Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/lGPXWQo_7ubaGtUyGMqkGbwI4_M.roa
File:                     lGPXWQo_7ubaGtUyGMqkGbwI4_M.roa (raw, json)
Hash identifier:          YRpw+FIVlTh7o6DIYneOFKU0uNqBsWrzdPPNLu7NTFI=
Subject key identifier:   94:63:D7:59:0A:3F:EE:E6:DA:1A:D5:32:18:CA:A4:19:BC:08:E3:F3
Certificate issuer:       /CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
Certificate serial:       019DD083B97E94348456E40106E4DFCBCDB7
Authority key identifier: 30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/lGPXWQo_7ubaGtUyGMqkGbwI4_M.roa
Signing time:             Mon 27 Apr 2026 19:56:26 +0000
ROA not before:           Mon 27 Apr 2026 19:56:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        188.246.216.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d0:83:b9:7e:94:34:84:56:e4:01:06:e4:df:cb:cd:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3027a631bb6738eb68bb6ea6c424ef4a7d14c3cb
        Validity
            Not Before: Apr 27 19:56:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9463d7590a3feee6da1ad53218caa419bc08e3f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:38:be:28:01:dd:15:0d:93:1c:37:7d:dc:25:
                    fa:9c:84:19:db:dc:23:ec:b2:ad:1e:89:90:5c:74:
                    0f:5f:6d:ad:ac:98:78:89:6c:86:37:b6:ba:ee:58:
                    53:69:a0:d0:a5:ea:63:7f:70:e3:97:2d:81:05:97:
                    9b:da:67:37:76:2a:d0:dd:bb:1f:2a:f9:4d:13:39:
                    b9:83:d8:58:47:ef:72:a8:50:35:41:2c:fa:07:0c:
                    b4:19:7b:5c:9a:ca:bf:88:f4:c2:82:05:c1:30:71:
                    37:f5:70:a4:1f:5b:3c:3e:cf:83:93:5f:bf:ac:c7:
                    7f:10:6c:8e:36:a8:d0:c3:13:23:90:8e:ad:d8:8c:
                    af:b6:6f:9b:99:88:97:50:f4:d3:8e:b4:59:ea:8b:
                    95:4c:bb:27:c7:54:1f:31:a6:f1:d4:7b:70:38:a7:
                    ac:a4:b1:52:bb:fb:46:d2:1a:9d:b8:3c:18:0b:9c:
                    16:1f:fb:ce:20:17:48:11:ae:ed:01:37:5a:83:f1:
                    78:b7:ba:e0:06:c0:3a:5d:8a:4e:53:b2:8f:65:5d:
                    46:b4:27:9d:88:76:63:4d:74:24:13:7d:45:1c:c3:
                    68:57:3a:44:dc:e2:bb:c2:8c:69:04:e0:5e:24:8d:
                    46:8d:14:b9:92:f8:1c:6b:a9:38:0e:0c:f4:91:e4:
                    43:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:63:D7:59:0A:3F:EE:E6:DA:1A:D5:32:18:CA:A4:19:BC:08:E3:F3
            X509v3 Authority Key Identifier:
                keyid:30:27:A6:31:BB:67:38:EB:68:BB:6E:A6:C4:24:EF:4A:7D:14:C3:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MCemMbtnOOtou26mxCTvSn0Uw8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/lGPXWQo_7ubaGtUyGMqkGbwI4_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/8d78eb-2832-4083-ae1f-1dd6d281c88a/1/MCemMbtnOOtou26mxCTvSn0Uw8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.246.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         04:ff:a6:50:0e:72:60:15:44:c4:71:52:35:30:dc:87:7e:ea:
         b1:bd:18:ae:1c:eb:27:ce:ba:0f:be:bb:ee:59:42:c4:2e:7b:
         90:c8:3b:ce:d7:a6:74:80:de:9c:b7:ad:a7:35:08:de:50:89:
         06:3a:54:b9:b1:f0:05:89:0f:0b:d3:d7:d5:1f:b8:ed:f6:22:
         7b:b0:35:4b:c8:61:0f:58:e8:fe:7e:f9:d2:95:1c:56:22:d3:
         90:b2:d5:46:85:83:b7:de:ea:9d:69:c4:4d:92:d6:65:cc:93:
         e2:bb:d8:ed:f0:04:bc:70:92:0e:2c:6d:ab:eb:f2:ad:31:21:
         18:6a:68:18:1a:78:37:e3:2f:4e:9d:3e:7f:4f:fb:0d:e4:53:
         27:33:59:f9:1c:26:a0:e5:ee:ba:ad:7a:52:71:d5:86:d7:13:
         49:6e:b3:b3:f4:f0:72:eb:af:9f:48:fe:6a:c3:30:e9:c9:4d:
         84:87:a1:32:69:1f:82:1c:8c:f6:4e:33:75:51:af:af:1c:d9:
         4e:57:82:a7:c8:1b:bd:e3:9f:21:3a:6b:93:07:81:18:87:79:
         d7:12:e0:c2:ea:0e:ec:b2:81:a0:52:47:64:7c:23:96:32:5a:
         34:e8:43:98:22:69:0b:33:75:7a:94:f4:3c:65:90:81:51:17:
         ab:dc:0b:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Qg7l+lDSEVuQBBuTfy823MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwMjdhNjMxYmI2NzM4ZWI2OGJiNmVhNmM0MjRlZjRhN2Qx
NGMzY2IwHhcNMjYwNDI3MTk1NjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDYzZDc1OTBhM2ZlZWU2ZGExYWQ1MzIxOGNhYTQxOWJjMDhlM2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDi+KAHdFQ2THDd93CX6nIQZ29wj
7LKtHomQXHQPX22trJh4iWyGN7a67lhTaaDQpepjf3Djly2BBZeb2mc3dirQ3bsf
KvlNEzm5g9hYR+9yqFA1QSz6Bwy0GXtcmsq/iPTCggXBMHE39XCkH1s8Ps+Dk1+/
rMd/EGyONqjQwxMjkI6t2Iyvtm+bmYiXUPTTjrRZ6ouVTLsnx1QfMabx1HtwOKes
pLFSu/tG0hqduDwYC5wWH/vOIBdIEa7tATdag/F4t7rgBsA6XYpOU7KPZV1GtCed
iHZjTXQkE31FHMNoVzpE3OK7woxpBOBeJI1GjRS5kvgca6k4Dgz0keRDNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRj11kKP+7m2hrVMhjKpBm8COPzMB8GA1UdIwQY
MBaAFDAnpjG7ZzjraLtupsQk70p9FMPLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYt
MWRkNmQyODFjODhhLzEvbEdQWFdRb183dWJhR3RVeUdNcWtHYndJNF9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS84ZDc4ZWItMjgzMi00MDgzLWFlMWYtMWRkNmQyODFjODhh
LzEvTUNlbU1idG5PT3RvdTI2bXhDVHZTbjBVdzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDvPbYMA0G
CSqGSIb3DQEBCwUAA4IBAQAE/6ZQDnJgFUTEcVI1MNyHfuqxvRiuHOsnzroPvrvu
WULELnuQyDvO16Z0gN6ct62nNQjeUIkGOlS5sfAFiQ8L09fVH7jt9iJ7sDVLyGEP
WOj+fvnSlRxWItOQstVGhYO33uqdacRNktZlzJPiu9jt8AS8cJIOLG2r6/KtMSEY
amgYGng34y9OnT5/T/sN5FMnM1n5HCag5e66rXpScdWG1xNJbrOz9PBy66+fSP5q
wzDpyU2Eh6EyaR+CHIz2TjN1Ua+vHNlOV4KnyBu9458hOmuTB4EYh3nXEuDC6g7s
soGgUkdkfCOWMlo06EOYImkLM3V6lPQ8ZZCBURer3Avs
-----END CERTIFICATE-----