Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/LFO_dwVuiToZyRlC0BjA3g88zwU.roa
File:                     LFO_dwVuiToZyRlC0BjA3g88zwU.roa (raw, json)
Hash identifier:          hfjrWpDJpqF9tTWC1wGwI/6VVl0udrnkbVZ6IWru+FQ=
Subject key identifier:   2C:53:BF:77:05:6E:89:3A:19:C9:19:42:D0:18:C0:DE:0F:3C:CF:05
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019D0FE6614CB073F94976224B24FC6CBCF5
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/LFO_dwVuiToZyRlC0BjA3g88zwU.roa
Signing time:             Sat 21 Mar 2026 10:17:29 +0000
ROA not before:           Sat 21 Mar 2026 10:17:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201907
IP address blocks:        185.81.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 10:17:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0f:e6:61:4c:b0:73:f9:49:76:22:4b:24:fc:6c:bc:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Mar 21 10:17:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c53bf77056e893a19c91942d018c0de0f3ccf05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3c:54:fc:04:9f:34:94:ac:00:54:87:88:2e:
                    89:ae:4b:63:ca:73:bb:9a:2c:27:f8:6d:17:33:32:
                    ee:a6:c8:d6:67:3b:4e:33:ab:f9:c4:9e:3e:d0:5d:
                    d7:9f:4f:53:f3:bf:23:cb:0c:5b:e8:d6:c4:56:bd:
                    e7:fb:c0:46:b2:bb:1f:aa:95:e2:4c:55:07:5d:e0:
                    3f:3c:9b:86:1a:cf:79:ac:d1:2b:f8:6e:f0:39:ba:
                    d0:28:ee:bd:6d:cb:4a:da:af:46:e2:e3:2f:8a:38:
                    ee:2b:90:82:63:e6:17:e8:9b:e8:f2:09:ae:b3:f0:
                    d1:02:be:d7:53:4d:09:34:b4:1a:b9:56:41:9e:54:
                    6b:1d:26:25:06:20:b6:e1:a1:5b:bf:4b:2b:70:cd:
                    13:5d:76:db:2b:a1:c6:31:b4:a9:f3:5a:3a:85:aa:
                    86:4e:4e:bf:e2:5b:f0:f3:e3:ee:6f:a5:5d:a7:e9:
                    bc:a5:5d:18:41:21:da:a8:d1:9e:4a:57:e4:76:07:
                    e8:16:2d:2d:9b:ba:32:7d:d6:fc:84:7c:9e:a7:eb:
                    78:23:76:85:d8:de:26:97:1f:f0:3b:90:51:74:df:
                    b8:38:e5:5b:89:4c:d8:d5:73:36:23:4d:d8:81:4a:
                    7a:b4:92:ff:24:28:8e:b8:bc:41:fb:6d:10:4e:bc:
                    8d:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:53:BF:77:05:6E:89:3A:19:C9:19:42:D0:18:C0:DE:0F:3C:CF:05
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/LFO_dwVuiToZyRlC0BjA3g88zwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:c9:23:d5:58:59:02:2e:bf:a7:e1:ed:43:53:59:78:74:a3:
         05:28:80:0f:bc:17:19:3f:2a:93:e1:78:c1:8b:48:26:6d:c3:
         8f:61:39:c4:56:ee:bd:89:4c:0d:c7:13:31:7c:ad:87:72:99:
         d4:0e:79:21:2e:cb:f8:7b:52:46:86:e6:e2:68:9d:51:c9:13:
         c7:0a:9b:60:1f:d4:15:8d:31:71:83:a0:bf:44:80:22:ae:61:
         8e:3e:d2:e9:21:c2:e3:67:19:43:ac:3e:96:27:6e:cf:55:36:
         bb:5c:c0:f5:f1:35:89:fa:b4:39:d2:e5:88:1a:a2:96:37:d4:
         35:3d:2f:c5:9f:d7:15:07:6a:a7:fd:6e:5a:2b:25:36:d0:3a:
         b2:af:96:95:0c:7e:39:21:ae:96:74:17:dd:a2:b1:da:9e:48:
         37:0f:2f:45:94:df:89:01:50:79:42:06:05:80:0a:14:2b:db:
         b6:80:ea:5a:90:0e:36:ce:02:66:05:9a:01:08:79:19:92:1b:
         f5:80:49:ec:b8:c0:c0:73:f1:f6:e6:67:aa:bd:f4:8b:c7:6e:
         5e:97:92:72:74:c0:0c:7e:9b:8a:43:8b:a8:22:5a:27:57:a6:
         44:24:5e:c8:21:27:3c:dc:f5:b5:1e:19:75:c4:85:f5:5a:23:
         f1:4d:2e:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0P5mFMsHP5SXYiSyT8bLz1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMzIxMTAxNzI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzUzYmY3NzA1NmU4OTNhMTljOTE5NDJkMDE4YzBkZTBmM2NjZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDxU/ASfNJSsAFSHiC6JrktjynO7
miwn+G0XMzLupsjWZztOM6v5xJ4+0F3Xn09T878jywxb6NbEVr3n+8BGsrsfqpXi
TFUHXeA/PJuGGs95rNEr+G7wObrQKO69bctK2q9G4uMvijjuK5CCY+YX6Jvo8gmu
s/DRAr7XU00JNLQauVZBnlRrHSYlBiC24aFbv0srcM0TXXbbK6HGMbSp81o6haqG
Tk6/4lvw8+Pub6Vdp+m8pV0YQSHaqNGeSlfkdgfoFi0tm7oyfdb8hHyep+t4I3aF
2N4mlx/wO5BRdN+4OOVbiUzY1XM2I03YgUp6tJL/JCiOuLxB+20QTryNOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxTv3cFbok6GckZQtAYwN4PPM8FMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvTEZPX2R3VnVpVG9aeVJsQzBCakEzZzg4endVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVEeMA0G
CSqGSIb3DQEBCwUAA4IBAQAdySPVWFkCLr+n4e1DU1l4dKMFKIAPvBcZPyqT4XjB
i0gmbcOPYTnEVu69iUwNxxMxfK2HcpnUDnkhLsv4e1JGhubiaJ1RyRPHCptgH9QV
jTFxg6C/RIAirmGOPtLpIcLjZxlDrD6WJ27PVTa7XMD18TWJ+rQ50uWIGqKWN9Q1
PS/Fn9cVB2qn/W5aKyU20Dqyr5aVDH45Ia6WdBfdorHankg3Dy9FlN+JAVB5QgYF
gAoUK9u2gOpakA42zgJmBZoBCHkZkhv1gEnsuMDAc/H25meqvfSLx25el5JydMAM
fpuKQ4uoIlonV6ZEJF7IISc83PW1Hhl1xIX1WiPxTS6S
-----END CERTIFICATE-----