Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/L0vpPIy9GAPm6JtjRB5DBUq_p0c.roa
File:                     L0vpPIy9GAPm6JtjRB5DBUq_p0c.roa (raw, json)
Hash identifier:          EcWoApG1dXP+QttkNlbBQ/q//CNUzWl0bsqOIr50D2I=
Subject key identifier:   2F:4B:E9:3C:8C:BD:18:03:E6:E8:9B:63:44:1E:43:05:4A:BF:A7:47
Certificate issuer:       /CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
Certificate serial:       019DCE879C380B23C56FBA44F1752139B92F
Authority key identifier: C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/L0vpPIy9GAPm6JtjRB5DBUq_p0c.roa
Signing time:             Mon 27 Apr 2026 10:41:26 +0000
ROA not before:           Mon 27 Apr 2026 10:41:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199746
IP address blocks:        2a07:2486:400f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 14:18:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ce:87:9c:38:0b:23:c5:6f:ba:44:f1:75:21:39:b9:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c236e8c216f05a9d9e0327f1222bf12198aba5da
        Validity
            Not Before: Apr 27 10:41:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f4be93c8cbd1803e6e89b63441e43054abfa747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:fd:dd:04:bd:52:a8:b4:f6:04:75:eb:c0:5d:
                    6a:4b:07:c6:36:06:ec:a4:27:38:4a:ae:20:93:b9:
                    c0:14:19:c0:6d:97:b1:a5:81:03:67:f0:69:c8:3a:
                    8c:86:40:eb:9e:43:85:a5:d5:aa:94:90:af:dd:92:
                    b2:76:ec:84:1a:be:7e:46:74:68:a6:a8:4a:89:ad:
                    bf:52:a1:90:c8:fa:aa:f0:ff:cf:44:db:42:26:1b:
                    76:f1:d4:2f:33:50:99:38:dd:74:13:27:c5:fa:90:
                    46:27:65:4a:b8:b6:e9:3a:d4:8b:16:65:8a:52:eb:
                    f6:33:41:82:14:8d:70:7f:54:4a:59:45:65:87:ee:
                    47:61:bb:36:6e:34:a7:43:85:6f:44:6c:f0:d1:a4:
                    d5:b6:eb:25:07:d3:c4:fc:a1:a3:bb:be:dd:5d:af:
                    f6:7d:bd:d6:3c:6a:d0:29:a3:65:3a:0e:4d:a6:e6:
                    b1:b3:66:ba:13:2d:45:d1:df:51:ca:bf:eb:3b:28:
                    8d:36:01:8f:50:6a:21:62:88:df:e7:5e:d0:4c:89:
                    a5:2d:7d:fa:e4:9a:15:d2:69:d6:9d:ea:32:87:2c:
                    2d:88:b8:c9:ff:09:1a:56:56:8c:3e:8e:fd:3c:fd:
                    be:7c:52:78:1c:69:6b:56:a1:d0:0f:ec:cf:93:c3:
                    da:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:4B:E9:3C:8C:BD:18:03:E6:E8:9B:63:44:1E:43:05:4A:BF:A7:47
            X509v3 Authority Key Identifier:
