Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/LkgYk9rkPhPJQFFGIea1x0t7xaw.roa
File:                     LkgYk9rkPhPJQFFGIea1x0t7xaw.roa (raw, json)
Hash identifier:          eEHFzypg2Qt2Rl1NxfyRu/ldhxRjE/9kd2bXjUoqoAI=
Subject key identifier:   2E:48:18:93:DA:E4:3E:13:C9:40:51:46:21:E6:B5:C7:4B:7B:C5:AC
Certificate issuer:       /CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
Certificate serial:       019DAEB0AA94521F7096C2478798FD163FD8
Authority key identifier: 0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/LkgYk9rkPhPJQFFGIea1x0t7xaw.roa
Signing time:             Tue 21 Apr 2026 06:18:26 +0000
ROA not before:           Tue 21 Apr 2026 06:18:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        217.78.40.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 14 May 2026 06:33:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ae:b0:aa:94:52:1f:70:96:c2:47:87:98:fd:16:3f:d8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ce1308ead6adb1d085e7e5910a0cb2de56aa32e
        Validity
            Not Before: Apr 21 06:18:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e481893dae43e13c940514621e6b5c74b7bc5ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:88:0e:88:bd:77:f8:98:15:2e:f2:96:f6:e2:
                    5a:c4:ef:0d:08:ba:2f:ed:cd:90:cf:38:0a:6b:92:
                    da:27:c9:d7:e5:fa:8c:2e:4e:30:59:7a:ef:df:63:
                    10:f0:16:62:48:ea:13:d6:65:2a:c0:7e:99:c1:e6:
                    82:79:29:7f:62:fa:ef:a1:d9:64:52:c7:90:2e:9c:
                    02:2f:16:52:94:d7:45:69:78:a1:07:b9:28:63:ca:
                    98:f5:08:b6:e8:73:e2:eb:5f:56:8f:fd:80:ea:18:
                    e4:7c:17:1e:12:4e:94:65:63:bd:bf:d0:f5:f8:b9:
                    61:42:9d:0a:e9:f6:87:bd:88:af:6f:b1:2d:f8:a6:
                    0a:e5:74:49:1d:19:9a:fd:25:8d:36:c1:16:45:70:
                    96:54:4b:5c:61:0e:11:f6:42:39:7f:14:84:d0:aa:
                    f1:6a:5f:63:d6:1f:14:80:00:14:3f:88:db:6a:4a:
                    eb:dc:28:ea:64:d6:43:89:f4:2b:3b:cf:6d:c1:4d:
                    13:76:35:f9:11:d8:8a:07:35:24:37:94:5d:d9:65:
                    39:5f:d7:a0:3e:0e:b5:e1:a5:dc:6a:19:4f:47:ed:
                    31:a4:d1:e4:da:7a:86:54:65:a7:94:94:52:eb:5c:
                    cf:6d:c4:6b:ba:83:dd:ef:d8:be:1f:59:93:86:38:
                    fb:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:48:18:93:DA:E4:3E:13:C9:40:51:46:21:E6:B5:C7:4B:7B:C5:AC
            X509v3 Authority Key Identifier:
