Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LXHUHSO9WQWL1yjZx_1oGkRxSgI.roa
File:                     LXHUHSO9WQWL1yjZx_1oGkRxSgI.roa (raw, json)
Hash identifier:          HOm4ChKdSMnn++SpgwP+q1pIqlQSDcmq1lnjp8gr6/k=
Subject key identifier:   2D:71:D4:1D:23:BD:59:05:8B:D7:28:D9:C7:FD:68:1A:44:71:4A:02
Certificate issuer:       /CN=746365355b665564a210c358c68a0117b7fbeb9a
Certificate serial:       019CB31CFC3FC628BAAE01B2659293636A41
Authority key identifier: 74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LXHUHSO9WQWL1yjZx_1oGkRxSgI.roa
Signing time:             Tue 03 Mar 2026 09:52:27 +0000
ROA not before:           Tue 03 Mar 2026 09:52:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48108
IP address blocks:        212.22.75.0/24 maxlen: 24
                          212.22.77.0/24 maxlen: 24
                          2a06:c3c0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Mar 2026 20:09:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:b3:1c:fc:3f:c6:28:ba:ae:01:b2:65:92:93:63:6a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=746365355b665564a210c358c68a0117b7fbeb9a
        Validity
            Not Before: Mar  3 09:52:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d71d41d23bd59058bd728d9c7fd681a44714a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4e:f5:0c:02:4d:da:ca:66:c4:e5:cd:c8:35:
                    7a:e5:a7:77:30:59:6a:38:5b:f4:88:4d:68:0a:80:
                    54:a3:52:66:4f:d3:f5:d8:46:67:3b:25:9b:aa:fb:
                    c5:51:2a:51:9c:57:c3:4d:da:bf:c0:72:d1:77:cd:
                    bd:f9:fb:3c:77:d4:49:3e:7a:a3:2b:44:32:10:cc:
                    68:83:e4:61:c7:87:d8:ee:58:fa:c6:43:07:5a:74:
                    29:cd:ad:e7:5a:68:a5:c4:40:80:4c:21:62:17:05:
                    83:f7:17:f4:45:27:31:61:21:6f:c3:c2:e9:b3:3f:
                    b5:26:71:e3:dd:c2:9d:2e:94:1d:b4:01:8a:32:78:
                    d1:fc:71:42:c5:e8:51:b7:b2:48:50:7c:86:83:2a:
                    bd:f4:9d:39:99:03:3f:0b:6d:ca:19:8f:f9:50:62:
                    48:bd:d9:d6:21:a8:76:78:d8:64:46:23:6d:d4:fa:
                    49:cc:d9:66:61:94:86:01:27:b3:8d:4e:c0:5c:5d:
                    b6:f5:a4:46:31:1c:ad:5d:d1:2b:97:9b:12:20:06:
                    73:c0:50:7d:de:e1:b4:7f:0b:52:3e:d7:d5:83:10:
                    6e:a4:ef:fa:47:cc:fa:eb:5b:0b:bf:91:89:75:ea:
                    fe:d0:ed:ea:d1:00:1d:38:5b:c4:c1:af:d8:a3:70:
                    53:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:71:D4:1D:23:BD:59:05:8B:D7:28:D9:C7:FD:68:1A:44:71:4A:02
            X509v3 Authority Key Identifier:
                keyid:74:63:65:35:5B:66:55:64:A2:10:C3:58:C6:8A:01:17:B7:FB:EB:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dGNlNVtmVWSiEMNYxooBF7f765o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/LXHUHSO9WQWL1yjZx_1oGkRxSgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/aea36d-babf-4474-a78b-6a4ecaf8b3b1/1/dGNlNVtmVWSiEMNYxooBF7f765o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.22.75.0/24