                keyid:C2:36:E8:C2:16:F0:5A:9D:9E:03:27:F1:22:2B:F1:21:98:AB:A5:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wjbowhbwWp2eAyfxIivxIZirpdo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/L0vpPIy9GAPm6JtjRB5DBUq_p0c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/2a413e-8974-4dc7-9ce8-384ffce77f52/1/wjbowhbwWp2eAyfxIivxIZirpdo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a07:2486:400f::/48

    Signature Algorithm: sha256WithRSAEncryption
         76:b6:8f:8d:67:67:18:ac:c9:42:4a:fc:77:16:ba:ee:ec:88:
         e1:2a:c4:51:21:00:b2:26:ab:f4:3c:3b:ee:2f:ab:52:67:7b:
         97:7b:17:c8:13:f6:97:7a:9d:02:98:85:1b:74:9d:5f:94:6a:
         e8:47:6d:31:e1:81:54:4e:e6:cf:d2:69:99:0c:94:8e:89:4f:
         74:bc:c7:83:cd:5c:11:e2:fd:df:95:5a:1f:7b:82:2c:c6:61:
         da:59:45:73:ec:b3:db:ce:57:17:bf:90:81:cf:86:41:7f:a2:
         2c:e1:ab:09:a0:56:f0:ee:1b:c5:24:d8:ab:c8:18:c8:56:3e:
         43:0e:40:c8:35:c0:2e:b3:a4:ca:fc:69:f8:96:a6:1b:e2:20:
         32:05:7a:bb:af:37:31:90:88:0b:31:c6:db:b7:19:db:a5:87:
         e7:02:ab:a9:1f:7f:a8:66:17:3e:22:0b:0b:7c:fa:59:32:d6:
         58:30:cd:5a:42:11:33:4d:e3:af:13:cf:3a:2b:25:8d:33:9d:
         c7:a3:d5:dc:fb:d3:6f:55:35:90:6c:35:3b:39:04:7b:24:4b:
         92:41:1c:7f:69:06:bc:78:89:a8:db:38:ba:07:ec:b4:5d:15:
         c6:2d:61:1c:84:c5:42:f1:cb:1b:e1:07:97:71:2e:57:b8:83:
         36:e9:26:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZ3Oh5w4CyPFb7pE8XUhObkvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyMzZlOGMyMTZmMDVhOWQ5ZTAzMjdmMTIyMmJmMTIxOThh
YmE1ZGEwHhcNMjYwNDI3MTA0MTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjRiZTkzYzhjYmQxODAzZTZlODliNjM0NDFlNDMwNTRhYmZhNzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4P3dBL1SqLT2BHXrwF1qSwfGNgbs
pCc4Sq4gk7nAFBnAbZexpYEDZ/BpyDqMhkDrnkOFpdWqlJCv3ZKyduyEGr5+RnRo
pqhKia2/UqGQyPqq8P/PRNtCJht28dQvM1CZON10EyfF+pBGJ2VKuLbpOtSLFmWK
Uuv2M0GCFI1wf1RKWUVlh+5HYbs2bjSnQ4VvRGzw0aTVtuslB9PE/KGju77dXa/2
fb3WPGrQKaNlOg5Npuaxs2a6Ey1F0d9Ryr/rOyiNNgGPUGohYojf517QTImlLX36
5JoV0mnWneoyhywtiLjJ/wkaVlaMPo79PP2+fFJ4HGlrVqHQD+zPk8Pa6wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC9L6TyMvRgD5uibY0QeQwVKv6dHMB8GA1UdIwQY
MBaAFMI26MIW8FqdngMn8SIr8SGYq6XaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgt
Mzg0ZmZjZTc3ZjUyLzEvTDB2cFBJeTlHQVBtNkp0alJCNURCVXFfcDBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yYTQxM2UtODk3NC00ZGM3LTljZTgtMzg0ZmZjZTc3ZjUy
LzEvd2pib3doYndXcDJlQXlmeElpdnhJWmlycGRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgckhkAP
MA0GCSqGSIb3DQEBCwUAA4IBAQB2to+NZ2cYrMlCSvx3Frru7IjhKsRRIQCyJqv0
PDvuL6tSZ3uXexfIE/aXep0CmIUbdJ1flGroR20x4YFUTubP0mmZDJSOiU90vMeD
zVwR4v3flVofe4IsxmHaWUVz7LPbzlcXv5CBz4ZBf6Is4asJoFbw7hvFJNiryBjI
Vj5DDkDINcAus6TK/Gn4lqYb4iAyBXq7rzcxkIgLMcbbtxnbpYfnAqupH3+oZhc+
IgsLfPpZMtZYMM1aQhEzTeOvE886KyWNM53Ho9Xc+9NvVTWQbDU7OQR7JEuSQRx/
aQa8eImo2zi6B+y0XRXGLWEchMVC8csb4QeXcS5XuIM26SaZ
-----END CERTIFICATE-----