Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/LdJeMNUSxEiyYT5tlVnLMHlFFGE.roa
File:                     LdJeMNUSxEiyYT5tlVnLMHlFFGE.roa (raw, json)
Hash identifier:          lPPMYHpDDRQ1bbYHPLCGN241O5yms5ErqbEaTQqRv04=
Subject key identifier:   2D:D2:5E:30:D5:12:C4:48:B2:61:3E:6D:95:59:CB:30:79:45:14:61
Certificate issuer:       /CN=9c90d8451f50c4f779c4392c31d08c1903d171b3
Certificate serial:       019E501CF9B9FED03970F46DF6416324916A
Authority key identifier: 9C:90:D8:45:1F:50:C4:F7:79:C4:39:2C:31:D0:8C:19:03:D1:71:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nJDYRR9QxPd5xDksMdCMGQPRcbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/LdJeMNUSxEiyYT5tlVnLMHlFFGE.roa
Signing time:             Fri 22 May 2026 14:35:36 +0000
ROA not before:           Fri 22 May 2026 14:35:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201331
IP address blocks:        185.133.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/nJDYRR9QxPd5xDksMdCMGQPRcbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/nJDYRR9QxPd5xDksMdCMGQPRcbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nJDYRR9QxPd5xDksMdCMGQPRcbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:50:1c:f9:b9:fe:d0:39:70:f4:6d:f6:41:63:24:91:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9c90d8451f50c4f779c4392c31d08c1903d171b3
        Validity
            Not Before: May 22 14:35:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2dd25e30d512c448b2613e6d9559cb3079451461
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:e6:f2:8e:d0:7c:3f:42:71:26:81:02:fd:bb:
                    5d:7b:5d:f9:96:2f:35:50:a0:8c:ef:a2:74:4f:a7:
                    0c:a2:cc:e6:b5:c4:2c:6d:55:a1:e6:ad:7e:1d:9c:
                    76:e2:d0:a5:7a:ee:6c:95:33:e5:57:b2:2a:03:4a:
                    62:41:77:5d:ef:e1:2e:38:f5:9c:c3:b4:1d:83:24:
                    d5:14:f1:3b:fd:3e:18:92:d8:e5:62:d2:2c:94:cc:
                    3c:86:29:fa:46:6e:f7:72:e4:41:a7:21:8a:9e:34:
                    e8:a5:c3:f1:4b:d7:f6:87:4d:ed:7b:d3:45:63:a7:
                    16:28:97:d7:9f:d5:bf:f5:7c:a0:47:a4:15:7f:9f:
                    0b:a6:b1:c4:7e:ac:4c:30:21:b4:e7:06:ce:3e:1a:
                    77:3f:94:6b:1d:78:3b:94:ea:f1:60:d0:f1:56:75:
                    9b:53:c8:79:cf:3a:b6:2b:ce:b6:e8:1d:b1:8f:e5:
                    3e:3e:9b:72:15:15:e5:07:8f:05:57:39:32:04:27:
                    99:a6:83:4b:fc:95:ec:64:fa:2f:4b:01:23:b1:96:
                    80:ea:28:fb:e7:f3:55:53:bd:c6:a8:6c:69:f4:26:
                    a5:c6:6d:a2:86:d1:93:6b:64:5e:85:0c:60:66:a4:
                    11:ab:15:be:2c:f6:bf:0e:3a:ad:4a:ea:ec:2b:10:
                    f7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D2:5E:30:D5:12:C4:48:B2:61:3E:6D:95:59:CB:30:79:45:14:61
            X509v3 Authority Key Identifier:
