Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/LOr_QJgq7XHCzXGXYreqgevp6GQ.roa
File:                     LOr_QJgq7XHCzXGXYreqgevp6GQ.roa (raw, json)
Hash identifier:          bWW1LhXvcs5ivMuZ9/zxiozy2wvwiqjIIxDSDsGNKBw=
Subject key identifier:   2C:EA:FF:40:98:2A:ED:71:C2:CD:71:97:62:B7:AA:81:EB:E9:E8:64
Certificate issuer:       /CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Certificate serial:       019DAEB0A9B56D180E3DDD241EA6D1670D9C
Authority key identifier: 0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/LOr_QJgq7XHCzXGXYreqgevp6GQ.roa
Signing time:             Tue 21 Apr 2026 06:18:26 +0000
ROA not before:           Tue 21 Apr 2026 06:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5650
IP address blocks:        217.78.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:b0:a9:b5:6d:18:0e:3d:dd:24:1e:a6:d1:67:0d:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
        Validity
            Not Before: Apr 21 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ceaff40982aed71c2cd719762b7aa81ebe9e864
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:2c:37:ed:fb:e0:a9:83:ef:43:55:b6:d1:9a:
                    fa:fd:9e:4a:9c:3f:2f:2b:39:d1:08:fd:bb:fd:09:
                    e6:27:fc:8d:b2:91:b2:af:b6:29:95:3a:f6:6a:c3:
                    a6:c1:a2:f6:3b:a0:b0:0a:81:2b:00:37:9f:ee:4d:
                    64:60:2a:01:e4:bb:27:10:be:59:07:b9:04:df:e5:
                    ca:a1:d3:4b:0e:37:31:ff:9c:f1:f4:bb:74:1c:8e:
                    4d:54:49:28:1e:29:56:98:76:31:93:8d:5b:b1:96:
                    12:45:96:6b:d5:78:18:ce:05:de:06:c3:87:52:cd:
                    66:86:85:b0:dd:7e:c5:05:04:07:1a:e1:94:72:5a:
                    30:57:76:22:a4:d6:3f:39:fc:92:f5:7a:5c:97:3b:
                    07:c5:9b:77:88:ff:6a:7a:ca:e5:27:db:b9:22:9b:
                    a9:2e:bb:c6:0a:ed:87:11:9b:6f:c0:0e:50:47:c9:
                    68:ed:43:07:84:8e:f5:a8:32:22:47:a5:aa:f3:ba:
                    b6:94:26:45:ab:3a:ea:de:7d:40:3b:0b:ae:33:76:
                    63:50:b1:bb:6d:b9:00:b2:9e:2d:3b:74:2c:33:f9:
                    d9:07:12:ad:87:15:0e:d3:26:e0:dd:be:3b:80:74:
                    d9:36:79:c4:b1:70:f9:52:fa:cf:14:7e:83:69:fd:
                    99:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:EA:FF:40:98:2A:ED:71:C2:CD:71:97:62:B7:AA:81:EB:E9:E8:64
            X509v3 Authority Key Identifier:
                keyid:0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/LOr_QJgq7XHCzXGXYreqgevp6GQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.78.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         16:2f:8f:30:32:4e:2c:4b:ee:c4:c4:be:2c:2c:44:c9:13:9d:
         37:35:50:f2:80:00:5e:6f:ab:da:5f:3c:9d:7b:86:71:04:73:
         62:8b:b7:f2:64:48:49:38:ca:57:03:3d:e8:46:fb:54:2f:70:
         99:47:88:c9:6d:3a:57:28:b9:e8:bd:e2:e2:16:01:c4:de:f7:
         21:c7:87:03:a3:8d:18:9c:4b:f9:61:42:b6:4f:3f:b2:bc:3a:
         85:a2:a4:92:92:38:53:1a:a2:af:fb:22:ff:2f:49:88:4e:02:
         bc:28:19:10:19:c6:41:eb:12:5d:c8:f2:13:8c:09:e8:88:35:
         66:d3:03:f1:7a:8e:0b:b8:9c:78:29:a5:ad:0c:3b:9d:ff:7e:
         90:ef:8e:e4:f8:bf:c6:8f:c9:a4:d1:58:5d:18:93:9a:72:c0:
         08:70:5a:48:1e:35:78:8d:bd:65:08:4c:cc:5f:cc:36:01:a0:
         f4:77:40:34:59:dd:71:6b:ea:62:53:68:8f:df:53:7e:04:ef:
         28:72:b8:a1:44:20:35:04:fd:a6:df:49:9b:1e:a0:8a:31:37:
         99:7d:05:10:20:d9:a2:5b:62:04:71:c3:91:62:2a:6e:a3:19:
         59:3b:c7:30:49:d3:e9:2f:6f:cc:5a:54:49:3d:e1:1c:db:23:
         23:e8:ce:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2usKm1bRgOPd0kHqbRZw2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTEzMDhlYWQ2YWRiMWQwODVlN2U1OTEwYTBjYjJkZTU2
YWEzMmUwHhcNMjYwNDIxMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2VhZmY0MDk4MmFlZDcxYzJjZDcxOTc2MmI3YWE4MWViZTllODY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyw37fvgqYPvQ1W20Zr6/Z5KnD8v
KznRCP27/QnmJ/yNspGyr7YplTr2asOmwaL2O6CwCoErADef7k1kYCoB5LsnEL5Z
B7kE3+XKodNLDjcx/5zx9Lt0HI5NVEkoHilWmHYxk41bsZYSRZZr1XgYzgXeBsOH
Us1mhoWw3X7FBQQHGuGUclowV3YipNY/OfyS9XpclzsHxZt3iP9qesrlJ9u5Ipup
LrvGCu2HEZtvwA5QR8lo7UMHhI71qDIiR6Wq87q2lCZFqzrq3n1AOwuuM3ZjULG7
bbkAsp4tO3QsM/nZBxKthxUO0ybg3b47gHTZNnnEsXD5UvrPFH6Daf2ZgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzq/0CYKu1xws1xl2K3qoHr6ehkMB8GA1UdIwQY
MBaAFAzhMI6tatsdCF5+WRCgyy3laqMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUt
YjBiYWQxOGYwMmQwLzEvTE9yX1FKZ3E3WEhDelhHWFlyZXFnZXZwNkdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUtYjBiYWQxOGYwMmQw
LzEvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2U4oMA0G
CSqGSIb3DQEBCwUAA4IBAQAWL48wMk4sS+7ExL4sLETJE503NVDygABeb6vaXzyd
e4ZxBHNii7fyZEhJOMpXAz3oRvtUL3CZR4jJbTpXKLnoveLiFgHE3vchx4cDo40Y
nEv5YUK2Tz+yvDqFoqSSkjhTGqKv+yL/L0mITgK8KBkQGcZB6xJdyPITjAnoiDVm
0wPxeo4LuJx4KaWtDDud/36Q747k+L/Gj8mk0VhdGJOacsAIcFpIHjV4jb1lCEzM
X8w2AaD0d0A0Wd1xa+piU2iP31N+BO8ocrihRCA1BP2m30mbHqCKMTeZfQUQINmi
W2IEccORYipuoxlZO8cwSdPpL2/MWlRJPeEc2yMj6M5P
-----END CERTIFICATE-----