Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/LnNC1QLp4EConHryO194rxNXZiA.roa
File:                     LnNC1QLp4EConHryO194rxNXZiA.roa (raw, json)
Hash identifier:          VT8sHolx5DkghgoiK8goISDquOk2I6PoPvtq7x6lQeI=
Subject key identifier:   2E:73:42:D5:02:E9:E0:40:A8:9C:7A:F2:3B:5F:78:AF:13:57:66:20
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       019DFD4E89BBE7BFCE1F62BCF5F8C271BE70
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/LnNC1QLp4EConHryO194rxNXZiA.roa
Signing time:             Wed 06 May 2026 12:41:15 +0000
ROA not before:           Wed 06 May 2026 12:41:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210656
IP address blocks:        186.246.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:fd:4e:89:bb:e7:bf:ce:1f:62:bc:f5:f8:c2:71:be:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: May  6 12:41:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e7342d502e9e040a89c7af23b5f78af13576620
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:c6:84:d8:49:6f:3d:83:dc:af:3c:24:6c:9a:
                    c0:4c:fc:c1:27:54:48:5f:5a:9a:c5:ff:71:83:ae:
                    07:07:36:aa:82:4c:b3:55:d2:59:07:de:00:1d:f0:
                    fa:12:e4:59:86:fb:99:f6:c9:23:51:a5:2b:dc:c7:
                    ba:e2:19:02:10:d7:1a:e8:31:59:b1:cc:17:3e:9f:
                    2a:7a:f6:17:e4:30:b2:4d:c0:8b:a8:e4:eb:07:50:
                    15:bd:2f:7d:75:b3:fe:23:74:34:a5:ba:95:17:05:
                    3c:e9:47:15:9a:5b:f3:aa:1c:3a:fd:11:a4:16:94:
                    80:d6:00:7e:db:bb:c1:dc:eb:9d:03:6c:d4:f0:a2:
                    27:fc:16:67:8e:50:a2:bc:08:90:fc:d0:c3:56:24:
                    50:e0:28:b5:ea:04:b4:44:c9:98:5f:6e:f7:e9:af:
                    fc:34:83:78:ad:1a:85:71:97:f2:55:a3:75:c7:c8:
                    b0:68:e8:79:cd:e8:ae:ee:1e:de:34:a9:31:14:c7:
                    98:c0:c8:cc:5b:52:35:17:03:9b:37:a6:2b:e6:71:
                    32:6a:a1:ce:4e:62:7b:d5:c1:da:0c:71:b1:31:3a:
                    23:53:ff:a0:55:7e:38:8d:a8:0f:97:7b:33:54:97:
                    dd:63:9b:30:2d:c3:79:ee:c5:a2:6d:ae:c0:58:1a:
                    ea:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:73:42:D5:02:E9:E0:40:A8:9C:7A:F2:3B:5F:78:AF:13:57:66:20
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/LnNC1QLp4EConHryO194rxNXZiA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  186.246.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:39:2b:f4:12:89:b8:6b:ac:44:d6:f5:07:0d:af:fc:09:28:
         cb:f1:e8:b3:22:33:1f:14:9a:64:22:c4:9e:e9:f6:dc:6b:8c:
         73:c0:47:d5:a4:9c:60:08:9e:db:4c:44:07:b0:5a:cf:87:04:
         89:56:b5:77:da:ff:74:72:51:9e:68:d5:e0:fc:e4:88:fb:c7:
         f4:be:da:a6:6d:23:e3:6a:3f:53:c7:99:6c:19:e4:3a:76:cd:
         1b:1c:58:d7:7d:d5:9b:e6:46:f1:f1:3e:c5:78:ec:53:63:a2:
         cf:f4:75:c0:15:a0:cb:e3:af:e6:b3:ad:9d:4a:8e:73:0c:af:
         5a:8a:19:3c:6b:da:f2:7a:de:b8:2e:d1:c9:df:62:a7:0a:e6:
         38:c3:31:cb:90:c9:e5:e2:56:e9:49:59:36:c2:dd:60:70:f4:
         20:bb:1d:20:c3:3a:0f:0e:91:be:82:7a:d7:20:86:5f:91:a6:
         49:cc:18:04:03:a7:9e:e8:21:89:30:0e:b8:33:62:82:18:cd:
         c3:1a:f8:d4:79:27:60:4d:c8:8d:4e:00:50:5c:b0:e3:01:01:
         05:fb:55:65:78:56:2e:01:2a:64:22:b9:b5:3a:21:92:2a:5a:
         ef:66:c9:af:1e:e2:98:99:7f:90:da:e6:80:62:ef:25:9a:93:
         0d:2f:c8:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ39Tom757/OH2K89fjCcb5wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjYwNTA2MTI0MTE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTczNDJkNTAyZTllMDQwYTg5YzdhZjIzYjVmNzhhZjEzNTc2NjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtcaE2ElvPYPcrzwkbJrATPzBJ1RI
X1qaxf9xg64HBzaqgkyzVdJZB94AHfD6EuRZhvuZ9skjUaUr3Me64hkCENca6DFZ
scwXPp8qevYX5DCyTcCLqOTrB1AVvS99dbP+I3Q0pbqVFwU86UcVmlvzqhw6/RGk
FpSA1gB+27vB3OudA2zU8KIn/BZnjlCivAiQ/NDDViRQ4Ci16gS0RMmYX2736a/8
NIN4rRqFcZfyVaN1x8iwaOh5zeiu7h7eNKkxFMeYwMjMW1I1FwObN6Yr5nEyaqHO
TmJ71cHaDHGxMTojU/+gVX44jagPl3szVJfdY5swLcN57sWiba7AWBrqjQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5zQtUC6eBAqJx68jtfeK8TV2YgMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvTG5OQzFRTHA0RUNvbkhyeU8xOTRyeE5YWmlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuvYPMA0G
CSqGSIb3DQEBCwUAA4IBAQBCOSv0Eom4a6xE1vUHDa/8CSjL8eizIjMfFJpkIsSe
6fbca4xzwEfVpJxgCJ7bTEQHsFrPhwSJVrV32v90clGeaNXg/OSI+8f0vtqmbSPj
aj9Tx5lsGeQ6ds0bHFjXfdWb5kbx8T7FeOxTY6LP9HXAFaDL46/ms62dSo5zDK9a
ihk8a9ryet64LtHJ32KnCuY4wzHLkMnl4lbpSVk2wt1gcPQgux0gwzoPDpG+gnrX
IIZfkaZJzBgEA6ee6CGJMA64M2KCGM3DGvjUeSdgTciNTgBQXLDjAQEF+1VleFYu
ASpkIrm1OiGSKlrvZsmvHuKYmX+Q2uaAYu8lmpMNL8jA
-----END CERTIFICATE-----