Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/LJdfY0nIbyUd50nXVDvOBQ87G-Q.roa
File:                     LJdfY0nIbyUd50nXVDvOBQ87G-Q.roa (raw, json)
Hash identifier:          YRUY42yFSuPW4OLZp4glLYxbIuXq5EYQJpaLtc7zjL8=
Subject key identifier:   2C:97:5F:63:49:C8:6F:25:1D:E7:49:D7:54:3B:CE:05:0F:3B:1B:E4
Certificate issuer:       /CN=f30e445195b64d799b822e99947792e0cab32b6d
Certificate serial:       019E457C1611514222A6B40C1FAA66E3C8D9
Authority key identifier: F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/LJdfY0nIbyUd50nXVDvOBQ87G-Q.roa
Signing time:             Wed 20 May 2026 13:03:40 +0000
ROA not before:           Wed 20 May 2026 13:03:40 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205301
IP address blocks:        189.13.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 23:00:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:45:7c:16:11:51:42:22:a6:b4:0c:1f:aa:66:e3:c8:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f30e445195b64d799b822e99947792e0cab32b6d
        Validity
            Not Before: May 20 13:03:40 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c975f6349c86f251de749d7543bce050f3b1be4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:d0:af:17:63:12:53:8d:ba:d1:46:15:21:be:
                    ea:0c:56:8d:07:40:ba:dc:07:c8:70:b6:ee:a8:44:
                    5b:ca:fa:d4:2d:a9:a7:b1:08:a3:c8:6e:47:5c:58:
                    b4:d8:d3:87:66:52:ce:65:94:3b:3d:3f:79:ec:67:
                    63:0c:b5:5e:ca:73:9a:07:b8:74:3d:ab:d4:77:e0:
                    6e:54:21:08:8d:19:45:5b:0d:0b:07:21:9d:d9:6b:
                    bd:03:a7:99:66:c0:6c:31:3d:49:9b:1d:a2:68:6b:
                    0d:a3:0a:15:b5:cd:d2:c5:f5:03:ea:a4:f4:5d:ee:
                    47:52:e1:18:5e:45:e8:bc:77:b7:76:38:bd:e3:a6:
                    42:96:99:ba:e9:71:9b:e0:05:16:1a:3b:60:17:36:
                    f1:59:b8:7c:6b:62:b1:1e:7d:da:59:cc:84:3c:95:
                    e6:41:ef:ef:dd:5f:af:00:5a:d4:a4:26:8a:c6:36:
                    a9:e3:26:cb:c9:b9:f8:2e:c4:40:5b:80:e1:bd:d9:
                    a0:f1:81:e3:c5:15:6c:15:bc:aa:62:c5:6f:74:5e:
                    b2:8c:2b:78:10:d4:25:f7:a3:41:ed:9e:81:b9:7f:
                    34:ec:d4:4a:7e:82:63:a1:37:50:a3:5f:bd:43:b0:
                    5d:df:e6:91:00:6e:26:32:ec:ee:f3:f5:f4:87:ba:
                    66:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:97:5F:63:49:C8:6F:25:1D:E7:49:D7:54:3B:CE:05:0F:3B:1B:E4
            X509v3 Authority Key Identifier:
                keyid:F3:0E:44:51:95:B6:4D:79:9B:82:2E:99:94:77:92:E0:CA:B3:2B:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8w5EUZW2TXmbgi6ZlHeS4MqzK20.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/LJdfY0nIbyUd50nXVDvOBQ87G-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/b52c5d-95ba-4dd3-bba8-b7ca1f4728d0/1/8w5EUZW2TXmbgi6ZlHeS4MqzK20.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  189.13.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:33:cf:3b:1f:51:21:f7:12:3c:89:49:28:01:46:41:19:ff:
         07:40:ed:9d:53:6b:87:0e:5f:c4:8e:15:80:d1:c8:2d:fa:21:
         fa:d1:a6:a5:ac:d8:c4:ca:4a:64:3d:2e:82:7d:c4:4d:2a:20:
         d8:be:4c:49:29:18:ab:67:01:e2:72:78:7e:0a:b4:ad:d5:d8:
         5d:a1:c8:89:8e:66:f4:9e:ae:26:0d:bd:2e:10:5e:f5:fd:ca:
         fc:38:1e:e2:97:58:95:55:64:6a:da:1c:d1:2c:dc:19:04:9d:
         68:99:67:1e:2d:71:e0:a5:02:1b:6b:04:d7:cf:ac:2c:e8:f1:
         90:4b:00:dd:49:78:0f:fb:3d:14:df:a6:4b:86:2f:ca:63:ac:
         18:76:23:81:d8:3f:39:8a:7f:2a:60:de:c1:78:ed:38:cc:97:
         0c:0e:d1:2c:ca:53:d4:b5:a3:66:bb:5b:66:e1:3a:18:e6:af:
         80:08:d8:ac:a9:b6:f6:f5:d4:29:04:93:2c:0f:8e:9d:df:df:
         79:e8:49:3e:4a:21:f8:5b:24:14:54:22:c2:95:d8:60:a4:11:
         ec:cf:5d:76:d2:2c:d9:17:fe:68:37:52:9a:ae:e3:0d:09:b8:
         b3:fe:fd:b7:38:8f:01:50:5b:22:94:37:6c:b8:79:57:e9:4b:
         68:fb:8d:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5FfBYRUUIiprQMH6pm48jZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzMGU0NDUxOTViNjRkNzk5YjgyMmU5OTk0Nzc5MmUwY2Fi
MzJiNmQwHhcNMjYwNTIwMTMwMzQwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzk3NWY2MzQ5Yzg2ZjI1MWRlNzQ5ZDc1NDNiY2UwNTBmM2IxYmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqdCvF2MSU4260UYVIb7qDFaNB0C6
3AfIcLbuqERbyvrULamnsQijyG5HXFi02NOHZlLOZZQ7PT957GdjDLVeynOaB7h0
PavUd+BuVCEIjRlFWw0LByGd2Wu9A6eZZsBsMT1Jmx2iaGsNowoVtc3SxfUD6qT0
Xe5HUuEYXkXovHe3dji946ZClpm66XGb4AUWGjtgFzbxWbh8a2KxHn3aWcyEPJXm
Qe/v3V+vAFrUpCaKxjap4ybLybn4LsRAW4Dhvdmg8YHjxRVsFbyqYsVvdF6yjCt4
ENQl96NB7Z6BuX807NRKfoJjoTdQo1+9Q7Bd3+aRAG4mMuzu8/X0h7pm0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyXX2NJyG8lHedJ11Q7zgUPOxvkMB8GA1UdIwQY
MBaAFPMORFGVtk15m4IumZR3kuDKsyttMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgt
YjdjYTFmNDcyOGQwLzEvTEpkZlkwbklieVVkNTBuWFZEdk9CUTg3Ry1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9iNTJjNWQtOTViYS00ZGQzLWJiYTgtYjdjYTFmNDcyOGQw
LzEvOHc1RVVaVzJUWG1iZ2k2WmxIZVM0TXF6SzIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvQ15MA0G
CSqGSIb3DQEBCwUAA4IBAQAiM887H1Eh9xI8iUkoAUZBGf8HQO2dU2uHDl/EjhWA
0cgt+iH60aalrNjEykpkPS6CfcRNKiDYvkxJKRirZwHicnh+CrSt1dhdociJjmb0
nq4mDb0uEF71/cr8OB7il1iVVWRq2hzRLNwZBJ1omWceLXHgpQIbawTXz6ws6PGQ
SwDdSXgP+z0U36ZLhi/KY6wYdiOB2D85in8qYN7BeO04zJcMDtEsylPUtaNmu1tm
4ToY5q+ACNisqbb29dQpBJMsD46d39956Ek+SiH4WyQUVCLCldhgpBHsz1120izZ
F/5oN1KaruMNCbiz/v23OI8BUFsilDdsuHlX6Uto+42s
-----END CERTIFICATE-----