Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/LbMFd8iS36p4hKzzjE0bbqsFTIE.roa
File:                     LbMFd8iS36p4hKzzjE0bbqsFTIE.roa (raw, json)
Hash identifier:          0JhZ/xZaH6gJYAxZIVQhK7C4NjA21XmfGDBUosPY5hU=
Subject key identifier:   2D:B3:05:77:C8:92:DF:AA:78:84:AC:F3:8C:4D:1B:6E:AB:05:4C:81
Certificate issuer:       /CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
Certificate serial:       019DB4BB009720DFBD1E6A8B936ADB8965E7
Authority key identifier: 08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/LbMFd8iS36p4hKzzjE0bbqsFTIE.roa
Signing time:             Wed 22 Apr 2026 10:27:27 +0000
ROA not before:           Wed 22 Apr 2026 10:27:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402309
IP address blocks:        216.195.196.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b4:bb:00:97:20:df:bd:1e:6a:8b:93:6a:db:89:65:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0837c99b2a4c062d5c20678f9dcf3207aefd5e78
        Validity
            Not Before: Apr 22 10:27:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2db30577c892dfaa7884acf38c4d1b6eab054c81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6f:85:2c:fd:93:a0:91:c3:31:be:66:5b:80:
                    76:3c:06:f9:cc:3e:f1:a2:76:a8:9a:fc:a6:c2:fd:
                    7a:d7:67:44:b1:99:3f:ee:9f:d4:5d:44:fd:df:08:
                    ae:3d:64:ff:76:82:e5:83:3b:cb:49:ee:96:b5:86:
                    e7:e7:c1:c1:fc:f3:61:ba:63:18:9a:b3:7b:56:b1:
                    c1:cb:cf:6a:f9:07:7c:00:f7:a2:af:c3:8e:e8:18:
                    d5:ba:f2:5e:ad:d4:7d:62:0c:86:69:41:c0:f9:d7:
                    c3:66:f7:49:a1:3a:a4:61:65:a5:c0:54:f9:10:e3:
                    6a:57:15:fe:f5:44:92:77:cb:9b:5a:cc:1d:0c:7a:
                    ef:8a:07:2b:04:8b:98:15:04:46:6d:8b:ba:f8:0b:
                    24:64:1c:4a:b6:ab:14:d5:b3:25:14:c7:4c:4b:f0:
                    e4:d0:be:b8:f1:dd:13:be:68:61:71:6a:18:1d:0e:
                    c7:d6:40:c0:81:35:02:58:93:57:f2:a7:98:da:b5:
                    6d:88:50:a7:d4:06:5c:6f:fa:e1:08:2e:7a:37:f0:
                    57:c7:24:90:77:fa:6a:38:2b:41:db:b5:81:cd:af:
                    29:9b:d1:e1:24:f1:95:74:d3:e9:9a:d4:b1:6a:1e:
                    59:40:ee:d2:10:af:d8:d2:29:dc:27:b9:0d:d0:82:
                    73:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:B3:05:77:C8:92:DF:AA:78:84:AC:F3:8C:4D:1B:6E:AB:05:4C:81
            X509v3 Authority Key Identifier:
