Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/Lgun1kUgKuu9jlLCkgKdcwux9To.roa
File:                     Lgun1kUgKuu9jlLCkgKdcwux9To.roa (raw, json)
Hash identifier:          lGBfmzCEfkvZzXJZAi/9+uOmPeLs0qMduHpdLInrHEE=
Subject key identifier:   2E:0B:A7:D6:45:20:2A:EB:BD:8E:52:C2:92:02:9D:73:0B:B1:F5:3A
Certificate issuer:       /CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
Certificate serial:       019980B580C433C4E97F35A3F29F00F2A926
Authority key identifier: 74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/Lgun1kUgKuu9jlLCkgKdcwux9To.roa
Signing time:             Thu 25 Sep 2025 11:50:02 +0000
ROA not before:           Thu 25 Sep 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        2a10:dac0:96::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Oct 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:80:b5:80:c4:33:c4:e9:7f:35:a3:f2:9f:00:f2:a9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74b42a6de4e01fc31250d1bbe322281046ee61aa
        Validity
            Not Before: Sep 25 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2e0ba7d645202aebbd8e52c292029d730bb1f53a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:d1:d6:a1:9b:21:12:8f:ff:99:7d:39:01:45:
                    92:10:24:e6:3d:c5:f8:8f:85:fb:f1:51:28:7b:e2:
                    f3:3d:43:bd:3f:5e:22:fe:79:84:5a:d0:11:8e:8f:
                    ed:87:f2:98:05:fe:c1:f9:3a:53:a4:83:f6:3a:b6:
                    52:1d:f3:a9:d9:a6:d0:b5:68:2a:72:8c:da:91:33:
                    43:ab:dd:d3:b9:12:44:b6:b1:49:14:0c:45:a4:9f:
                    1c:c7:02:2c:89:1b:45:1a:40:da:37:2c:ee:ba:28:
                    df:dc:16:19:55:c9:5d:e2:f5:f3:b8:34:16:25:4a:
                    e5:1d:a0:94:38:85:bf:91:40:07:8c:20:18:af:33:
                    61:b4:72:6f:c1:69:21:3f:ab:fb:59:29:b4:a2:61:
                    62:53:53:39:74:4b:ca:ca:3c:fb:ef:7f:86:72:cf:
                    59:60:1a:2b:08:c2:89:56:94:be:6d:67:10:b7:44:
                    8c:88:7c:d8:e8:c5:db:44:cb:36:0c:fb:bd:83:f3:
                    cd:85:8e:28:0d:f3:e0:40:89:0b:31:e2:fa:1e:a6:
                    fc:fd:58:2d:95:29:03:61:13:36:82:73:01:b4:a0:
                    31:0e:14:46:d2:d8:c7:68:85:83:24:71:80:19:16:
                    ad:17:82:fd:5b:0c:a2:f4:db:3f:8d:72:3d:b8:05:
                    c3:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:0B:A7:D6:45:20:2A:EB:BD:8E:52:C2:92:02:9D:73:0B:B1:F5:3A
            X509v3 Authority Key Identifier:
                keyid:74:B4:2A:6D:E4:E0:1F:C3:12:50:D1:BB:E3:22:28:10:46:EE:61:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dLQqbeTgH8MSUNG74yIoEEbuYao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/Lgun1kUgKuu9jlLCkgKdcwux9To.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/e5556c-cfea-4972-aaf8-17a1dcdcc6e0/1/dLQqbeTgH8MSUNG74yIoEEbuYao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a10:dac0:96::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:f5:60:1b:65:f3:6e:b3:cd:da:0d:a1:b2:7c:22:63:e4:cc:
         dd:ff:1e:92:83:b8:45:d1:38:45:ca:c3:74:67:6d:a1:7f:de:
         46:ff:dc:cb:ad:2f:aa:cb:03:33:b8:8b:25:49:4c:c2:22:9e:
         ee:fe:87:47:1a:41:f9:e0:9e:58:9e:fd:28:5f:6c:95:e3:b9:
         4e:a3:df:2d:be:14:30:d6:9b:b4:3a:de:99:eb:02:53:63:70:
         3b:66:e3:23:2f:3d:70:8f:25:50:69:d3:b7:2e:e6:2f:34:ad:
         f0:45:1f:c8:68:e7:3b:6b:76:6b:52:48:b5:8c:62:e8:b7:a7:
         25:3c:e4:1f:b8:c3:ed:dc:dc:5f:7d:55:6a:c9:5c:f8:48:e2:
         87:c4:bf:4e:bb:8c:02:f4:59:82:ff:c5:3a:ce:bf:dd:32:3d:
         79:1e:f5:ec:85:06:44:bf:fa:db:2b:4c:23:2f:3a:30:87:2a:
         2b:d2:05:66:a7:e7:cb:71:5b:3b:42:32:fe:ae:6f:41:8b:34:
         ee:5e:de:aa:c7:6e:3b:62:8e:fd:c4:40:63:dc:72:01:0a:02:
         d7:a7:c2:c1:1c:67:4b:36:2c:27:a2:5b:65:74:5e:37:7e:4b:
         e6:2d:f9:f0:62:d1:66:ad:da:14:4d:e8:4e:72:04:6e:a5:6a:
         4f:f9:0b:50
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZmAtYDEM8TpfzWj8p8A8qkmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0YjQyYTZkZTRlMDFmYzMxMjUwZDFiYmUzMjIyODEwNDZl
ZTYxYWEwHhcNMjUwOTI1MTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTBiYTdkNjQ1MjAyYWViYmQ4ZTUyYzI5MjAyOWQ3MzBiYjFmNTNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2dHWoZshEo//mX05AUWSECTmPcX4
j4X78VEoe+LzPUO9P14i/nmEWtARjo/th/KYBf7B+TpTpIP2OrZSHfOp2abQtWgq
cozakTNDq93TuRJEtrFJFAxFpJ8cxwIsiRtFGkDaNyzuuijf3BYZVcld4vXzuDQW
JUrlHaCUOIW/kUAHjCAYrzNhtHJvwWkhP6v7WSm0omFiU1M5dEvKyjz773+Gcs9Z
YBorCMKJVpS+bWcQt0SMiHzY6MXbRMs2DPu9g/PNhY4oDfPgQIkLMeL6Hqb8/Vgt
lSkDYRM2gnMBtKAxDhRG0tjHaIWDJHGAGRatF4L9Wwyi9Ns/jXI9uAXDQwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC4Lp9ZFICrrvY5SwpICnXMLsfU6MB8GA1UdIwQY
MBaAFHS0Km3k4B/DElDRu+MiKBBG7mGqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgt
MTdhMWRjZGNjNmUwLzEvTGd1bjFrVWdLdXU5amxMQ2tnS2Rjd3V4OVRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9lNTU1NmMtY2ZlYS00OTcyLWFhZjgtMTdhMWRjZGNjNmUw
LzEvZExRcWJlVGdIOE1TVU5HNzR5SW9FRWJ1WWFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKhDawACW
MA0GCSqGSIb3DQEBCwUAA4IBAQCR9WAbZfNus83aDaGyfCJj5Mzd/x6Sg7hF0ThF
ysN0Z22hf95G/9zLrS+qywMzuIslSUzCIp7u/odHGkH54J5Ynv0oX2yV47lOo98t
vhQw1pu0Ot6Z6wJTY3A7ZuMjLz1wjyVQadO3LuYvNK3wRR/IaOc7a3ZrUki1jGLo
t6clPOQfuMPt3NxffVVqyVz4SOKHxL9Ou4wC9FmC/8U6zr/dMj15HvXshQZEv/rb
K0wjLzowhyor0gVmp+fLcVs7QjL+rm9BizTuXt6qx247Yo79xEBj3HIBCgLXp8LB
HGdLNiwnoltldF43fkvmLfnwYtFmrdoUTehOcgRupWpP+QtQ
-----END CERTIFICATE-----