Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/LWWZSMSjML_AEmbBnDV1CXaT_Ys.roa
File:                     LWWZSMSjML_AEmbBnDV1CXaT_Ys.roa (raw, json)
Hash identifier:          iMKLlxtB342fxcBOEaSOHnrdbUeVr0p8djIlUydRri0=
Subject key identifier:   2D:65:99:48:C4:A3:30:BF:C0:12:66:C1:9C:35:75:09:76:93:FD:8B
Certificate issuer:       /CN=f04a58047f37bbc057944bbf8cad8742879592da
Certificate serial:       019CD677A59C8D9EABA6C0428C5B0AC8F128
Authority key identifier: F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/LWWZSMSjML_AEmbBnDV1CXaT_Ys.roa
Signing time:             Tue 10 Mar 2026 06:38:11 +0000
ROA not before:           Tue 10 Mar 2026 06:38:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     202199
IP address blocks:        147.90.18.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 09:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:d6:77:a5:9c:8d:9e:ab:a6:c0:42:8c:5b:0a:c8:f1:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f04a58047f37bbc057944bbf8cad8742879592da
        Validity
            Not Before: Mar 10 06:38:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d659948c4a330bfc01266c19c3575097693fd8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:26:94:2a:ad:69:11:1e:ae:0c:58:8d:7d:69:
                    25:f3:18:95:a7:20:3b:43:7e:a3:db:cd:ab:15:40:
                    4a:8d:63:4b:46:24:b1:56:ba:eb:e7:fb:bb:ba:85:
                    b8:95:72:a4:c9:e7:9c:bd:14:b6:a0:d3:c9:03:7c:
                    e4:0c:76:98:a0:3b:e3:be:c8:77:a8:5e:b7:a4:d4:
                    02:d5:5e:55:95:c9:93:6b:8e:ac:66:6b:ba:d0:92:
                    bf:b4:db:9d:f3:06:16:9a:92:94:ec:e6:86:78:5a:
                    5d:4a:24:fb:f3:f1:28:12:fb:71:f7:bc:42:4e:83:
                    ea:01:98:4d:73:39:4f:ab:d7:c0:57:50:e1:2b:95:
                    69:bf:76:e6:dc:d1:a6:a4:14:0f:fd:ab:68:94:48:
                    ca:11:af:a5:9e:81:67:7a:06:5f:d2:49:a8:94:b0:
                    e8:cf:c6:0b:3a:6a:9e:9c:9c:80:1e:5d:a5:aa:55:
                    3b:53:c1:1f:eb:3b:0a:40:3f:4b:07:9e:cd:07:a3:
                    f3:cd:e3:43:45:09:28:92:58:e2:c2:6d:70:5d:d3:
                    c0:14:4c:3e:a5:ee:22:be:b9:c4:3d:da:fe:44:01:
                    97:e4:93:ee:a8:94:a3:19:e0:9b:df:32:54:d9:95:
                    1e:6a:78:57:b2:9e:db:da:49:38:2d:4e:fa:64:f0:
                    cd:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:65:99:48:C4:A3:30:BF:C0:12:66:C1:9C:35:75:09:76:93:FD:8B
            X509v3 Authority Key Identifier:
