Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/LW-5clw67EFsnBjcAb7ZCZ1ciqI.roa
File:                     LW-5clw67EFsnBjcAb7ZCZ1ciqI.roa (raw, json)
Hash identifier:          e8fixB5X0C/SORa/tFJebK0n/Ac594LhZDRQ+zVtE8I=
Subject key identifier:   2D:6F:B9:72:5C:3A:EC:41:6C:9C:18:DC:01:BE:D9:09:9D:5C:8A:A2
Certificate issuer:       /CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
Certificate serial:       019D1FAC63D7495BE5F857812F18005F8289
Authority key identifier: 88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/LW-5clw67EFsnBjcAb7ZCZ1ciqI.roa
Signing time:             Tue 24 Mar 2026 11:48:04 +0000
ROA not before:           Tue 24 Mar 2026 11:48:04 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        109.229.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 23:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1f:ac:63:d7:49:5b:e5:f8:57:81:2f:18:00:5f:82:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88add9b671f7a36eb2367e34fee4bcb13b8f66cc
        Validity
            Not Before: Mar 24 11:48:04 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d6fb9725c3aec416c9c18dc01bed9099d5c8aa2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:19:4b:98:aa:c4:e3:ae:50:04:32:82:04:72:
                    47:04:d6:10:dd:19:24:16:cb:a8:3c:b1:f6:e6:b0:
                    8c:2e:4c:b7:5e:01:08:7f:1b:04:02:de:31:3d:ee:
                    9e:09:cf:20:b1:8e:e1:50:cd:e7:f2:1d:ee:25:32:
                    c4:89:1e:a9:a3:69:95:8e:d4:89:31:97:5b:c6:da:
                    69:50:87:c5:1d:3d:bb:ad:e9:7d:8a:08:ad:02:a9:
                    fe:2e:70:97:e5:dd:f9:a2:66:b0:b4:93:5b:4f:33:
                    47:42:3b:e3:81:16:f0:9c:c9:77:10:d9:e8:2d:27:
                    8c:a1:8d:5b:3a:da:61:59:fb:04:e4:0a:17:f5:7f:
                    ed:75:27:76:14:e5:2c:3a:fa:dc:d5:ad:dd:b7:39:
                    14:cc:b4:74:16:48:49:e2:0a:65:b8:96:e7:47:90:
                    a6:a6:8a:dd:9b:ac:7a:ea:b1:a4:7e:b7:10:d3:e2:
                    fa:f8:ad:9a:94:0d:29:6b:b9:ac:1f:23:8c:bf:36:
                    47:74:26:36:b7:ad:15:17:a0:e5:c2:b0:0d:e6:9a:
                    8a:33:82:49:1a:b4:e2:5b:45:34:ea:bc:b2:de:86:
                    fa:c4:3d:c6:5e:65:94:26:fc:74:48:72:67:8e:4d:
                    e5:59:59:a9:ba:f4:d0:4f:ef:fc:fb:56:29:6f:b7:
                    65:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:6F:B9:72:5C:3A:EC:41:6C:9C:18:DC:01:BE:D9:09:9D:5C:8A:A2
            X509v3 Authority Key Identifier:
                keyid:88:AD:D9:B6:71:F7:A3:6E:B2:36:7E:34:FE:E4:BC:B1:3B:8F:66:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iK3ZtnH3o26yNn40_uS8sTuPZsw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/LW-5clw67EFsnBjcAb7ZCZ1ciqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/3ed00a-15ee-4664-a7f1-a1b96b9b70f8/1/iK3ZtnH3o26yNn40_uS8sTuPZsw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.229.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:50:13:3c:19:84:8e:b9:16:32:8c:c5:48:38:02:8e:c6:91:
         88:e2:b3:a1:aa:8a:a7:fe:dd:d3:4d:9e:63:76:70:f4:ba:66:
         70:5f:78:18:58:0e:3f:c9:17:bc:74:9b:9e:37:90:a0:97:f3:
         1a:7c:eb:da:9c:a1:ce:ea:fe:6e:21:d0:c1:05:58:31:67:b0:
         ca:e2:bf:ef:ba:41:3f:89:13:8e:b2:39:33:bb:17:7c:23:f1:
         c2:db:bc:d0:73:c0:0c:a4:0c:bd:10:e8:9c:66:59:4a:d0:1b:
         07:d1:34:0f:b3:a4:b5:c2:02:7e:83:0c:f2:43:58:20:26:6a:
         9f:9c:ca:f6:1c:ff:c7:12:74:ed:b0:77:cb:4a:47:78:bd:0d:
         1a:76:d2:a6:55:0a:87:07:c7:8b:c2:c7:c3:78:42:1f:24:a1:
         65:f9:f0:43:82:fb:ba:4c:1e:3e:fd:1c:59:6e:ee:01:58:4b:
         bd:6e:a0:f0:bf:20:ff:dc:ab:b9:25:23:ea:ee:3b:5e:ad:0f:
         05:cd:22:01:60:ea:b5:e8:6a:5e:8c:f7:ae:14:1d:0c:1f:03:
         7b:77:61:24:4c:65:9a:4f:3d:d6:2a:a7:dd:9a:10:f6:66:e9:
         d4:5f:91:87:33:48:ec:9a:be:27:e0:64:0a:40:e1:0d:bc:1b:
         20:81:e6:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0frGPXSVvl+FeBLxgAX4KJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4YWRkOWI2NzFmN2EzNmViMjM2N2UzNGZlZTRiY2IxM2I4
ZjY2Y2MwHhcNMjYwMzI0MTE0ODA0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDZmYjk3MjVjM2FlYzQxNmM5YzE4ZGMwMWJlZDkwOTlkNWM4YWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhlLmKrE465QBDKCBHJHBNYQ3Rkk
FsuoPLH25rCMLky3XgEIfxsEAt4xPe6eCc8gsY7hUM3n8h3uJTLEiR6po2mVjtSJ
MZdbxtppUIfFHT27rel9igitAqn+LnCX5d35omawtJNbTzNHQjvjgRbwnMl3ENno
LSeMoY1bOtphWfsE5AoX9X/tdSd2FOUsOvrc1a3dtzkUzLR0FkhJ4gpluJbnR5Cm
pordm6x66rGkfrcQ0+L6+K2alA0pa7msHyOMvzZHdCY2t60VF6DlwrAN5pqKM4JJ
GrTiW0U06ryy3ob6xD3GXmWUJvx0SHJnjk3lWVmpuvTQT+/8+1Ypb7dlqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1vuXJcOuxBbJwY3AG+2QmdXIqiMB8GA1UdIwQY
MBaAFIit2bZx96NusjZ+NP7kvLE7j2bMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEt
YTFiOTZiOWI3MGY4LzEvTFctNWNsdzY3RUZzbkJqY0FiN1pDWjFjaXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy8zZWQwMGEtMTVlZS00NjY0LWE3ZjEtYTFiOTZiOWI3MGY4
LzEvaUszWnRuSDNvMjZ5Tm40MF91UzhzVHVQWnN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbeXaMA0G
CSqGSIb3DQEBCwUAA4IBAQBEUBM8GYSOuRYyjMVIOAKOxpGI4rOhqoqn/t3TTZ5j
dnD0umZwX3gYWA4/yRe8dJueN5Cgl/MafOvanKHO6v5uIdDBBVgxZ7DK4r/vukE/
iROOsjkzuxd8I/HC27zQc8AMpAy9EOicZllK0BsH0TQPs6S1wgJ+gwzyQ1ggJmqf
nMr2HP/HEnTtsHfLSkd4vQ0adtKmVQqHB8eLwsfDeEIfJKFl+fBDgvu6TB4+/RxZ
bu4BWEu9bqDwvyD/3Ku5JSPq7jterQ8FzSIBYOq16GpejPeuFB0MHwN7d2EkTGWa
Tz3WKqfdmhD2ZunUX5GHM0jsmr4n4GQKQOENvBsggebH
-----END CERTIFICATE-----