Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LiDaSS4o8M_VD14qlKj82Dnw8jQ.roa
File:                     LiDaSS4o8M_VD14qlKj82Dnw8jQ.roa (raw, json)
Hash identifier:          d8RpodFe67zObteuyN16KsaBiEPgO2inJL9jHg7lNMs=
Subject key identifier:   2E:20:DA:49:2E:28:F0:CF:D5:0F:5E:2A:94:A8:FC:D8:39:F0:F2:34
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       019D1B3CC23E8969E7421D1937019DFE3ADE
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LiDaSS4o8M_VD14qlKj82Dnw8jQ.roa
Signing time:             Mon 23 Mar 2026 15:07:39 +0000
ROA not before:           Mon 23 Mar 2026 15:07:39 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39523
IP address blocks:        146.120.216.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:1b:3c:c2:3e:89:69:e7:42:1d:19:37:01:9d:fe:3a:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Mar 23 15:07:39 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e20da492e28f0cfd50f5e2a94a8fcd839f0f234
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:24:0f:b5:72:f7:0b:54:af:76:a8:d6:6d:43:
                    f6:92:50:b2:4b:f7:a8:6b:75:1b:69:63:d6:09:e6:
                    59:cd:e3:df:17:36:bf:3a:0c:67:69:43:f0:49:ca:
                    c5:b9:d8:93:ab:9c:ea:47:bd:d6:94:00:51:96:5a:
                    96:cc:19:d0:e3:5f:04:24:59:4d:1e:74:32:6d:ee:
                    9a:d2:5b:6c:11:a9:f0:7b:a7:df:1a:64:44:d1:2e:
                    f8:0b:e7:3a:72:cc:65:6f:00:b5:3f:8d:91:e0:ad:
                    bb:cb:1c:84:21:ff:8f:c1:ee:34:aa:aa:59:4d:a8:
                    21:04:c7:99:84:92:31:d2:cd:1f:0c:dd:74:b0:c9:
                    2e:19:5b:33:80:e7:72:55:ee:fc:ec:f5:84:39:1b:
                    d2:5d:50:86:1b:2c:05:dd:15:1f:60:b4:8e:03:67:
                    27:0f:91:ac:e6:db:e5:67:a7:6c:7c:71:6b:99:23:
                    92:36:43:61:aa:37:28:45:26:6b:1e:17:94:64:0d:
                    0d:ba:10:3e:39:9f:61:d0:7e:b2:e5:2c:62:80:3e:
                    6c:fe:1d:60:66:37:bd:c6:c7:15:66:82:dd:b6:d5:
                    26:e7:91:38:df:7e:0e:f6:da:0e:88:b5:05:5e:a4:
                    38:94:72:5a:22:43:07:4f:ae:37:80:32:04:53:5a:
                    f2:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:20:DA:49:2E:28:F0:CF:D5:0F:5E:2A:94:A8:FC:D8:39:F0:F2:34
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/LiDaSS4o8M_VD14qlKj82Dnw8jQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.120.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:e5:e1:3d:5f:86:9b:61:eb:0e:a3:4b:85:e7:24:7c:e7:8d:
         3a:d3:74:0a:cd:75:a7:22:62:4c:d1:76:3b:6d:c2:04:86:d2:
         21:9c:03:76:16:55:44:11:55:3c:68:e8:c8:60:50:f4:68:aa:
         5a:2a:2e:9a:38:63:bb:8a:0f:0f:6a:15:98:08:89:21:b3:1e:
         0f:12:71:ed:82:9c:30:43:97:fd:ef:4d:ca:6e:cf:9c:d2:17:
         a9:20:47:37:cb:f0:d8:99:91:42:96:f4:bd:5b:13:4d:d1:31:
         9f:ad:db:5c:52:20:98:90:65:7f:12:0c:73:2a:a6:64:ea:94:
         cb:5a:7e:3e:93:83:17:66:a9:c6:2b:72:b2:8b:84:4c:81:7e:
         fc:f4:8a:e1:c9:3f:f5:cf:fd:5d:98:5b:ee:60:6b:51:71:92:
         f5:12:a3:4b:50:3a:5e:21:cc:1c:f1:70:4a:46:89:7a:f2:1c:
         d1:e0:b6:41:3c:3e:cf:c2:49:40:be:39:f3:e0:8e:00:af:9c:
         b0:8f:89:44:b4:f4:fe:9a:b8:7b:16:91:f3:52:6f:5c:27:df:
         b1:7a:4d:04:50:fb:3d:98:02:cb:14:bc:18:f0:60:07:8e:64:
         0a:fd:78:ea:af:b2:5b:2a:40:4e:1b:9e:d3:4c:64:5f:f0:79:
         79:de:af:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0bPMI+iWnnQh0ZNwGd/jreMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjYwMzIzMTUwNzM5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTIwZGE0OTJlMjhmMGNmZDUwZjVlMmE5NGE4ZmNkODM5ZjBmMjM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyQPtXL3C1SvdqjWbUP2klCyS/eo
a3UbaWPWCeZZzePfFza/OgxnaUPwScrFudiTq5zqR73WlABRllqWzBnQ418EJFlN
HnQybe6a0ltsEanwe6ffGmRE0S74C+c6csxlbwC1P42R4K27yxyEIf+Pwe40qqpZ
TaghBMeZhJIx0s0fDN10sMkuGVszgOdyVe787PWEORvSXVCGGywF3RUfYLSOA2cn
D5Gs5tvlZ6dsfHFrmSOSNkNhqjcoRSZrHheUZA0NuhA+OZ9h0H6y5SxigD5s/h1g
Zje9xscVZoLdttUm55E4334O9toOiLUFXqQ4lHJaIkMHT643gDIEU1ryiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4g2kkuKPDP1Q9eKpSo/Ng58PI0MB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvTGlEYVNTNG84TV9WRDE0cWxLajgyRG53OGpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCknjYMA0G
CSqGSIb3DQEBCwUAA4IBAQCm5eE9X4abYesOo0uF5yR8540603QKzXWnImJM0XY7
bcIEhtIhnAN2FlVEEVU8aOjIYFD0aKpaKi6aOGO7ig8PahWYCIkhsx4PEnHtgpww
Q5f9703Kbs+c0hepIEc3y/DYmZFClvS9WxNN0TGfrdtcUiCYkGV/EgxzKqZk6pTL
Wn4+k4MXZqnGK3Kyi4RMgX789IrhyT/1z/1dmFvuYGtRcZL1EqNLUDpeIcwc8XBK
Rol68hzR4LZBPD7PwklAvjnz4I4Ar5ywj4lEtPT+mrh7FpHzUm9cJ9+xek0EUPs9
mALLFLwY8GAHjmQK/Xjqr7JbKkBOG57TTGRf8Hl53q8P
-----END CERTIFICATE-----