                keyid:F0:4A:58:04:7F:37:BB:C0:57:94:4B:BF:8C:AD:87:42:87:95:92:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8EpYBH83u8BXlEu_jK2HQoeVkto.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/LWWZSMSjML_AEmbBnDV1CXaT_Ys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/2ba97e-598b-48dd-8d56-f5fb71b9a51f/1/8EpYBH83u8BXlEu_jK2HQoeVkto.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.90.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:04:26:31:4f:46:43:c8:e0:99:1c:c1:ef:2b:69:cf:3d:e2:
         e2:0b:d6:8f:ad:d1:5c:c4:57:f5:62:0d:5e:8f:97:0d:cc:66:
         72:87:67:55:7f:12:63:34:95:38:28:1c:75:5f:b0:30:e6:04:
         1e:9b:07:f1:82:d1:8a:22:38:ea:3d:ca:bc:a5:fa:2c:0c:0f:
         7f:51:f9:eb:51:a5:c0:72:58:fe:cb:c2:91:76:f9:3d:cb:3a:
         f0:c6:dd:b2:4c:8b:5b:29:00:15:66:c6:1d:0d:2d:71:f6:bb:
         f7:3f:42:05:ff:6f:12:33:05:5e:31:78:92:c7:a9:86:ab:87:
         40:e7:f6:d1:28:26:57:c5:36:8b:f8:41:0c:98:85:0d:2e:9e:
         6d:4f:b1:a7:c3:62:a0:fa:d5:ef:d2:a3:23:b7:9a:2f:9f:6a:
         eb:39:80:62:78:5e:f2:ad:09:aa:01:bf:e9:34:6b:ef:dd:a6:
         74:88:8f:94:83:6c:0a:28:a4:02:32:66:12:e5:a1:b5:33:92:
         17:b3:8f:ab:f5:7d:5e:71:e9:75:be:cd:f3:10:e4:bd:d3:80:
         24:78:da:7d:81:6d:79:a8:fa:c6:19:4d:6f:b3:ec:e1:33:d3:
         26:6a:b4:fb:40:7c:94:cd:1d:f9:45:05:69:41:e2:2d:c7:40:
         e2:b8:9e:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzWd6WcjZ6rpsBCjFsKyPEoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNGE1ODA0N2YzN2JiYzA1Nzk0NGJiZjhjYWQ4NzQyODc5
NTkyZGEwHhcNMjYwMzEwMDYzODExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDY1OTk0OGM0YTMzMGJmYzAxMjY2YzE5YzM1NzUwOTc2OTNmZDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCaUKq1pER6uDFiNfWkl8xiVpyA7
Q36j282rFUBKjWNLRiSxVrrr5/u7uoW4lXKkyeecvRS2oNPJA3zkDHaYoDvjvsh3
qF63pNQC1V5VlcmTa46sZmu60JK/tNud8wYWmpKU7OaGeFpdSiT78/EoEvtx97xC
ToPqAZhNczlPq9fAV1DhK5Vpv3bm3NGmpBQP/atolEjKEa+lnoFnegZf0kmolLDo
z8YLOmqenJyAHl2lqlU7U8Ef6zsKQD9LB57NB6PzzeNDRQkokljiwm1wXdPAFEw+
pe4ivrnEPdr+RAGX5JPuqJSjGeCb3zJU2ZUeanhXsp7b2kk4LU76ZPDNgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC1lmUjEozC/wBJmwZw1dQl2k/2LMB8GA1UdIwQY
MBaAFPBKWAR/N7vAV5RLv4yth0KHlZLaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYt
ZjVmYjcxYjlhNTFmLzEvTFdXWlNNU2pNTF9BRW1iQm5EVjFDWGFUX1lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8yYmE5N2UtNTk4Yi00OGRkLThkNTYtZjVmYjcxYjlhNTFm
LzEvOEVwWUJIODN1OEJYbEV1X2pLMkhRb2VWa3RvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAk1oSMA0G
CSqGSIb3DQEBCwUAA4IBAQDgBCYxT0ZDyOCZHMHvK2nPPeLiC9aPrdFcxFf1Yg1e
j5cNzGZyh2dVfxJjNJU4KBx1X7Aw5gQemwfxgtGKIjjqPcq8pfosDA9/UfnrUaXA
clj+y8KRdvk9yzrwxt2yTItbKQAVZsYdDS1x9rv3P0IF/28SMwVeMXiSx6mGq4dA
5/bRKCZXxTaL+EEMmIUNLp5tT7Gnw2Kg+tXv0qMjt5ovn2rrOYBieF7yrQmqAb/p
NGvv3aZ0iI+Ug2wKKKQCMmYS5aG1M5IXs4+r9X1ecel1vs3zEOS904AkeNp9gW15
qPrGGU1vs+zhM9MmarT7QHyUzR35RQVpQeItx0DiuJ5X
-----END CERTIFICATE-----