                keyid:0C:E1:30:8E:AD:6A:DB:1D:08:5E:7E:59:10:A0:CB:2D:E5:6A:A3:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/LkgYk9rkPhPJQFFGIea1x0t7xaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/899380-ad27-44eb-8c2e-b0bad18f02d0/1/DOEwjq1q2x0IXn5ZEKDLLeVqoy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.78.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8c:28:ba:1b:4d:0c:9b:6e:a9:16:9c:13:fe:f5:fb:2b:97:36:
         0c:75:83:b9:c6:1e:f5:46:7b:f5:8a:9e:c7:0d:ff:67:51:c8:
         6c:ce:56:7f:f2:0e:0a:d5:16:e4:bd:6e:4b:53:88:c4:b7:df:
         55:7e:d2:56:ba:36:2a:5d:c6:51:15:ab:ed:8d:25:82:18:be:
         fd:88:0c:92:45:bb:6b:f1:11:5e:05:77:6d:02:d2:cf:a3:e5:
         2c:a8:5d:2e:6c:5a:52:d6:39:5b:ee:39:eb:48:15:b5:fb:09:
         fa:28:6c:f2:1d:34:94:71:5d:e2:be:4f:7d:26:2e:6c:74:65:
         42:57:80:5a:0c:59:d2:99:8d:55:18:f7:71:0d:5d:66:e0:13:
         6d:83:a5:78:38:b3:d0:f6:e6:6e:86:eb:51:35:d4:03:a4:ac:
         f0:39:c4:73:2d:63:00:10:be:d9:f5:88:e2:f0:b5:58:83:7b:
         e9:e7:d2:06:a9:0c:92:90:eb:24:3a:49:78:08:7a:45:fb:b7:
         46:8d:64:bc:e5:a7:b6:55:9b:bb:e8:dd:2b:2c:64:4d:90:d5:
         b9:cc:5e:be:0f:4d:85:16:20:a0:76:72:8f:b2:bd:1f:57:3b:
         35:d0:4e:80:bb:fc:70:27:8f:cf:98:55:25:42:53:f4:5f:5e:
         9c:7f:1e:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2usKqUUh9wlsJHh5j9Fj/YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZTEzMDhlYWQ2YWRiMWQwODVlN2U1OTEwYTBjYjJkZTU2
YWEzMmUwHhcNMjYwNDIxMDYxODI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTQ4MTg5M2RhZTQzZTEzYzk0MDUxNDYyMWU2YjVjNzRiN2JjNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14gOiL13+JgVLvKW9uJaxO8NCLov
7c2QzzgKa5LaJ8nX5fqMLk4wWXrv32MQ8BZiSOoT1mUqwH6ZweaCeSl/Yvrvodlk
UseQLpwCLxZSlNdFaXihB7koY8qY9Qi26HPi619Wj/2A6hjkfBceEk6UZWO9v9D1
+LlhQp0K6faHvYivb7Et+KYK5XRJHRma/SWNNsEWRXCWVEtcYQ4R9kI5fxSE0Krx
al9j1h8UgAAUP4jbakrr3CjqZNZDifQrO89twU0TdjX5EdiKBzUkN5Rd2WU5X9eg
Pg614aXcahlPR+0xpNHk2nqGVGWnlJRS61zPbcRruoPd79i+H1mThjj73wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5IGJPa5D4TyUBRRiHmtcdLe8WsMB8GA1UdIwQY
MBaAFAzhMI6tatsdCF5+WRCgyy3laqMuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUt
YjBiYWQxOGYwMmQwLzEvTGtnWWs5cmtQaFBKUUZGR0llYTF4MHQ3eGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS84OTkzODAtYWQyNy00NGViLThjMmUtYjBiYWQxOGYwMmQw
LzEvRE9Fd2pxMXEyeDBJWG41WkVLRExMZVZxb3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQD2U4oMA0G
CSqGSIb3DQEBCwUAA4IBAQCMKLobTQybbqkWnBP+9fsrlzYMdYO5xh71Rnv1ip7H
Df9nUchszlZ/8g4K1RbkvW5LU4jEt99VftJWujYqXcZRFavtjSWCGL79iAySRbtr
8RFeBXdtAtLPo+UsqF0ubFpS1jlb7jnrSBW1+wn6KGzyHTSUcV3ivk99Ji5sdGVC
V4BaDFnSmY1VGPdxDV1m4BNtg6V4OLPQ9uZuhutRNdQDpKzwOcRzLWMAEL7Z9Yji
8LVYg3vp59IGqQySkOskOkl4CHpF+7dGjWS85ae2VZu76N0rLGRNkNW5zF6+D02F
FiCgdnKPsr0fVzs10E6Au/xwJ4/PmFUlQlP0X16cfx5T
-----END CERTIFICATE-----