Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/LDYOOwc3ElUwgsoAhX1VAVoDz7A.roa
File:                     LDYOOwc3ElUwgsoAhX1VAVoDz7A.roa (raw, json)
Hash identifier:          LnEQSIV2ZJKxc3kP1NpzkPN+GxvmT9Fs9kvIu+YHy1w=
Subject key identifier:   2C:36:0E:3B:07:37:12:55:30:82:CA:00:85:7D:55:01:5A:03:CF:B0
Certificate issuer:       /CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
Certificate serial:       019DB03882538F273F787209A7013B465CC4
Authority key identifier: B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/LDYOOwc3ElUwgsoAhX1VAVoDz7A.roa
Signing time:             Tue 21 Apr 2026 13:26:26 +0000
ROA not before:           Tue 21 Apr 2026 13:26:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214059
IP address blocks:        2a09:7ac1:a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 08:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:38:82:53:8f:27:3f:78:72:09:a7:01:3b:46:5c:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b5427ea49f972d19c56393a689e7cbeb990d5d7a
        Validity
            Not Before: Apr 21 13:26:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c360e3b073712553082ca00857d55015a03cfb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:7e:b2:42:e9:d8:ed:64:28:34:1e:b0:3e:70:
                    9c:59:d1:21:4e:cc:d3:8e:e5:90:3e:1e:db:7c:74:
                    0c:2e:f2:19:42:89:12:7f:f2:83:30:21:29:6a:bd:
                    8e:04:a5:ce:3d:27:59:58:e0:4f:83:a5:5c:d5:e0:
                    dd:4c:d0:cc:00:4e:a3:94:b0:e5:61:1c:b6:63:90:
                    58:4c:58:87:c2:09:e3:a9:20:0d:89:ed:a7:3e:2a:
                    24:72:7f:8b:97:9a:e0:84:81:46:bb:47:99:9d:52:
                    93:35:e1:33:08:5f:67:f9:bb:c7:12:56:4d:c8:39:
                    43:74:89:a5:72:87:10:ef:6f:2a:fe:47:36:4a:30:
                    91:8f:05:d3:82:89:04:10:e1:3c:8c:48:37:77:9d:
                    99:a8:36:d9:12:91:6d:2c:af:3a:99:60:c7:f6:7a:
                    ce:f3:ff:06:24:9c:4d:dc:44:01:bd:e9:53:f6:f2:
                    4b:70:59:c3:f0:1b:27:2b:f0:da:c9:da:ad:d3:3f:
                    89:c5:91:9c:44:ae:fa:3e:fe:0a:e3:34:99:07:83:
                    df:41:88:d8:53:17:ed:ec:b5:6f:f9:56:c1:d8:4a:
                    5d:c9:85:05:56:16:40:1c:34:16:e8:6d:81:da:45:
                    67:d4:3e:d1:2f:02:61:a9:42:16:80:92:72:a2:d5:
                    9f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:36:0E:3B:07:37:12:55:30:82:CA:00:85:7D:55:01:5A:03:CF:B0
            X509v3 Authority Key Identifier:
                keyid:B5:42:7E:A4:9F:97:2D:19:C5:63:93:A6:89:E7:CB:EB:99:0D:5D:7A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tUJ-pJ-XLRnFY5OmiefL65kNXXo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/LDYOOwc3ElUwgsoAhX1VAVoDz7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/d2bb68-9bc7-4791-8528-0c495477ca10/1/tUJ-pJ-XLRnFY5OmiefL65kNXXo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a09:7ac1:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         29:09:64:9f:2e:e0:6c:db:64:82:38:15:7a:66:b9:eb:92:65:
         82:0e:30:d1:48:f4:0a:69:56:f4:ae:ef:9a:c8:01:36:19:48:
         71:c0:01:69:0a:2c:7e:74:bf:eb:b4:76:60:0f:f7:54:ec:c4:
         ef:94:d9:33:fe:f6:0a:ed:e7:27:a5:4a:0c:59:12:72:b2:bd:
         83:1e:42:f2:c1:87:70:af:32:a9:13:07:c6:9d:43:f9:69:3e:
         e7:2d:bb:b6:89:50:b9:6b:2c:b4:6c:df:b3:36:36:16:ab:dc:
         17:27:38:80:67:8c:ca:98:4f:91:b7:09:18:ad:06:fa:38:30:
         ea:52:41:8c:d3:9a:ad:36:7f:8b:86:fb:cf:1d:5b:5e:77:5f:
         9f:e6:6d:36:3d:13:6d:37:97:65:8e:f4:57:a1:8f:3c:23:60:
         88:7c:a0:f6:7a:a2:08:fd:ee:c1:a1:97:7c:64:b9:57:9b:fa:
         ca:66:05:e6:fa:80:d5:69:3b:67:b8:fc:85:83:e9:f6:d1:f5:
         41:95:54:78:93:b3:40:a2:1b:d6:dc:48:d9:00:50:68:48:01:
         f6:a6:36:07:4f:d1:bd:27:1d:69:d2:90:5b:5f:0b:07:12:da:
         d7:25:81:42:43:c7:33:95:3f:e6:b4:81:18:0b:a4:00:35:91:
         df:ae:e6:4a
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ2wOIJTjyc/eHIJpwE7RlzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NDI3ZWE0OWY5NzJkMTljNTYzOTNhNjg5ZTdjYmViOTkw
ZDVkN2EwHhcNMjYwNDIxMTMyNjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzM2MGUzYjA3MzcxMjU1MzA4MmNhMDA4NTdkNTUwMTVhMDNjZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0X6yQunY7WQoNB6wPnCcWdEhTszT
juWQPh7bfHQMLvIZQokSf/KDMCEpar2OBKXOPSdZWOBPg6Vc1eDdTNDMAE6jlLDl
YRy2Y5BYTFiHwgnjqSANie2nPiokcn+Ll5rghIFGu0eZnVKTNeEzCF9n+bvHElZN
yDlDdImlcocQ728q/kc2SjCRjwXTgokEEOE8jEg3d52ZqDbZEpFtLK86mWDH9nrO
8/8GJJxN3EQBvelT9vJLcFnD8BsnK/Daydqt0z+JxZGcRK76Pv4K4zSZB4PfQYjY
Uxft7LVv+VbB2EpdyYUFVhZAHDQW6G2B2kVn1D7RLwJhqUIWgJJyotWfxwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFCw2DjsHNxJVMILKAIV9VQFaA8+wMB8GA1UdIwQY
MBaAFLVCfqSfly0ZxWOTponny+uZDV16MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFVKLXBKLVhMUm5GWTVPbWllZkw2NWtOWFhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9kMmJiNjgtOWJjNy00NzkxLTg1Mjgt
MGM0OTU0NzdjYTEwLzEvTERZT093YzNFbFV3Z3NvQWhYMVZBVm9EejdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9kMmJiNjgtOWJjNy00NzkxLTg1MjgtMGM0OTU0NzdjYTEw
LzEvdFVKLXBKLVhMUm5GWTVPbWllZkw2NWtOWFhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgl6wQAK
MA0GCSqGSIb3DQEBCwUAA4IBAQApCWSfLuBs22SCOBV6ZrnrkmWCDjDRSPQKaVb0
ru+ayAE2GUhxwAFpCix+dL/rtHZgD/dU7MTvlNkz/vYK7ecnpUoMWRJysr2DHkLy
wYdwrzKpEwfGnUP5aT7nLbu2iVC5ayy0bN+zNjYWq9wXJziAZ4zKmE+RtwkYrQb6
ODDqUkGM05qtNn+LhvvPHVted1+f5m02PRNtN5dljvRXoY88I2CIfKD2eqII/e7B
oZd8ZLlXm/rKZgXm+oDVaTtnuPyFg+n20fVBlVR4k7NAohvW3EjZAFBoSAH2pjYH
T9G9Jx1p0pBbXwsHEtrXJYFCQ8czlT/mtIEYC6QANZHfruZK
-----END CERTIFICATE-----