Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/LsCXIEnYFuViaMeCghLaVh8g5fQ.roa
File:                     LsCXIEnYFuViaMeCghLaVh8g5fQ.roa (raw, json)
Hash identifier:          F0nh+euex76dCRGCnlHizXIv/Bj9gclk2gV/mXHzTwo=
Subject key identifier:   2E:C0:97:20:49:D8:16:E5:62:68:C7:82:82:12:DA:56:1F:20:E5:F4
Certificate issuer:       /CN=6f84e4738a70ea39c08cef210432ae399ec7e915
Certificate serial:       019DDD9BD0CD76F3DCCEFBC8C17373830598
Authority key identifier: 6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/LsCXIEnYFuViaMeCghLaVh8g5fQ.roa
Signing time:             Thu 30 Apr 2026 08:57:49 +0000
ROA not before:           Thu 30 Apr 2026 08:57:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        81.18.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:dd:9b:d0:cd:76:f3:dc:ce:fb:c8:c1:73:73:83:05:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f84e4738a70ea39c08cef210432ae399ec7e915
        Validity
            Not Before: Apr 30 08:57:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ec0972049d816e56268c7828212da561f20e5f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:39:7d:55:0d:6a:29:e8:63:b5:20:44:af:0e:
                    e0:3e:24:ee:c4:c6:e5:a5:9f:05:b3:3a:5a:c5:c8:
                    90:07:de:2b:1e:c8:c8:f1:8a:94:e6:83:59:8e:04:
                    95:1d:5e:9f:bf:0a:68:fb:32:61:79:44:d3:aa:39:
                    08:c0:de:ff:71:c0:5a:ec:78:72:d6:55:a0:cc:90:
                    9a:2d:44:d8:ec:7b:a0:02:44:a3:2c:b1:a1:e2:86:
                    19:da:10:87:df:6a:5c:0d:35:3a:4b:4e:b0:91:99:
                    66:cb:f3:ed:8f:65:0c:98:aa:a0:c2:ba:36:7a:31:
                    d2:c0:a9:69:85:dc:04:be:57:a7:8d:2c:02:44:ee:
                    2b:b0:70:71:38:86:ed:9e:b5:17:1e:08:a9:cf:ce:
                    16:49:75:1c:75:63:56:90:27:a2:53:a4:20:56:22:
                    ba:d8:35:19:a9:2a:56:44:05:70:67:55:c4:17:4e:
                    04:b2:52:1b:d1:a6:b8:02:01:2d:4b:70:30:b9:f4:
                    cf:e7:13:2d:8f:1b:2c:b4:1d:e6:4c:2d:f8:db:82:
                    44:35:38:d5:95:9f:03:6c:c8:3d:f1:2c:9b:1b:9e:
                    58:71:0b:76:c8:f6:e4:eb:2e:4a:4d:36:6a:bf:40:
                    2d:bc:57:c3:0a:20:6e:8d:38:47:33:08:98:e8:77:
                    f9:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:C0:97:20:49:D8:16:E5:62:68:C7:82:82:12:DA:56:1F:20:E5:F4
            X509v3 Authority Key Identifier:
