Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/Lh10WlvwLo5FMBkJ865-yYzNORs.roa
File:                     Lh10WlvwLo5FMBkJ865-yYzNORs.roa (raw, json)
Hash identifier:          KP2ztC96HoIm1Q+cl0xK6rS5NQtKIaU1qUzrl8/B9+s=
Subject key identifier:   2E:1D:74:5A:5B:F0:2E:8E:45:30:19:09:F3:AE:7E:C9:8C:CD:39:1B
Certificate issuer:       /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial:       019E827C099CDEB84FF7ECD8D56C36AD802C
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/Lh10WlvwLo5FMBkJ865-yYzNORs.roa
Signing time:             Mon 01 Jun 2026 09:20:27 +0000
ROA not before:           Mon 01 Jun 2026 09:20:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201754
IP address blocks:        91.106.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:26:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:82:7c:09:9c:de:b8:4f:f7:ec:d8:d5:6c:36:ad:80:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
        Validity
            Not Before: Jun  1 09:20:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e1d745a5bf02e8e45301909f3ae7ec98ccd391b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f2:03:b8:48:01:ef:a7:ff:23:0c:c3:81:8a:
                    d4:da:96:29:17:98:66:79:31:fa:37:57:6f:7d:db:
                    6b:87:0b:87:da:91:c6:44:97:b9:67:eb:5b:73:62:
                    cf:c2:d3:33:21:44:9a:92:eb:be:f8:b6:8f:f9:55:
                    34:3c:5e:ce:0d:f7:3d:b1:de:bb:39:4c:74:0c:b3:
                    9e:95:67:2e:ce:a2:3d:2d:44:75:56:27:8a:a2:7b:
                    e8:e8:ad:45:d7:9a:95:9f:a8:2b:89:d8:2b:3a:2d:
                    6e:1a:00:9e:34:f4:f0:36:fa:dc:d8:20:d8:98:bb:
                    fc:fb:17:da:08:69:61:75:68:7f:05:78:27:d9:e7:
                    0d:a5:78:a9:f4:68:e1:21:4f:20:91:f6:cf:ad:8d:
                    83:01:ca:b2:a4:25:c5:7d:5c:a7:f5:f8:10:f3:85:
                    40:30:a1:d6:48:75:a6:7c:1a:5f:69:ef:94:44:c0:
                    d6:b1:b8:7c:55:e1:07:0d:4f:f2:d7:fc:e9:31:b7:
                    36:47:c2:f9:34:9d:66:07:e7:82:58:f0:cc:f8:48:
                    03:6a:c5:ee:db:cd:2f:f4:3e:d7:35:ce:7d:d5:47:
                    db:f7:8a:16:24:d6:09:b0:04:73:bf:e0:bb:82:e4:
                    f4:19:3a:15:9d:3f:8e:19:ad:e1:df:c0:f0:78:74:
                    a8:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:1D:74:5A:5B:F0:2E:8E:45:30:19:09:F3:AE:7E:C9:8C:CD:39:1B
            X509v3 Authority Key Identifier:
                keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/Lh10WlvwLo5FMBkJ865-yYzNORs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.106.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:9c:37:ed:b3:bd:d6:a6:3f:de:6d:6d:0d:2a:3d:90:52:1c:
         59:34:47:1f:45:00:bf:3e:5f:db:3d:5a:53:6f:b3:3b:0e:0e:
         ff:cc:0f:1f:cb:f9:55:db:32:e4:d7:8d:69:98:d8:3f:e9:18:
         59:04:f4:29:44:93:d2:5d:92:90:8f:fd:d4:42:c3:45:53:20:
         d7:91:37:20:49:f9:ca:4f:23:21:3f:b0:87:f6:2c:41:9a:4d:
         03:8c:ed:b8:7b:90:f2:e5:d9:e4:1a:dd:24:3d:ac:58:87:44:
         f6:81:76:bb:d8:23:6c:32:a8:25:c3:2d:54:b8:d4:86:09:0e:
         8f:9a:26:d0:7b:06:fc:69:9a:81:d7:c3:ee:78:19:cf:76:ee:
         56:87:d2:1a:12:74:ea:9b:36:10:71:2d:9a:a4:cd:8b:98:a9:
         af:65:32:2f:21:8b:6d:93:de:ec:5b:ad:1e:e7:3f:6c:46:d9:
         c3:c6:1c:b3:65:f5:1d:30:d8:4a:3e:40:93:66:b6:1a:f9:da:
         d2:48:99:51:ec:d7:95:a2:c6:f9:6e:00:11:b3:80:18:85:a8:
         a7:f3:d9:21:51:e4:b2:41:2f:ff:11:78:30:ca:2e:9f:17:27:
         86:4c:c8:48:ee:89:b8:25:d4:fc:1c:18:3a:40:d6:c9:e6:47:
         2d:21:eb:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6CfAmc3rhP9+zY1Ww2rYAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjYwNjAxMDkyMDI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTFkNzQ1YTViZjAyZThlNDUzMDE5MDlmM2FlN2VjOThjY2QzOTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/IDuEgB76f/IwzDgYrU2pYpF5hm
eTH6N1dvfdtrhwuH2pHGRJe5Z+tbc2LPwtMzIUSakuu++LaP+VU0PF7ODfc9sd67
OUx0DLOelWcuzqI9LUR1VieKonvo6K1F15qVn6gridgrOi1uGgCeNPTwNvrc2CDY
mLv8+xfaCGlhdWh/BXgn2ecNpXip9GjhIU8gkfbPrY2DAcqypCXFfVyn9fgQ84VA
MKHWSHWmfBpfae+URMDWsbh8VeEHDU/y1/zpMbc2R8L5NJ1mB+eCWPDM+EgDasXu
280v9D7XNc591Ufb94oWJNYJsARzv+C7guT0GToVnT+OGa3h38DweHSoKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4ddFpb8C6ORTAZCfOufsmMzTkbMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvTGgxMFdsdndMbzVGTUJrSjg2NS15WXpOT1JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW2oaMA0G
CSqGSIb3DQEBCwUAA4IBAQBInDfts73Wpj/ebW0NKj2QUhxZNEcfRQC/Pl/bPVpT
b7M7Dg7/zA8fy/lV2zLk141pmNg/6RhZBPQpRJPSXZKQj/3UQsNFUyDXkTcgSfnK
TyMhP7CH9ixBmk0DjO24e5Dy5dnkGt0kPaxYh0T2gXa72CNsMqglwy1UuNSGCQ6P
mibQewb8aZqB18PueBnPdu5Wh9IaEnTqmzYQcS2apM2LmKmvZTIvIYttk97sW60e
5z9sRtnDxhyzZfUdMNhKPkCTZrYa+drSSJlR7NeVosb5bgARs4AYhain89khUeSy
QS//EXgwyi6fFyeGTMhI7om4JdT8HBg6QNbJ5kctIevy
-----END CERTIFICATE-----