Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/LDx8riG51xdkSciCS5Leyyg08Nc.roa
File:                     LDx8riG51xdkSciCS5Leyyg08Nc.roa (raw, json)
Hash identifier:          j60+frpFvQOHRtEgjXYzGBA1dNWrgDnI6C6mYt7mL5k=
Subject key identifier:   2C:3C:7C:AE:21:B9:D7:17:64:49:C8:82:4B:92:DE:CB:28:34:F0:D7
Certificate issuer:       /CN=fe779e56238b6f2ea068ede4e20aef00c904132b
Certificate serial:       019DD083B9F3C2AD0A11F18A4ECF7497F95C
Authority key identifier: FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/LDx8riG51xdkSciCS5Leyyg08Nc.roa
Signing time:             Mon 27 Apr 2026 19:56:26 +0000
ROA not before:           Mon 27 Apr 2026 19:56:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     834
IP address blocks:        92.53.184.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 May 2026 01:01:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d0:83:b9:f3:c2:ad:0a:11:f1:8a:4e:cf:74:97:f9:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fe779e56238b6f2ea068ede4e20aef00c904132b
        Validity
            Not Before: Apr 27 19:56:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c3c7cae21b9d7176449c8824b92decb2834f0d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:67:d5:d5:9d:48:0b:fe:03:ec:d4:3d:f7:18:
                    70:98:2f:4f:9f:a8:d5:23:a2:f6:8b:72:ba:c0:6c:
                    4f:53:de:9c:03:7a:bf:c6:74:cb:4f:12:b1:11:84:
                    d5:a0:35:c5:56:92:89:4c:e6:f0:a3:f7:01:8f:9f:
                    f0:91:3c:30:a4:9f:dc:31:dd:cd:d6:65:05:45:e4:
                    97:60:b4:4a:48:bb:1e:8d:5e:70:8f:3a:9f:0d:90:
                    a7:d9:c9:64:8d:04:48:1f:63:4c:72:f7:66:7a:4c:
                    80:08:b8:a3:a9:44:8c:6d:28:4a:c5:c4:e3:87:74:
                    a1:c7:e4:0d:4a:9c:cc:e5:62:c6:a0:41:66:99:47:
                    ad:95:fe:6f:01:68:b6:40:15:5b:b9:ed:6d:54:54:
                    4e:61:16:34:d9:a0:84:19:74:e3:5a:0e:51:16:ba:
                    bc:69:11:e6:36:53:cc:2c:82:78:e4:02:ac:39:b9:
                    2f:19:c5:87:f1:d9:7e:b9:f8:58:32:9d:4e:47:9c:
                    55:86:15:d0:8e:1c:ae:45:b8:ed:66:9d:93:76:80:
                    02:51:20:ba:a8:6e:53:ed:b9:29:fc:99:f9:2f:24:
                    14:f7:c6:b2:9c:1b:2c:6e:d5:52:ee:82:5f:73:87:
                    e1:ca:c4:bd:3b:64:8b:31:e0:9f:dc:23:18:6a:d1:
                    de:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:3C:7C:AE:21:B9:D7:17:64:49:C8:82:4B:92:DE:CB:28:34:F0:D7
            X509v3 Authority Key Identifier:
                keyid:FE:77:9E:56:23:8B:6F:2E:A0:68:ED:E4:E2:0A:EF:00:C9:04:13:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_neeViOLby6gaO3k4grvAMkEEys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/LDx8riG51xdkSciCS5Leyyg08Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4de598-6b03-4bef-ab14-33894913dcb7/1/_neeViOLby6gaO3k4grvAMkEEys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.53.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:b4:7a:7d:ec:ac:a2:3f:6a:2f:0f:46:65:81:0a:bc:a7:cf:
         13:f8:1d:60:48:60:8a:6f:31:62:3d:bc:2d:23:1e:46:c6:0c:
         96:6a:66:e3:bf:57:5f:2f:0c:ee:12:ae:6a:fd:6d:a9:7d:23:
         7e:17:32:ab:bd:bb:41:fb:e0:5b:45:f0:d7:45:61:8a:90:cd:
         6c:af:0c:8f:41:e6:9e:25:bc:b6:88:fd:06:85:3e:fa:58:e9:
         95:06:4f:35:1e:a3:42:60:09:20:11:fd:a3:6d:33:8b:63:af:
         3a:5d:08:50:89:a6:38:3c:60:24:92:21:73:3b:a1:eb:8b:76:
         ec:ee:6d:da:95:7f:60:ad:f4:1a:4c:c8:f8:86:ce:e7:63:f4:
         1e:d4:b0:5a:f9:c2:2c:65:c0:7f:c7:47:c4:f1:9f:08:93:a5:
         25:b9:d5:d6:4b:b8:7a:d0:d1:d0:5c:da:47:0e:5c:ec:63:9b:
         25:38:78:e3:27:ca:b6:f8:45:96:0f:4f:a6:52:bf:f0:92:5c:
         b4:75:7a:1d:53:1b:91:4d:b4:be:11:63:f1:c7:99:47:e5:af:
         24:7a:83:11:c7:45:12:04:1e:ad:8d:a4:b7:95:56:0a:9d:16:
         f4:37:fa:69:1f:5b:b5:da:fb:8f:32:7d:07:1b:e8:89:13:59:
         ee:86:b9:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Qg7nzwq0KEfGKTs90l/lcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZlNzc5ZTU2MjM4YjZmMmVhMDY4ZWRlNGUyMGFlZjAwYzkw
NDEzMmIwHhcNMjYwNDI3MTk1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzNjN2NhZTIxYjlkNzE3NjQ0OWM4ODI0YjkyZGVjYjI4MzRmMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymfV1Z1IC/4D7NQ99xhwmC9Pn6jV
I6L2i3K6wGxPU96cA3q/xnTLTxKxEYTVoDXFVpKJTObwo/cBj5/wkTwwpJ/cMd3N
1mUFReSXYLRKSLsejV5wjzqfDZCn2clkjQRIH2NMcvdmekyACLijqUSMbShKxcTj
h3Shx+QNSpzM5WLGoEFmmUetlf5vAWi2QBVbue1tVFROYRY02aCEGXTjWg5RFrq8
aRHmNlPMLIJ45AKsObkvGcWH8dl+ufhYMp1OR5xVhhXQjhyuRbjtZp2TdoACUSC6
qG5T7bkp/Jn5LyQU98aynBssbtVS7oJfc4fhysS9O2SLMeCf3CMYatHepQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCw8fK4hudcXZEnIgkuS3ssoNPDXMB8GA1UdIwQY
MBaAFP53nlYji28uoGjt5OIK7wDJBBMrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQt
MzM4OTQ5MTNkY2I3LzEvTER4OHJpRzUxeGRrU2NpQ1M1TGV5eWcwOE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZGU1OTgtNmIwMy00YmVmLWFiMTQtMzM4OTQ5MTNkY2I3
LzEvX25lZVZpT0xieTZnYU8zazRncnZBTWtFRXlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXDW4MA0G
CSqGSIb3DQEBCwUAA4IBAQAntHp97KyiP2ovD0ZlgQq8p88T+B1gSGCKbzFiPbwt
Ix5GxgyWambjv1dfLwzuEq5q/W2pfSN+FzKrvbtB++BbRfDXRWGKkM1srwyPQeae
Jby2iP0GhT76WOmVBk81HqNCYAkgEf2jbTOLY686XQhQiaY4PGAkkiFzO6Hri3bs
7m3alX9grfQaTMj4hs7nY/Qe1LBa+cIsZcB/x0fE8Z8Ik6UludXWS7h60NHQXNpH
DlzsY5slOHjjJ8q2+EWWD0+mUr/wkly0dXodUxuRTbS+EWPxx5lH5a8keoMRx0US
BB6tjaS3lVYKnRb0N/ppH1u12vuPMn0HG+iJE1nuhrlz
-----END CERTIFICATE-----