Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/LFS7l--gBzEf-DUvwOH4x9B7ce4.roa
File:                     LFS7l--gBzEf-DUvwOH4x9B7ce4.roa (raw, json)
Hash identifier:          Jq3iRq1A93DK2WYexuM9Up6xgMgWsMqpOjVIDiFdUMI=
Subject key identifier:   2C:54:BB:97:EF:A0:07:31:1F:F8:35:2F:C0:E1:F8:C7:D0:7B:71:EE
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019DCE4C1A64F44A2C64CF3B164AFE32BC1D
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/LFS7l--gBzEf-DUvwOH4x9B7ce4.roa
Signing time:             Mon 27 Apr 2026 09:36:27 +0000
ROA not before:           Mon 27 Apr 2026 09:36:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402399
IP address blocks:        185.143.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:4c:1a:64:f4:4a:2c:64:cf:3b:16:4a:fe:32:bc:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Apr 27 09:36:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c54bb97efa007311ff8352fc0e1f8c7d07b71ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6c:74:1a:e5:ce:b3:4f:e3:bb:85:57:23:57:
                    41:ea:69:49:b0:28:de:9f:48:48:8b:2e:de:70:a3:
                    4b:b2:e7:78:4c:bc:45:a3:83:c9:3b:fe:e1:a9:dd:
                    47:c8:b1:e7:ee:f8:c7:73:17:d9:0b:ab:3d:43:64:
                    03:b7:d1:9f:0b:3b:58:c1:83:e3:ab:c6:2a:ae:6b:
                    d8:35:3b:0f:32:91:73:ba:3b:ac:47:30:cc:8f:6c:
                    ed:41:ad:b4:6d:9c:79:92:27:9c:b7:a2:7e:3c:43:
                    50:ed:3c:80:f8:ba:19:53:20:07:80:60:b8:e9:a7:
                    06:05:cc:c6:b6:ad:6a:f8:ef:7c:73:4f:73:9b:1f:
                    99:c0:bb:a7:1b:c8:1b:fa:ca:bc:9b:5f:8e:a5:9b:
                    a0:b6:f4:7b:4c:8c:29:00:3e:8f:0f:5f:aa:f9:99:
                    2c:1e:17:3f:25:7a:3c:29:e0:24:e3:66:fe:0c:91:
                    ef:44:94:3f:b9:f5:c1:6a:aa:b9:1a:2b:b0:7b:01:
                    79:eb:1b:86:3c:65:5d:5d:73:b0:d6:ec:4c:6f:9d:
                    10:38:e3:f5:b2:1c:c7:6b:7c:27:0e:ae:21:d0:da:
                    47:e5:39:e7:f1:91:c0:6c:f7:55:33:7d:de:fe:b9:
                    b2:a1:c0:87:45:da:f2:8a:64:d7:76:1d:63:e3:91:
                    87:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:54:BB:97:EF:A0:07:31:1F:F8:35:2F:C0:E1:F8:C7:D0:7B:71:EE
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/LFS7l--gBzEf-DUvwOH4x9B7ce4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:25:44:54:54:82:fe:f4:93:1d:54:f1:58:01:2a:03:2c:7f:
         f7:1e:4e:8a:5e:32:9e:4f:1e:82:f1:f0:50:af:58:d0:a8:f7:
         14:17:77:89:8e:a4:d5:6f:02:c9:bc:94:6d:42:93:13:ad:cb:
         2e:1b:c9:df:2c:7d:15:e6:fd:e3:a4:43:8d:fa:9d:f7:18:17:
         97:2b:0e:70:88:16:04:6b:9a:f0:8a:7b:f0:a8:52:f4:c4:5c:
         83:fa:27:ae:a2:13:63:68:07:8e:6a:a7:01:b9:44:fd:ec:1e:
         75:a6:25:5f:2e:ef:4e:49:ba:d4:39:99:23:6a:37:9c:46:ac:
         bd:72:f6:29:9a:be:04:36:aa:e4:14:a8:ae:cb:01:a6:fe:7f:
         0f:0f:34:bc:d0:61:0f:60:ee:26:6a:de:20:c4:62:02:71:ac:
         57:10:ce:56:45:8f:fc:71:05:8b:92:54:9c:77:d5:a9:45:a3:
         d1:6a:98:aa:9e:e7:e3:5d:72:79:79:a9:08:f0:70:e4:c8:86:
         08:63:35:fb:b7:3a:36:3c:88:48:68:64:ec:a2:7e:55:37:3b:
         30:ab:c9:de:ef:81:c5:51:06:a3:9f:97:17:25:96:98:d6:12:
         90:0a:9b:78:e9:de:a8:e9:1a:9d:b2:f0:55:44:12:ea:08:76:
         d8:e0:6d:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3OTBpk9EosZM87Fkr+MrwdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjYwNDI3MDkzNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU0YmI5N2VmYTAwNzMxMWZmODM1MmZjMGUxZjhjN2QwN2I3MWVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2x0GuXOs0/ju4VXI1dB6mlJsCje
n0hIiy7ecKNLsud4TLxFo4PJO/7hqd1HyLHn7vjHcxfZC6s9Q2QDt9GfCztYwYPj
q8YqrmvYNTsPMpFzujusRzDMj2ztQa20bZx5kiect6J+PENQ7TyA+LoZUyAHgGC4
6acGBczGtq1q+O98c09zmx+ZwLunG8gb+sq8m1+OpZugtvR7TIwpAD6PD1+q+Zks
Hhc/JXo8KeAk42b+DJHvRJQ/ufXBaqq5GiuwewF56xuGPGVdXXOw1uxMb50QOOP1
shzHa3wnDq4h0NpH5Tnn8ZHAbPdVM33e/rmyocCHRdryimTXdh1j45GH7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxUu5fvoAcxH/g1L8Dh+MfQe3HuMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvTEZTN2wtLWdCekVmLURVdndPSDR4OUI3Y2U0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY9IMA0G
CSqGSIb3DQEBCwUAA4IBAQCqJURUVIL+9JMdVPFYASoDLH/3Hk6KXjKeTx6C8fBQ
r1jQqPcUF3eJjqTVbwLJvJRtQpMTrcsuG8nfLH0V5v3jpEON+p33GBeXKw5wiBYE
a5rwinvwqFL0xFyD+ieuohNjaAeOaqcBuUT97B51piVfLu9OSbrUOZkjajecRqy9
cvYpmr4ENqrkFKiuywGm/n8PDzS80GEPYO4mat4gxGICcaxXEM5WRY/8cQWLklSc
d9WpRaPRapiqnufjXXJ5eakI8HDkyIYIYzX7tzo2PIhIaGTson5VNzswq8ne74HF
UQajn5cXJZaY1hKQCpt46d6o6RqdsvBVRBLqCHbY4G0n
-----END CERTIFICATE-----