                keyid:6F:84:E4:73:8A:70:EA:39:C0:8C:EF:21:04:32:AE:39:9E:C7:E9:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/LsCXIEnYFuViaMeCghLaVh8g5fQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ddf8b3-1c08-495c-8ddf-fae5dbed3b1b/1/b4Tkc4pw6jnAjO8hBDKuOZ7H6RU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.18.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:ee:d0:60:f1:26:3c:6a:29:a5:a4:e3:a8:e2:ab:1a:02:61:
         05:1b:58:5f:74:c9:b1:9d:0f:c4:db:08:6d:04:f0:2e:6c:f8:
         38:b4:0d:4f:67:6d:47:d6:bf:ad:7a:8f:69:91:80:c9:a2:e3:
         42:1b:08:f3:a0:02:93:5a:9a:82:0f:8a:39:c4:26:92:36:13:
         05:37:0a:21:89:a3:3f:db:75:94:f1:83:d1:46:c6:35:cb:3b:
         d2:d0:63:35:10:c4:76:80:0c:08:72:ee:1a:49:65:f3:31:31:
         a2:c6:b1:2d:fc:7f:67:f7:5b:03:a0:83:75:0a:df:d9:58:61:
         ae:88:96:56:61:6b:74:3c:2f:1d:f2:33:b1:65:78:33:6a:44:
         d5:c8:6d:03:ad:d0:20:3e:3a:a7:e7:7d:0a:15:ca:bc:13:ea:
         fd:e6:e3:ce:60:36:74:65:a2:e6:81:51:e0:04:6b:af:1a:d3:
         32:ba:eb:14:8f:6d:a5:b2:a0:c0:94:8e:b1:13:52:75:c9:21:
         4a:e6:71:4c:b1:25:17:f2:05:e5:c0:94:bf:d4:40:ee:23:9e:
         4a:7a:bb:a5:1f:71:c8:34:b7:a5:92:ea:2d:0b:72:0d:a1:f8:
         55:d7:c2:4c:67:07:c4:f4:c6:ca:af:ea:db:21:2e:36:92:c6:
         c2:38:22:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3dm9DNdvPczvvIwXNzgwWYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmODRlNDczOGE3MGVhMzljMDhjZWYyMTA0MzJhZTM5OWVj
N2U5MTUwHhcNMjYwNDMwMDg1NzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWMwOTcyMDQ5ZDgxNmU1NjI2OGM3ODI4MjEyZGE1NjFmMjBlNWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjl9VQ1qKehjtSBErw7gPiTuxMbl
pZ8FszpaxciQB94rHsjI8YqU5oNZjgSVHV6fvwpo+zJheUTTqjkIwN7/ccBa7Hhy
1lWgzJCaLUTY7HugAkSjLLGh4oYZ2hCH32pcDTU6S06wkZlmy/Ptj2UMmKqgwro2
ejHSwKlphdwEvlenjSwCRO4rsHBxOIbtnrUXHgipz84WSXUcdWNWkCeiU6QgViK6
2DUZqSpWRAVwZ1XEF04EslIb0aa4AgEtS3AwufTP5xMtjxsstB3mTC3424JENTjV
lZ8DbMg98SybG55YcQt2yPbk6y5KTTZqv0AtvFfDCiBujThHMwiY6Hf5/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC7AlyBJ2BblYmjHgoIS2lYfIOX0MB8GA1UdIwQY
MBaAFG+E5HOKcOo5wIzvIQQyrjmex+kVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYt
ZmFlNWRiZWQzYjFiLzEvTHNDWElFbllGdVZpYU1lQ2doTGFWaDhnNWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9kZGY4YjMtMWMwOC00OTVjLThkZGYtZmFlNWRiZWQzYjFi
LzEvYjRUa2M0cHc2am5Bak84aEJES3VPWjdINlJVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAURIwMA0G
CSqGSIb3DQEBCwUAA4IBAQAh7tBg8SY8aimlpOOo4qsaAmEFG1hfdMmxnQ/E2wht
BPAubPg4tA1PZ21H1r+teo9pkYDJouNCGwjzoAKTWpqCD4o5xCaSNhMFNwohiaM/
23WU8YPRRsY1yzvS0GM1EMR2gAwIcu4aSWXzMTGixrEt/H9n91sDoIN1Ct/ZWGGu
iJZWYWt0PC8d8jOxZXgzakTVyG0DrdAgPjqn530KFcq8E+r95uPOYDZ0ZaLmgVHg
BGuvGtMyuusUj22lsqDAlI6xE1J1ySFK5nFMsSUX8gXlwJS/1EDuI55KerulH3HI
NLelkuotC3INofhV18JMZwfE9MbKr+rbIS42ksbCOCIm
-----END CERTIFICATE-----