Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/LBK2m0x43uiy3CDrXewo6CElebE.roa
File:                     LBK2m0x43uiy3CDrXewo6CElebE.roa (raw, json)
Hash identifier:          Melk19K0g3bAymWD/+lvWlNHh7zUQK9z4QHwwE2U65g=
Subject key identifier:   2C:12:B6:9B:4C:78:DE:E8:B2:DC:20:EB:5D:EC:28:E8:21:25:79:B1
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       019ECFD353A951C196C82821FDA6D7AEAD36
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/LBK2m0x43uiy3CDrXewo6CElebE.roa
Signing time:             Tue 16 Jun 2026 09:46:33 +0000
ROA not before:           Tue 16 Jun 2026 09:46:33 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200401
IP address blocks:        2a09:d2c1:a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Jun 2026 18:43:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:cf:d3:53:a9:51:c1:96:c8:28:21:fd:a6:d7:ae:ad:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jun 16 09:46:33 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c12b69b4c78dee8b2dc20eb5dec28e8212579b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:0c:c3:02:93:b6:f9:8d:7d:64:a7:64:24:af:
                    ba:3b:3d:3e:87:6c:7b:30:46:04:8c:bc:48:3a:d1:
                    f6:04:f0:06:1c:a6:40:33:fd:35:2d:5f:8d:27:1e:
                    2a:0b:19:bb:ab:bf:f8:ac:1c:b0:8c:32:78:a7:00:
                    7b:02:fe:28:b8:74:f6:b4:bb:01:f4:84:fd:a6:73:
                    9d:1c:d7:40:db:a5:29:de:02:c0:52:e3:64:3d:ed:
                    77:0c:d7:9d:e8:60:cb:6b:86:0c:67:40:de:23:0b:
                    f3:1b:10:5d:4e:4a:e9:e6:0b:b6:69:75:59:45:f7:
                    eb:d0:12:31:eb:43:8b:06:b0:80:cf:6c:e0:16:38:
                    87:32:45:f8:70:e9:04:0d:05:04:0d:3f:71:2c:15:
                    61:9f:72:26:49:92:9f:9d:73:3b:da:66:9d:41:1a:
                    08:8a:72:7c:1a:85:3f:d6:89:6e:e0:4e:be:a0:a1:
                    98:27:39:36:e7:2c:12:2b:90:94:4c:bc:48:20:70:
                    a2:62:cd:c5:c3:e3:5b:6f:11:d3:d6:a1:62:23:a6:
                    7f:0f:75:77:43:6d:f2:38:b2:98:b5:79:2d:d1:81:
                    f0:9d:14:05:4f:99:f4:56:f8:30:c0:dc:0a:60:83:
                    1a:b6:7a:42:d5:3e:64:a5:76:93:43:60:aa:63:82:
                    85:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:12:B6:9B:4C:78:DE:E8:B2:DC:20:EB:5D:EC:28:E8:21:25:79:B1
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/LBK2m0x43uiy3CDrXewo6CElebE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:d2c1:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         00:83:47:33:6e:c1:58:ae:99:4c:72:00:82:1c:a1:74:c5:e9:
         06:84:6a:0f:a1:0b:24:84:24:a9:9b:52:34:2d:37:38:24:ce:
         d7:32:9e:0c:fc:0b:c8:24:68:d7:3b:4d:02:b2:7c:ad:a3:fc:
         6e:dd:ff:0b:2d:b9:af:52:81:6d:d3:ba:81:eb:dc:11:1a:e9:
         9b:68:43:51:e1:e1:42:45:13:f2:ea:70:a6:c5:7c:f6:87:7a:
         a1:b7:22:92:fd:30:cd:06:05:50:90:40:c0:99:c3:80:01:8f:
         ad:df:90:9c:5f:57:8e:f7:3b:c9:58:9c:f2:e8:3a:17:ea:92:
         8e:2a:b5:99:ae:1c:89:df:3e:31:28:88:09:f0:de:7b:17:d4:
         e0:e2:06:db:58:76:a2:14:e4:30:eb:60:7b:60:b3:0e:a7:4e:
         ad:65:d0:ae:81:d2:68:48:9c:64:d0:1e:70:45:4f:e8:24:61:
         a6:ee:70:1c:77:90:f2:0a:4b:4b:a4:38:05:f1:2d:a4:42:6c:
         59:5d:74:c1:96:07:eb:f2:a1:14:68:a3:d7:eb:33:59:86:84:
         57:fd:d1:08:7e:2b:cb:33:ba:d1:bb:19:35:c4:1b:1f:f0:d3:
         be:d5:5b:43:56:39:0d:6e:bf:64:0e:b5:78:3e:90:e2:3a:c5:
         d6:72:b2:45
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ7P01OpUcGWyCgh/abXrq02MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjYwNjE2MDk0NjMzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzEyYjY5YjRjNzhkZWU4YjJkYzIwZWI1ZGVjMjhlODIxMjU3OWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxAzDApO2+Y19ZKdkJK+6Oz0+h2x7
MEYEjLxIOtH2BPAGHKZAM/01LV+NJx4qCxm7q7/4rBywjDJ4pwB7Av4ouHT2tLsB
9IT9pnOdHNdA26Up3gLAUuNkPe13DNed6GDLa4YMZ0DeIwvzGxBdTkrp5gu2aXVZ
Rffr0BIx60OLBrCAz2zgFjiHMkX4cOkEDQUEDT9xLBVhn3ImSZKfnXM72madQRoI
inJ8GoU/1olu4E6+oKGYJzk25ywSK5CUTLxIIHCiYs3Fw+NbbxHT1qFiI6Z/D3V3
Q23yOLKYtXkt0YHwnRQFT5n0VvgwwNwKYIMatnpC1T5kpXaTQ2CqY4KFUQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCwStptMeN7ostwg613sKOghJXmxMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvTEJLMm0weDQzdWl5M0NEclhld282Q0VsZWJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgnSwQAK
MA0GCSqGSIb3DQEBCwUAA4IBAQAAg0czbsFYrplMcgCCHKF0xekGhGoPoQskhCSp
m1I0LTc4JM7XMp4M/AvIJGjXO00Csnyto/xu3f8LLbmvUoFt07qB69wRGumbaENR
4eFCRRPy6nCmxXz2h3qhtyKS/TDNBgVQkEDAmcOAAY+t35CcX1eO9zvJWJzy6DoX
6pKOKrWZrhyJ3z4xKIgJ8N57F9Tg4gbbWHaiFOQw62B7YLMOp06tZdCugdJoSJxk
0B5wRU/oJGGm7nAcd5DyCktLpDgF8S2kQmxZXXTBlgfr8qEUaKPX6zNZhoRX/dEI
fivLM7rRuxk1xBsf8NO+1VtDVjkNbr9kDrV4PpDiOsXWcrJF
-----END CERTIFICATE-----