                keyid:08:37:C9:9B:2A:4C:06:2D:5C:20:67:8F:9D:CF:32:07:AE:FD:5E:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CDfJmypMBi1cIGePnc8yB679Xng.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/LbMFd8iS36p4hKzzjE0bbqsFTIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/0895d2-b778-46c4-a691-f1237f4c5cf6/1/CDfJmypMBi1cIGePnc8yB679Xng.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  216.195.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:8f:47:0e:ec:72:80:1b:f7:f7:4c:ff:2f:69:4c:c7:53:33:
         1d:f1:8f:dc:65:6d:98:45:58:5e:68:00:23:37:ee:e9:0c:2d:
         b3:f4:cf:3f:cf:32:2e:a7:43:63:6b:42:3c:d0:64:65:88:81:
         c0:d9:e7:65:73:7e:5a:3c:6c:54:fd:b1:b8:63:65:b6:1d:68:
         b6:30:af:41:d3:6c:9c:44:e4:06:93:cb:03:6e:61:7a:c9:6a:
         24:08:1f:9c:20:85:32:0d:14:a2:df:de:36:32:34:38:59:86:
         0d:47:c2:c0:47:c5:44:ea:17:80:72:5a:00:20:02:09:54:db:
         18:ab:c2:75:6e:14:63:cf:85:f5:4c:ac:bf:8a:40:65:74:11:
         d6:ea:10:6f:27:ba:b3:ec:92:48:1e:87:15:ca:64:33:33:ce:
         b1:d0:24:7c:5a:ed:99:7e:71:60:fa:a0:6e:02:db:cc:2b:67:
         d6:3c:2c:2e:d1:6e:4f:d7:98:a0:6a:06:db:35:b2:85:97:d6:
         51:09:c3:cf:30:6d:7b:5e:ba:b6:96:b1:e9:e3:e4:c9:f8:01:
         c1:35:5f:96:47:3b:c6:3a:0e:7e:71:52:55:ed:75:d6:8f:4b:
         42:e6:60:ef:88:10:7f:4a:a7:1a:76:19:ba:6f:48:db:6e:4f:
         2c:a5:44:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ20uwCXIN+9HmqLk2rbiWXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4MzdjOTliMmE0YzA2MmQ1YzIwNjc4ZjlkY2YzMjA3YWVm
ZDVlNzgwHhcNMjYwNDIyMTAyNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGIzMDU3N2M4OTJkZmFhNzg4NGFjZjM4YzRkMWI2ZWFiMDU0YzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2+FLP2ToJHDMb5mW4B2PAb5zD7x
onaomvymwv1612dEsZk/7p/UXUT93wiuPWT/doLlgzvLSe6WtYbn58HB/PNhumMY
mrN7VrHBy89q+Qd8APeir8OO6BjVuvJerdR9YgyGaUHA+dfDZvdJoTqkYWWlwFT5
EONqVxX+9USSd8ubWswdDHrvigcrBIuYFQRGbYu6+AskZBxKtqsU1bMlFMdMS/Dk
0L648d0TvmhhcWoYHQ7H1kDAgTUCWJNX8qeY2rVtiFCn1AZcb/rhCC56N/BXxySQ
d/pqOCtB27WBza8pm9HhJPGVdNPpmtSxah5ZQO7SEK/Y0incJ7kN0IJzAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2zBXfIkt+qeISs84xNG26rBUyBMB8GA1UdIwQY
MBaAFAg3yZsqTAYtXCBnj53PMgeu/V54MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEt
ZjEyMzdmNGM1Y2Y2LzEvTGJNRmQ4aVMzNnA0aEt6empFMGJicXNGVElFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS8wODk1ZDItYjc3OC00NmM0LWE2OTEtZjEyMzdmNGM1Y2Y2
LzEvQ0RmSm15cE1CaTFjSUdlUG5jOHlCNjc5WG5nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2MPEMA0G
CSqGSIb3DQEBCwUAA4IBAQChj0cO7HKAG/f3TP8vaUzHUzMd8Y/cZW2YRVheaAAj
N+7pDC2z9M8/zzIup0Nja0I80GRliIHA2edlc35aPGxU/bG4Y2W2HWi2MK9B02yc
ROQGk8sDbmF6yWokCB+cIIUyDRSi3942MjQ4WYYNR8LAR8VE6heAcloAIAIJVNsY
q8J1bhRjz4X1TKy/ikBldBHW6hBvJ7qz7JJIHocVymQzM86x0CR8Wu2ZfnFg+qBu
AtvMK2fWPCwu0W5P15igagbbNbKFl9ZRCcPPMG17Xrq2lrHp4+TJ+AHBNV+WRzvG
Og5+cVJV7XXWj0tC5mDviBB/Sqcadhm6b0jbbk8spUTx
-----END CERTIFICATE-----