Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/LFXDfDHkocuh3JL7Ky0L5zJV3og.roa
File:                     LFXDfDHkocuh3JL7Ky0L5zJV3og.roa (raw, json)
Hash identifier:          TS6fT3bfMYfQbO+LEV1427DJy6BLZOEtsP60dK32QbE=
Subject key identifier:   2C:55:C3:7C:31:E4:A1:CB:A1:DC:92:FB:2B:2D:0B:E7:32:55:DE:88
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       019E8802878250818BDC0A7EAD1CCB7B7186
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/LFXDfDHkocuh3JL7Ky0L5zJV3og.roa
Signing time:             Tue 02 Jun 2026 11:05:27 +0000
ROA not before:           Tue 02 Jun 2026 11:05:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        87.84.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 03 Jun 2026 13:49:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:88:02:87:82:50:81:8b:dc:0a:7e:ad:1c:cb:7b:71:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Jun  2 11:05:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c55c37c31e4a1cba1dc92fb2b2d0be73255de88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:df:09:d2:f0:14:01:ea:0f:82:de:26:a2:8d:
                    ed:3c:59:a0:85:47:f1:1b:27:39:62:59:e8:27:94:
                    e5:bc:cb:4e:9e:8e:2e:bb:b7:4b:97:5b:e0:6f:11:
                    74:25:86:29:a2:80:a5:32:3c:05:7e:5e:f8:03:e2:
                    4f:70:0a:41:18:f1:45:73:89:99:e0:25:dd:78:bd:
                    88:65:8c:29:dd:20:61:04:29:76:39:7f:ee:0d:1f:
                    31:f8:60:a1:58:27:a9:e2:9b:c8:98:7c:df:b4:38:
                    2f:9a:9c:28:a1:94:34:d3:a6:b3:e3:03:fb:62:33:
                    82:22:b9:b5:db:25:2b:da:e7:f4:43:87:1e:69:e7:
                    10:d9:ea:80:9a:91:98:77:f7:6f:03:bb:f7:4d:74:
                    db:a7:37:1a:00:bc:58:08:e1:50:43:5f:a1:31:67:
                    1e:92:df:24:e2:ed:42:5b:27:d9:32:dd:5b:b1:7b:
                    08:a5:73:f9:d2:3a:78:3a:d0:04:9c:23:68:76:13:
                    a6:dc:ed:f6:83:3a:ff:e3:2d:af:91:f6:1c:6e:95:
                    66:75:0f:a3:d8:2e:6c:af:0a:f5:d6:c3:50:33:67:
                    b0:2c:85:02:80:64:f7:d4:d0:72:70:bd:b8:aa:44:
                    66:51:59:2e:0e:38:ba:71:84:63:21:12:9a:03:59:
                    87:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:55:C3:7C:31:E4:A1:CB:A1:DC:92:FB:2B:2D:0B:E7:32:55:DE:88
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/LFXDfDHkocuh3JL7Ky0L5zJV3og.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.84.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b6:e5:e3:f5:76:53:fd:87:80:10:c6:6f:63:48:10:99:7c:8e:
         e0:17:db:47:3d:ff:d6:3b:a5:36:30:39:c8:8f:7c:22:2f:92:
         03:16:21:75:dc:d4:25:43:44:58:fa:55:a3:1a:c5:66:bf:fe:
         3d:d2:88:5a:dc:5b:41:de:da:10:2e:69:27:d0:dd:cd:89:d2:
         72:aa:78:59:0a:42:10:27:58:4b:95:33:2e:42:07:5d:24:e0:
         5d:a6:9d:aa:87:e0:38:ad:17:e7:bc:73:10:41:12:f9:0e:68:
         51:a1:18:06:8c:c2:62:df:ab:fe:85:63:1c:94:71:01:1b:09:
         f6:14:18:51:ee:4f:20:3a:8c:97:fc:0b:cc:2a:7f:3d:30:30:
         a7:0d:16:81:17:46:13:eb:f2:ab:69:6a:d0:97:ea:e1:32:34:
         26:77:80:4a:7e:c5:d2:31:08:df:5e:12:d6:05:eb:21:58:92:
         6a:fe:f0:22:d0:df:90:30:dc:27:74:68:80:6c:71:b3:9d:e8:
         af:c8:75:ff:fd:2e:6c:8d:4b:81:6d:68:23:b6:8c:37:8a:12:
         db:04:0a:46:12:5a:5f:44:36:99:ce:7c:33:3e:ce:07:e0:bc:
         61:35:09:a3:f0:00:7b:1c:86:d2:86:6c:15:9c:18:3e:30:7d:
         97:fe:02:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6IAoeCUIGL3Ap+rRzLe3GGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjYwNjAyMTEwNTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU1YzM3YzMxZTRhMWNiYTFkYzkyZmIyYjJkMGJlNzMyNTVkZTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2N8J0vAUAeoPgt4moo3tPFmghUfx
Gyc5YlnoJ5TlvMtOno4uu7dLl1vgbxF0JYYpooClMjwFfl74A+JPcApBGPFFc4mZ
4CXdeL2IZYwp3SBhBCl2OX/uDR8x+GChWCep4pvImHzftDgvmpwooZQ006az4wP7
YjOCIrm12yUr2uf0Q4ceaecQ2eqAmpGYd/dvA7v3TXTbpzcaALxYCOFQQ1+hMWce
kt8k4u1CWyfZMt1bsXsIpXP50jp4OtAEnCNodhOm3O32gzr/4y2vkfYcbpVmdQ+j
2C5srwr11sNQM2ewLIUCgGT31NBycL24qkRmUVkuDji6cYRjIRKaA1mHGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxVw3wx5KHLodyS+ystC+cyVd6IMB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvTEZYRGZESGtvY3VoM0pMN0t5MEw1ekpWM29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV1TgMA0G
CSqGSIb3DQEBCwUAA4IBAQC25eP1dlP9h4AQxm9jSBCZfI7gF9tHPf/WO6U2MDnI
j3wiL5IDFiF13NQlQ0RY+lWjGsVmv/490oha3FtB3toQLmkn0N3NidJyqnhZCkIQ
J1hLlTMuQgddJOBdpp2qh+A4rRfnvHMQQRL5DmhRoRgGjMJi36v+hWMclHEBGwn2
FBhR7k8gOoyX/AvMKn89MDCnDRaBF0YT6/KraWrQl+rhMjQmd4BKfsXSMQjfXhLW
BeshWJJq/vAi0N+QMNwndGiAbHGzneivyHX//S5sjUuBbWgjtow3ihLbBApGElpf
RDaZznwzPs4H4LxhNQmj8AB7HIbShmwVnBg+MH2X/gLF
-----END CERTIFICATE-----