                  212.22.77.0/24
                IPv6:
                  2a06:c3c0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:24:da:4a:5f:e6:5e:09:a7:19:7e:d0:04:06:ed:5d:6b:2c:
         b8:27:26:da:77:57:d0:48:f1:9b:e0:b1:2d:e6:eb:e4:fd:fd:
         94:e2:b5:f5:c0:ee:2c:24:26:88:01:77:a1:6a:e5:1c:cb:64:
         fb:ae:ec:fd:d5:49:24:d4:18:58:86:88:90:b2:f6:be:22:ac:
         e0:ea:a2:6f:b3:2a:11:9c:ed:d4:74:0a:bd:19:20:98:ca:df:
         aa:93:d6:77:04:64:40:fc:0b:3a:45:8a:32:64:38:85:c3:62:
         db:16:8f:23:76:de:95:d9:d9:12:66:79:cc:8e:8d:31:36:65:
         3a:bf:18:46:fe:c9:10:b5:6a:9f:a7:3a:56:dd:6e:f9:80:f1:
         93:e1:48:9b:17:f8:f0:c3:dc:66:a9:d6:b0:39:4b:ba:c4:66:
         f8:75:bb:15:aa:5c:75:ec:e9:7a:31:9d:6c:79:12:9c:f3:ed:
         e5:c2:13:bb:9b:4a:bb:4c:4b:17:9f:6f:8e:63:73:a7:2e:72:
         13:21:3e:98:8a:8f:67:12:9e:98:d1:87:7d:89:bd:8c:69:8d:
         4a:f0:fd:d6:dc:0a:fb:19:5f:4f:e1:de:2a:bd:53:81:54:f9:
         79:b1:b8:29:3d:60:b3:73:4e:75:a3:ed:89:b3:38:ec:b2:d0:
         80:2e:0d:19
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZyzHPw/xii6rgGyZZKTY2pBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NjM2NTM1NWI2NjU1NjRhMjEwYzM1OGM2OGEwMTE3Yjdm
YmViOWEwHhcNMjYwMzAzMDk1MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDcxZDQxZDIzYmQ1OTA1OGJkNzI4ZDljN2ZkNjgxYTQ0NzE0YTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx071DAJN2spmxOXNyDV65ad3MFlq
OFv0iE1oCoBUo1JmT9P12EZnOyWbqvvFUSpRnFfDTdq/wHLRd829+fs8d9RJPnqj
K0QyEMxog+Rhx4fY7lj6xkMHWnQpza3nWmilxECATCFiFwWD9xf0RScxYSFvw8Lp
sz+1JnHj3cKdLpQdtAGKMnjR/HFCxehRt7JIUHyGgyq99J05mQM/C23KGY/5UGJI
vdnWIah2eNhkRiNt1PpJzNlmYZSGASezjU7AXF229aRGMRytXdErl5sSIAZzwFB9
3uG0fwtSPtfVgxBupO/6R8z661sLv5GJder+0O3q0QAdOFvEwa/Yo3BTQQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFC1x1B0jvVkFi9co2cf9aBpEcUoCMB8GA1UdIwQY
MBaAFHRjZTVbZlVkohDDWMaKARe3++uaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGIt
NmE0ZWNhZjhiM2IxLzEvTFhIVUhTTzlXUVdMMXlqWnhfMW9Ha1J4U2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi9hZWEzNmQtYmFiZi00NDc0LWE3OGItNmE0ZWNhZjhiM2Ix
LzEvZEdObE5WdG1WV1NpRU1OWXhvb0JGN2Y3NjVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQA1BZLAwQA
1BZNMA8EAgACMAkDBwAqBsPAAAEwDQYJKoZIhvcNAQELBQADggEBAAEk2kpf5l4J
pxl+0AQG7V1rLLgnJtp3V9BI8ZvgsS3m6+T9/ZTitfXA7iwkJogBd6Fq5RzLZPuu
7P3VSSTUGFiGiJCy9r4irODqom+zKhGc7dR0Cr0ZIJjK36qT1ncEZED8CzpFijJk
OIXDYtsWjyN23pXZ2RJmecyOjTE2ZTq/GEb+yRC1ap+nOlbdbvmA8ZPhSJsX+PDD
3Gap1rA5S7rEZvh1uxWqXHXs6XoxnWx5Epzz7eXCE7ubSrtMSxefb45jc6cuchMh
PpiKj2cSnpjRh32JvYxpjUrw/dbcCvsZX0/h3iq9U4FU+XmxuCk9YLNzTnWj7Ymz
OOyy0IAuDRk=
-----END CERTIFICATE-----