                keyid:9C:90:D8:45:1F:50:C4:F7:79:C4:39:2C:31:D0:8C:19:03:D1:71:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nJDYRR9QxPd5xDksMdCMGQPRcbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/LdJeMNUSxEiyYT5tlVnLMHlFFGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/6f5745-8a26-4f63-9e70-2b14be06e11a/1/nJDYRR9QxPd5xDksMdCMGQPRcbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:1e:24:ce:d9:5c:73:9a:34:19:b9:5e:cc:c0:68:f2:3d:df:
         0a:b4:bb:43:d5:30:26:7b:39:1f:61:fb:9c:14:b0:4f:4a:cd:
         4d:1c:a8:fc:c8:e5:ca:3f:c6:85:71:60:3f:d6:4c:fa:5e:0e:
         8d:71:48:c8:f3:dc:06:61:ea:f4:8e:3a:31:7a:53:ed:19:b7:
         56:2d:73:50:aa:3e:c4:4a:9c:5c:90:f2:53:88:30:48:e4:06:
         65:7c:5d:81:f0:3b:9d:c5:b2:bf:ff:d5:60:20:9b:e5:23:44:
         91:29:5d:d8:f5:3e:b4:bc:d5:d8:c4:4c:56:1e:52:5f:b9:87:
         9a:62:d0:92:0d:68:7b:65:12:f1:33:83:db:a1:a3:97:a8:c5:
         0a:6e:78:43:be:62:4e:65:2c:7d:27:58:a9:81:84:d2:05:f8:
         ed:c1:b2:d8:86:22:87:28:79:e8:59:19:26:f6:ec:fa:9b:11:
         d8:84:85:76:47:0f:1b:6e:89:c6:d8:49:3c:03:7d:84:0c:7a:
         16:5e:4c:1c:ac:0f:2d:28:46:61:29:ac:8b:92:31:d6:2a:e7:
         36:98:e2:de:99:39:a8:7c:5a:fb:b5:c6:77:df:a5:e9:a9:77:
         4a:4c:68:b4:e4:f9:05:b8:38:6c:81:7e:96:a1:70:5a:99:50:
         32:86:6d:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5QHPm5/tA5cPRt9kFjJJFqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljOTBkODQ1MWY1MGM0Zjc3OWM0MzkyYzMxZDA4YzE5MDNk
MTcxYjMwHhcNMjYwNTIyMTQzNTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQyNWUzMGQ1MTJjNDQ4YjI2MTNlNmQ5NTU5Y2IzMDc5NDUxNDYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArubyjtB8P0JxJoEC/btde135li81
UKCM76J0T6cMoszmtcQsbVWh5q1+HZx24tCleu5slTPlV7IqA0piQXdd7+EuOPWc
w7QdgyTVFPE7/T4YktjlYtIslMw8hin6Rm73cuRBpyGKnjTopcPxS9f2h03te9NF
Y6cWKJfXn9W/9XygR6QVf58LprHEfqxMMCG05wbOPhp3P5RrHXg7lOrxYNDxVnWb
U8h5zzq2K8626B2xj+U+PptyFRXlB48FVzkyBCeZpoNL/JXsZPovSwEjsZaA6ij7
5/NVU73GqGxp9Calxm2ihtGTa2RehQxgZqQRqxW+LPa/DjqtSursKxD38QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3SXjDVEsRIsmE+bZVZyzB5RRRhMB8GA1UdIwQY
MBaAFJyQ2EUfUMT3ecQ5LDHQjBkD0XGzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkpEWVJSOVF4UGQ1eERrc01kQ01HUVBSY2JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS82ZjU3NDUtOGEyNi00ZjYzLTllNzAt
MmIxNGJlMDZlMTFhLzEvTGRKZU1OVVN4RWl5WVQ1dGxWbkxNSGxGRkdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS82ZjU3NDUtOGEyNi00ZjYzLTllNzAtMmIxNGJlMDZlMTFh
LzEvbkpEWVJSOVF4UGQ1eERrc01kQ01HUVBSY2JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYV8MA0G
CSqGSIb3DQEBCwUAA4IBAQCsHiTO2VxzmjQZuV7MwGjyPd8KtLtD1TAmezkfYfuc
FLBPSs1NHKj8yOXKP8aFcWA/1kz6Xg6NcUjI89wGYer0jjoxelPtGbdWLXNQqj7E
SpxckPJTiDBI5AZlfF2B8DudxbK//9VgIJvlI0SRKV3Y9T60vNXYxExWHlJfuYea
YtCSDWh7ZRLxM4PboaOXqMUKbnhDvmJOZSx9J1ipgYTSBfjtwbLYhiKHKHnoWRkm
9uz6mxHYhIV2Rw8bbonG2Ek8A32EDHoWXkwcrA8tKEZhKayLkjHWKuc2mOLemTmo
fFr7tcZ336XpqXdKTGi05PkFuDhsgX6WoXBamVAyhm1A
-----END CERTIFICATE-----