Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Lm1nnFYkUsiu098gCvYjKS5-l4g.roa
File:                     Lm1nnFYkUsiu098gCvYjKS5-l4g.roa (raw, json)
Hash identifier:          1RaZfLGyq0c5ZD0BFswNZ5s2IFMTrcMOt76tyg+sqUg=
Subject key identifier:   2E:6D:67:9C:56:24:52:C8:AE:D3:DF:20:0A:F6:23:29:2E:7E:97:88
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019E11D251FAF2E702BC037A550144F0D53C
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Lm1nnFYkUsiu098gCvYjKS5-l4g.roa
Signing time:             Sun 10 May 2026 12:17:36 +0000
ROA not before:           Sun 10 May 2026 12:17:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        185.87.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:11:d2:51:fa:f2:e7:02:bc:03:7a:55:01:44:f0:d5:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: May 10 12:17:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e6d679c562452c8aed3df200af623292e7e9788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:7d:86:9c:ad:dc:bf:12:dc:8a:4b:2d:ad:e9:
                    f6:19:ad:df:6f:e5:c0:c5:a3:09:f3:de:8f:d5:14:
                    0e:27:cd:bf:56:5c:a4:2f:86:a5:43:97:1b:79:63:
                    61:8f:de:8c:cb:39:da:34:4f:30:af:ea:c0:6e:80:
                    8c:b4:c8:c5:ed:56:91:a4:fd:6b:44:8a:87:12:f6:
                    b9:b3:67:f8:52:0b:69:88:b9:bf:22:ce:fc:df:fc:
                    94:30:29:d3:d9:84:4f:7e:87:a5:cf:ff:9e:b7:ea:
                    9e:ca:c2:cc:9e:29:09:31:f9:64:83:c1:d1:bf:8e:
                    cc:4c:50:bd:27:91:ec:e2:45:24:f7:db:cc:6b:79:
                    e4:04:ef:13:37:35:30:2f:37:4b:1f:e2:85:d5:3c:
                    67:c2:12:77:d8:7c:c6:98:a9:fe:3f:0f:0a:f0:e1:
                    5e:e3:76:9a:31:7b:04:5b:44:f7:62:63:a7:d4:e1:
                    93:c5:7e:0c:28:01:c2:31:55:88:5b:3c:42:3a:bf:
                    70:32:dc:c4:b7:b7:d2:0e:b2:b8:79:4a:57:d8:c6:
                    63:22:ef:93:13:d4:01:45:4b:96:cb:2e:b8:d8:7e:
                    d8:ca:16:11:cd:bc:4a:5c:76:c6:70:d0:aa:7b:a7:
                    1f:55:94:8b:f8:78:da:a5:85:31:58:1b:21:b7:49:
                    c0:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:6D:67:9C:56:24:52:C8:AE:D3:DF:20:0A:F6:23:29:2E:7E:97:88
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/Lm1nnFYkUsiu098gCvYjKS5-l4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.87.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5a:88:6e:80:3f:d5:dc:59:7d:20:30:7b:7e:22:b9:10:15:75:
         76:e2:39:6f:45:b6:80:09:54:ba:15:21:a0:57:8c:c4:a8:cc:
         79:e8:fe:05:70:2d:ab:ce:24:47:42:85:d7:c7:88:96:d7:f1:
         72:f4:d8:ff:12:26:d4:52:74:b1:9f:38:31:f9:42:bd:26:25:
         1e:b7:77:64:6e:02:35:5f:90:4b:4d:8e:48:bc:a7:08:e6:bc:
         3c:bb:7e:07:c3:9c:70:e5:05:ef:4f:60:4a:f0:e3:26:8e:b5:
         7b:72:93:9b:d3:c0:32:51:fe:46:a5:f5:73:9f:df:2a:fb:77:
         18:9c:5f:4d:e8:58:ce:de:13:82:30:bd:c5:10:5d:3c:24:a0:
         5f:3f:ca:75:1e:92:e9:a0:45:ca:3d:26:8a:e9:f3:a6:a5:c7:
         9f:cb:ab:0d:25:f0:3f:39:27:23:0d:19:df:18:9c:31:33:3c:
         9f:4d:f4:dd:f0:c1:f7:22:51:63:35:72:6a:2d:b8:01:aa:74:
         cb:97:34:5e:97:17:ae:30:ed:59:44:6e:17:45:f4:8b:03:42:
         c2:e0:d3:5a:7b:09:80:97:f9:e6:b4:b6:2c:ea:aa:a3:1a:95:
         7f:f3:d1:ba:fb:9e:3a:71:72:9c:1d:d5:03:5f:ee:90:6b:c9:
         b8:90:5f:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4R0lH68ucCvAN6VQFE8NU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwNTEwMTIxNzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTZkNjc5YzU2MjQ1MmM4YWVkM2RmMjAwYWY2MjMyOTJlN2U5Nzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArn2GnK3cvxLcikstren2Ga3fb+XA
xaMJ896P1RQOJ82/VlykL4alQ5cbeWNhj96MyznaNE8wr+rAboCMtMjF7VaRpP1r
RIqHEva5s2f4UgtpiLm/Is783/yUMCnT2YRPfoelz/+et+qeysLMnikJMflkg8HR
v47MTFC9J5Hs4kUk99vMa3nkBO8TNzUwLzdLH+KF1TxnwhJ32HzGmKn+Pw8K8OFe
43aaMXsEW0T3YmOn1OGTxX4MKAHCMVWIWzxCOr9wMtzEt7fSDrK4eUpX2MZjIu+T
E9QBRUuWyy642H7YyhYRzbxKXHbGcNCqe6cfVZSL+HjapYUxWBsht0nAkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5tZ5xWJFLIrtPfIAr2IykufpeIMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvTG0xbm5GWWtVc2l1MDk4Z0N2WWpLUzUtbDRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVc4MA0G
CSqGSIb3DQEBCwUAA4IBAQBaiG6AP9XcWX0gMHt+IrkQFXV24jlvRbaACVS6FSGg
V4zEqMx56P4FcC2rziRHQoXXx4iW1/Fy9Nj/EibUUnSxnzgx+UK9JiUet3dkbgI1
X5BLTY5IvKcI5rw8u34Hw5xw5QXvT2BK8OMmjrV7cpOb08AyUf5GpfVzn98q+3cY
nF9N6FjO3hOCML3FEF08JKBfP8p1HpLpoEXKPSaK6fOmpcefy6sNJfA/OScjDRnf
GJwxMzyfTfTd8MH3IlFjNXJqLbgBqnTLlzRelxeuMO1ZRG4XRfSLA0LC4NNaewmA
l/nmtLYs6qqjGpV/89G6+546cXKcHdUDX+6Qa8m4kF93
-----END CERTIFICATE-----