRATAN
BgkqhkiG9w0BAQsFAAOCAQEAZciRQmuvwSWLryWZwRD6kE1+vxsfl6dnbPPkLk/+
5hR40UOQYVjimsHB/QCoLWJCileY83Saap418deIdodppdiwtP69kx/zQgJxUOQi
ENBD2taGiKa5US/14RVMPqOPsgOzmm/dFsaVeTLPVDs60a/cvFTgQ+PkGvkMr/ZL
f+U//e3sC1KZE1p68zJdokx1r/JrznYTR/zu8EMs+3cMclBHrO4vJGT2b3pS6YaP
fpcS+plwugE12Utki6c1uPotri2RzaSWIMDw/PMA/E2m2iA6wjMB5dDFRAXclzi7
HVoMe4qOP9IdSGIOnBpoRGNmyn92kyC2hEsg4JOcd8zX2w==
-----END CERTIFICATE-----