Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/lpMg2ko0-iJVtSPr6ulyNogeR8Y.roa
File:                     lpMg2ko0-iJVtSPr6ulyNogeR8Y.roa (raw, json)
Hash identifier:          /vf+glhaE0iUfqhKrI+IRegz6qCv6eXnRNU2sTI97mM=
Subject key identifier:   96:93:20:DA:4A:34:FA:22:55:B5:23:EB:EA:E9:72:36:88:1E:47:C6
Certificate issuer:       /CN=2f82057bdf184fc43a1a3b05e3dd99ffe2a0be60
Certificate serial:       019B7BA426EAC76EFCA66AE2B9E75DA4B195
Authority key identifier: 2F:82:05:7B:DF:18:4F:C4:3A:1A:3B:05:E3:DD:99:FF:E2:A0:BE:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L4IFe98YT8Q6GjsF492Z_-KgvmA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/lpMg2ko0-iJVtSPr6ulyNogeR8Y.roa
Signing time:             Thu 01 Jan 2026 22:18:34 +0000
ROA not before:           Thu 01 Jan 2026 22:18:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29607
IP address blocks:        2001:67c:1ec::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/L4IFe98YT8Q6GjsF492Z_-KgvmA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/L4IFe98YT8Q6GjsF492Z_-KgvmA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L4IFe98YT8Q6GjsF492Z_-KgvmA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7b:a4:26:ea:c7:6e:fc:a6:6a:e2:b9:e7:5d:a4:b1:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f82057bdf184fc43a1a3b05e3dd99ffe2a0be60
        Validity
            Not Before: Jan  1 22:18:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=969320da4a34fa2255b523ebeae97236881e47c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:20:8d:bb:99:5d:e3:1d:a2:44:37:18:f7:d6:
                    95:eb:a0:f6:cb:00:30:dd:30:8a:3c:21:a8:67:a6:
                    1d:c3:da:2d:9d:68:e3:97:27:de:89:a6:da:b1:a0:
                    0f:8e:d0:f5:60:8b:d3:b3:85:4c:5b:bf:e5:e0:fb:
                    ff:2f:a9:95:97:b5:da:89:8b:5a:86:ac:18:cd:59:
                    7b:7a:21:c6:72:fd:8b:57:df:90:83:9f:dd:95:88:
                    b2:8d:52:56:11:77:0b:27:e1:b9:69:7b:56:4a:3f:
                    2e:cc:6d:ba:21:5c:35:52:45:4b:38:70:75:8f:3a:
                    1a:a3:94:08:a6:1c:14:4f:71:c3:fe:a0:1b:09:b4:
                    b6:e2:59:76:b9:64:8c:d2:c7:ad:d5:2f:cb:bc:20:
                    3e:34:69:e7:7a:31:8e:7e:5f:1a:70:37:27:73:99:
                    34:b8:df:d1:6c:4e:2c:a1:e0:d1:b5:aa:de:ca:ee:
                    99:c0:0c:28:90:9a:f3:10:11:48:23:85:0a:f6:be:
                    bf:0f:de:63:8b:ca:26:d6:9a:0a:94:48:4d:d8:5f:
                    7c:f4:2a:67:00:58:54:3b:34:f4:f4:b6:13:a6:a0:
                    5f:ba:12:ae:db:88:b6:a4:3f:c2:81:d5:ef:17:9f:
                    1f:fb:3c:3b:c3:e9:2c:62:1b:7a:08:d4:d5:3f:e9:
                    bd:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:93:20:DA:4A:34:FA:22:55:B5:23:EB:EA:E9:72:36:88:1E:47:C6
            X509v3 Authority Key Identifier:
                keyid:2F:82:05:7B:DF:18:4F:C4:3A:1A:3B:05:E3:DD:99:FF:E2:A0:BE:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4IFe98YT8Q6GjsF492Z_-KgvmA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/lpMg2ko0-iJVtSPr6ulyNogeR8Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/71c590-246d-4aab-9dde-86304f5fe52a/1/L4IFe98YT8Q6GjsF492Z_-KgvmA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:1ec::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:ed:ef:79:bf:ab:7e:0c:00:54:f8:7b:e8:01:97:64:ff:ea:
         6d:2c:13:5f:12:07:33:cd:16:34:86:ea:51:f4:d3:fb:b4:ed:
         3b:ca:90:0a:8b:28:d6:4a:3d:a9:99:f6:ae:f3:1c:a9:c3:bd:
         b6:e7:49:77:11:8f:00:a0:06:7f:94:87:a3:72:2b:f0:e0:78:
         25:08:7d:cd:99:d4:ff:2d:c4:d2:aa:df:98:a3:91:94:6f:31:
         b5:db:ed:fc:68:c7:33:4c:57:d6:9b:5a:bd:3f:b8:6e:6a:fa:
         46:eb:c6:7a:f0:63:18:fe:fe:40:44:7f:f5:50:dc:9b:13:3e:
         6c:23:fd:a8:c1:57:de:c1:e4:d0:5f:e7:f2:14:f1:9c:e0:7b:
         9e:b7:80:89:e4:52:57:c4:b6:9f:b1:38:ff:c4:fe:2e:28:2b:
         47:08:7b:4b:8b:57:13:9c:cd:6f:b0:72:d5:35:87:22:fc:f2:
         ac:1e:2b:f2:23:d4:16:ec:d8:e0:c1:b1:95:c2:89:b4:2e:95:
         bc:7d:c6:54:b3:e8:ba:eb:e2:41:8a:9e:5e:7f:e0:93:75:cc:
         7e:07:79:5a:c1:af:34:a5:a1:2d:bd:ca:2e:a9:19:4c:f8:5d:
         5a:f7:9b:ae:d2:e1:e7:c0:1b:a0:f2:57:81:0c:ff:98:8a:f9:
         6d:58:c2:11
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt7pCbqx278pmriueddpLGVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODIwNTdiZGYxODRmYzQzYTFhM2IwNWUzZGQ5OWZmZTJh
MGJlNjAwHhcNMjYwMTAxMjIxODM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjkzMjBkYTRhMzRmYTIyNTViNTIzZWJlYWU5NzIzNjg4MWU0N2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAriCNu5ld4x2iRDcY99aV66D2ywAw
3TCKPCGoZ6Ydw9otnWjjlyfeiabasaAPjtD1YIvTs4VMW7/l4Pv/L6mVl7XaiYta
hqwYzVl7eiHGcv2LV9+Qg5/dlYiyjVJWEXcLJ+G5aXtWSj8uzG26IVw1UkVLOHB1
jzoao5QIphwUT3HD/qAbCbS24ll2uWSM0set1S/LvCA+NGnnejGOfl8acDcnc5k0
uN/RbE4soeDRtareyu6ZwAwokJrzEBFII4UK9r6/D95ji8om1poKlEhN2F989Cpn
AFhUOzT09LYTpqBfuhKu24i2pD/CgdXvF58f+zw7w+ksYht6CNTVP+m9swIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFJaTINpKNPoiVbUj6+rpcjaIHkfGMB8GA1UdIwQY
MBaAFC+CBXvfGE/EOho7BePdmf/ioL5gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRJRmU5OFlUOFE2R2pzRjQ5MlpfLUtndm1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC83MWM1OTAtMjQ2ZC00YWFiLTlkZGUt
ODYzMDRmNWZlNTJhLzEvbHBNZzJrbzAtaUpWdFNQcjZ1bHlOb2dlUjhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC83MWM1OTAtMjQ2ZC00YWFiLTlkZGUtODYzMDRmNWZlNTJh
LzEvTDRJRmU5OFlUOFE2R2pzRjQ5MlpfLUtndm1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAHs
MA0GCSqGSIb3DQEBCwUAA4IBAQCA7e95v6t+DABU+HvoAZdk/+ptLBNfEgczzRY0
hupR9NP7tO07ypAKiyjWSj2pmfau8xypw72250l3EY8AoAZ/lIejcivw4HglCH3N
mdT/LcTSqt+Yo5GUbzG12+38aMczTFfWm1q9P7huavpG68Z68GMY/v5ARH/1UNyb
Ez5sI/2owVfeweTQX+fyFPGc4Huet4CJ5FJXxLafsTj/xP4uKCtHCHtLi1cTnM1v
sHLVNYci/PKsHivyI9QW7NjgwbGVwom0LpW8fcZUs+i66+JBip5ef+CTdcx+B3la
wa80paEtvcouqRlM+F1a95uu0uHnwBug8leBDP+YivltWMIR
-----END CERTIFICATE-----