Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/_lfdoiLagSclQFLhRG9TZSert0s.roa
File:                     _lfdoiLagSclQFLhRG9TZSert0s.roa (raw, json)
Hash identifier:          BzO/SBnCrjXko5DW8YSZkFc4F4C9Udpc0JMuFJcr16U=
Subject key identifier:   FE:57:DD:A2:22:DA:81:27:25:40:52:E1:44:6F:53:65:27:AB:B7:4B
Certificate issuer:       /CN=c4eb34dda2f8094968494892063351ee0f10e91a
Certificate serial:       019E2D7BECDEAB476E926EF3BB1CF3A920C0
Authority key identifier: C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/_lfdoiLagSclQFLhRG9TZSert0s.roa
Signing time:             Fri 15 May 2026 21:12:36 +0000
ROA not before:           Fri 15 May 2026 21:12:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6282
IP address blocks:        45.80.248.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:2d:7b:ec:de:ab:47:6e:92:6e:f3:bb:1c:f3:a9:20:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4eb34dda2f8094968494892063351ee0f10e91a
        Validity
            Not Before: May 15 21:12:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fe57dda222da8127254052e1446f536527abb74b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:2e:61:4b:34:55:c1:29:0f:27:a4:d6:5d:d0:
                    1f:66:72:80:96:a7:49:65:0b:0f:34:60:57:6c:65:
                    cc:a2:1e:61:c6:4f:cc:d7:23:d6:4e:72:51:e5:b1:
                    1a:bb:c1:45:ff:49:9b:cc:f3:b5:f3:f5:bd:f8:e6:
                    da:02:2f:87:70:7a:50:dc:a7:5b:ce:5d:de:b5:1b:
                    35:8f:8c:31:5b:93:b2:0b:f3:be:35:b4:bc:9d:73:
                    3e:c0:32:e3:85:68:6b:37:b5:dd:a2:12:f1:a9:b7:
                    f4:d0:a3:f7:70:17:eb:d7:55:c6:ad:dd:f4:1f:84:
                    81:13:1d:a8:0c:c2:e1:e0:f6:00:01:a9:c4:a6:9f:
                    48:c0:fb:aa:31:3a:2a:fa:4c:79:b8:36:e8:8a:f0:
                    04:bd:c8:6b:40:98:3b:ac:ba:58:a5:22:69:11:b3:
                    ad:8a:6e:47:54:fa:ba:64:ff:62:78:b5:6d:aa:b0:
                    e0:4f:c2:8b:b2:4e:99:c6:b8:77:a3:d4:e9:4e:f3:
                    3a:ca:0d:6f:72:06:cc:c1:82:4b:14:0c:b6:da:10:
                    d1:f3:ec:b0:2e:23:eb:9f:de:01:69:cf:6f:e2:3d:
                    19:4d:c3:c3:1f:48:fb:f3:9a:de:cc:8b:8a:75:2e:
                    43:6b:32:90:88:27:9c:57:5d:e5:3c:0a:85:d6:1f:
                    49:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:57:DD:A2:22:DA:81:27:25:40:52:E1:44:6F:53:65:27:AB:B7:4B
            X509v3 Authority Key Identifier:
                keyid:C4:EB:34:DD:A2:F8:09:49:68:49:48:92:06:33:51:EE:0F:10:E9:1A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xOs03aL4CUloSUiSBjNR7g8Q6Ro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/_lfdoiLagSclQFLhRG9TZSert0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/b96584-1f71-48bb-a021-a347b56f3b9a/1/xOs03aL4CUloSUiSBjNR7g8Q6Ro.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.248.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:55:d2:4b:d7:7d:1d:a3:7e:cd:9e:cc:54:56:06:12:d9:d4:
         ac:57:d7:ef:b0:1c:5b:e5:e9:ae:74:bd:43:70:0e:16:5d:ea:
         58:09:99:fd:f1:67:63:68:09:d0:99:9c:8a:f1:6b:4f:2a:b9:
         4a:03:2c:34:93:58:c0:f0:e4:bd:ce:7d:b9:fb:63:f3:6e:d0:
         7f:ce:e7:01:c6:b9:e2:38:a4:49:73:c7:99:e7:4b:ff:9c:d1:
         5a:1a:16:79:9f:29:e0:a8:1d:2b:46:20:e9:bb:90:d2:bb:03:
         a1:02:15:ae:00:e7:a6:b0:ef:d1:74:c2:68:0d:06:6b:65:81:
         4e:42:ac:ce:1c:68:fe:3e:1c:7f:01:94:c2:2c:18:8f:c2:4b:
         a3:85:03:9c:a4:37:84:d4:24:c1:fe:84:1f:92:61:eb:43:38:
         22:08:bb:cd:26:75:c0:07:02:c7:c3:36:a8:5a:15:05:61:fb:
         42:08:40:a5:5b:8e:ed:41:19:31:d3:18:5a:2a:75:7f:4d:f6:
         cb:af:fe:51:6e:6d:12:e1:80:21:15:12:d2:e9:a7:0e:cf:71:
         7a:e3:18:89:1a:f5:8e:39:7a:f1:f9:e4:cf:52:20:a1:dc:a4:
         73:bb:e6:54:d0:bc:d7:a1:bf:08:20:ed:e6:88:10:1b:00:a9:
         a4:73:b6:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4te+zeq0dukm7zuxzzqSDAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZWIzNGRkYTJmODA5NDk2ODQ5NDg5MjA2MzM1MWVlMGYx
MGU5MWEwHhcNMjYwNTE1MjExMjM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZTU3ZGRhMjIyZGE4MTI3MjU0MDUyZTE0NDZmNTM2NTI3YWJiNzRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwC5hSzRVwSkPJ6TWXdAfZnKAlqdJ
ZQsPNGBXbGXMoh5hxk/M1yPWTnJR5bEau8FF/0mbzPO18/W9+ObaAi+HcHpQ3Kdb
zl3etRs1j4wxW5OyC/O+NbS8nXM+wDLjhWhrN7XdohLxqbf00KP3cBfr11XGrd30
H4SBEx2oDMLh4PYAAanEpp9IwPuqMToq+kx5uDboivAEvchrQJg7rLpYpSJpEbOt
im5HVPq6ZP9ieLVtqrDgT8KLsk6Zxrh3o9TpTvM6yg1vcgbMwYJLFAy22hDR8+yw
LiPrn94Bac9v4j0ZTcPDH0j785rezIuKdS5DazKQiCecV13lPAqF1h9JVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP5X3aIi2oEnJUBS4URvU2Unq7dLMB8GA1UdIwQY
MBaAFMTrNN2i+AlJaElIkgYzUe4PEOkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEt
YTM0N2I1NmYzYjlhLzEvX2xmZG9pTGFnU2NsUUZMaFJHOVRaU2VydDBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9iOTY1ODQtMWY3MS00OGJiLWEwMjEtYTM0N2I1NmYzYjlh
LzEveE9zMDNhTDRDVWxvU1VpU0JqTlI3ZzhRNlJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVD4MA0G
CSqGSIb3DQEBCwUAA4IBAQCPVdJL130do37NnsxUVgYS2dSsV9fvsBxb5emudL1D
cA4WXepYCZn98WdjaAnQmZyK8WtPKrlKAyw0k1jA8OS9zn25+2PzbtB/zucBxrni
OKRJc8eZ50v/nNFaGhZ5nyngqB0rRiDpu5DSuwOhAhWuAOemsO/RdMJoDQZrZYFO
QqzOHGj+Phx/AZTCLBiPwkujhQOcpDeE1CTB/oQfkmHrQzgiCLvNJnXABwLHwzao
WhUFYftCCEClW47tQRkx0xhaKnV/TfbLr/5Rbm0S4YAhFRLS6acOz3F64xiJGvWO
OXrx+eTPUiCh3KRzu+ZU0LzXob8IIO3miBAbAKmkc7aT
-----END CERTIFICATE-----