Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/la3EOVSJTN-GTmjrhjDjjgtjbvs.roa
File:                     la3EOVSJTN-GTmjrhjDjjgtjbvs.roa (raw, json)
Hash identifier:          x0x7/BrMSdi2SlKnv6yfhPKD7aic2HLCMS2Uf2oOa80=
Subject key identifier:   95:AD:C4:39:54:89:4C:DF:86:4E:68:EB:86:30:E3:8E:0B:63:6E:FB
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       019C7A112CE3EB21FDB000BC8F239CDCD927
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/la3EOVSJTN-GTmjrhjDjjgtjbvs.roa
Signing time:             Fri 20 Feb 2026 08:01:11 +0000
ROA not before:           Fri 20 Feb 2026 08:01:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201392
IP address blocks:        45.131.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 24 Feb 2026 06:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:7a:11:2c:e3:eb:21:fd:b0:00:bc:8f:23:9c:dc:d9:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Feb 20 08:01:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95adc43954894cdf864e68eb8630e38e0b636efb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ee:73:72:13:5c:f4:a5:d0:50:02:09:8f:74:
                    5d:df:0a:dd:88:09:44:57:e9:86:70:78:5b:2f:f6:
                    6f:6c:4e:91:bc:43:49:d6:02:f9:9f:98:88:9a:c6:
                    6f:2d:bc:99:ac:f4:85:e4:e0:ae:97:a1:58:be:fd:
                    3b:d6:f9:d0:51:68:66:fd:ca:2d:67:0a:3e:a5:7b:
                    d9:81:bd:b9:86:71:5f:02:26:a7:99:4a:e1:c5:8a:
                    4c:37:73:3c:b4:47:9d:c7:d9:a2:02:9f:0a:5b:9a:
                    80:99:ee:67:c0:22:d1:b5:35:39:ff:f1:af:b9:bf:
                    3b:6a:2b:7f:92:a7:c6:c1:72:17:58:4d:cd:fa:83:
                    f9:a3:99:d1:ab:00:85:01:10:98:cf:32:4c:f9:35:
                    da:dd:f5:02:f6:b4:4b:34:a3:83:8f:8c:90:59:88:
                    ab:95:6d:87:cd:61:99:f1:a0:3d:f0:df:c4:e8:0b:
                    86:fa:80:57:59:ec:a7:1d:79:0d:ac:b7:0b:e8:42:
                    98:14:04:8d:5e:dd:e8:af:5c:87:69:b4:26:fe:10:
                    36:65:52:00:5e:e8:48:86:d7:7c:ef:e9:2a:fd:f6:
                    39:83:8a:3b:00:5e:60:3c:6c:4f:78:48:9c:e7:8a:
                    4d:a8:22:24:7b:8a:13:48:bc:0e:36:08:4b:c3:63:
                    aa:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:AD:C4:39:54:89:4C:DF:86:4E:68:EB:86:30:E3:8E:0B:63:6E:FB
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/la3EOVSJTN-GTmjrhjDjjgtjbvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:11:50:dc:59:c3:01:66:48:a9:e2:72:0c:27:e9:57:3b:39:
         f7:8b:0f:6d:22:bb:1f:14:f9:90:0e:27:7a:bc:a2:a5:32:9e:
         6e:c8:23:25:43:bf:22:30:69:4c:b5:d5:bd:00:c8:a8:c3:a4:
         14:54:02:73:37:4d:3f:40:9a:a9:f7:7f:19:f7:97:f9:b7:d5:
         4e:29:fc:12:90:17:c0:ee:aa:52:be:04:c6:fc:2d:04:f5:f0:
         f1:f3:c9:71:cb:2a:97:af:57:15:4f:96:66:b7:c0:48:ac:73:
         6b:6f:11:18:f1:ae:85:cf:41:f7:0f:8a:3a:e9:e9:47:59:3e:
         7a:9a:f7:fe:48:07:69:d7:b1:c7:34:25:40:bf:a9:b3:7b:45:
         37:ab:7f:11:6e:df:22:1b:69:8d:62:d9:e2:1b:94:be:28:dc:
         5a:23:95:66:96:e9:d9:7a:2b:a3:01:f9:9e:d7:a4:ef:5b:3d:
         0d:b7:f9:9c:a2:f2:20:b4:97:7f:56:03:7c:d5:27:b7:79:77:
         f8:d7:20:66:0c:d4:c6:e1:f9:6d:95:76:76:be:2a:6a:e1:f7:
         1b:64:c8:c9:91:87:a9:4e:2e:3d:f4:b0:0e:86:3b:8f:ca:38:
         b2:e0:81:fb:c8:c0:59:40:cb:c3:9e:0f:5c:14:27:f5:90:4c:
         d4:ce:8b:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZx6ESzj6yH9sAC8jyOc3NknMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjYwMjIwMDgwMTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWFkYzQzOTU0ODk0Y2RmODY0ZTY4ZWI4NjMwZTM4ZTBiNjM2ZWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtu5zchNc9KXQUAIJj3Rd3wrdiAlE
V+mGcHhbL/ZvbE6RvENJ1gL5n5iImsZvLbyZrPSF5OCul6FYvv071vnQUWhm/cot
Zwo+pXvZgb25hnFfAianmUrhxYpMN3M8tEedx9miAp8KW5qAme5nwCLRtTU5//Gv
ub87ait/kqfGwXIXWE3N+oP5o5nRqwCFARCYzzJM+TXa3fUC9rRLNKODj4yQWYir
lW2HzWGZ8aA98N/E6AuG+oBXWeynHXkNrLcL6EKYFASNXt3or1yHabQm/hA2ZVIA
XuhIhtd87+kq/fY5g4o7AF5gPGxPeEic54pNqCIke4oTSLwONghLw2OqJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJWtxDlUiUzfhk5o64Yw444LY277MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbGEzRU9WU0pUTi1HVG1qcmhqRGpqZ3RqYnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYO4MA0G
CSqGSIb3DQEBCwUAA4IBAQAlEVDcWcMBZkip4nIMJ+lXOzn3iw9tIrsfFPmQDid6
vKKlMp5uyCMlQ78iMGlMtdW9AMiow6QUVAJzN00/QJqp938Z95f5t9VOKfwSkBfA
7qpSvgTG/C0E9fDx88lxyyqXr1cVT5Zmt8BIrHNrbxEY8a6Fz0H3D4o66elHWT56
mvf+SAdp17HHNCVAv6mze0U3q38Rbt8iG2mNYtniG5S+KNxaI5VmlunZeiujAfme
16TvWz0Nt/mcovIgtJd/VgN81Se3eXf41yBmDNTG4fltlXZ2vipq4fcbZMjJkYep
Ti499LAOhjuPyjiy4IH7yMBZQMvDng9cFCf1kEzUzosh
-----END CERTIFICATE-----