Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/lLhmEw7IEMb-qUjY7M3kCd8cWOA.roa
File:                     lLhmEw7IEMb-qUjY7M3kCd8cWOA.roa (raw, json)
Hash identifier:          ynq1BksMwSLgFJR9WzfdR5gm2pKZhnJLRvt2UFC0YIk=
Subject key identifier:   94:B8:66:13:0E:C8:10:C6:FE:A9:48:D8:EC:CD:E4:09:DF:1C:58:E0
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       019D00E87D409500045B136462AF8936B466
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/lLhmEw7IEMb-qUjY7M3kCd8cWOA.roa
Signing time:             Wed 18 Mar 2026 12:25:29 +0000
ROA not before:           Wed 18 Mar 2026 12:25:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199740
IP address blocks:        212.52.12.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:00:e8:7d:40:95:00:04:5b:13:64:62:af:89:36:b4:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Mar 18 12:25:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94b866130ec810c6fea948d8eccde409df1c58e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:43:a6:c5:af:9c:bd:d6:de:d0:8b:66:1d:da:
                    3f:29:dc:85:f9:48:59:6a:30:7c:ed:9f:12:0e:33:
                    aa:cc:71:e0:70:96:79:61:b0:9c:38:60:62:8f:7e:
                    30:81:64:b3:99:85:56:ee:f7:36:19:6d:b3:a9:b7:
                    c3:80:f5:1e:7e:72:a6:b9:dc:fb:5c:b8:df:a3:7b:
                    c4:5a:08:9a:07:36:27:11:2e:2d:db:27:de:90:11:
                    54:01:98:7a:61:52:3c:89:60:0f:93:01:52:62:a4:
                    f1:08:3e:7e:e4:e3:39:b9:fd:1f:21:27:70:be:dd:
                    73:55:57:a6:ec:d2:d4:40:53:07:63:50:39:e8:24:
                    cd:05:34:fc:5a:89:25:6f:21:2b:3a:2d:11:52:fa:
                    84:ab:ca:97:26:fe:aa:67:fb:8b:e4:f2:b3:b1:a8:
                    38:36:0a:aa:e4:07:cc:46:94:f3:88:33:b3:91:03:
                    78:c7:e5:90:0c:0a:b7:8f:3c:22:8e:03:39:d3:28:
                    ee:96:91:1b:dc:1c:f9:6a:a2:83:99:92:9f:d2:dc:
                    07:a3:70:2c:0a:6f:94:0c:7c:5b:08:e2:f9:5f:b1:
                    6e:f9:a1:5b:f2:3a:bd:36:a5:86:d8:a3:68:a8:7a:
                    25:1b:61:1a:9c:e8:99:af:11:20:fb:7b:58:bb:65:
                    39:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B8:66:13:0E:C8:10:C6:FE:A9:48:D8:EC:CD:E4:09:DF:1C:58:E0
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/lLhmEw7IEMb-qUjY7M3kCd8cWOA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.52.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:e6:d3:58:3e:a4:84:c3:e1:a2:2f:f3:72:58:c5:57:5d:7f:
         73:80:be:34:83:54:11:e5:73:be:19:3d:18:15:7f:62:44:6c:
         46:22:79:c1:05:41:8e:a0:60:0d:e5:a6:84:cb:96:4b:cd:0a:
         75:ff:49:56:24:eb:e3:2f:1e:00:30:f5:55:9f:1c:df:6f:21:
         90:23:cc:e5:98:7d:9d:e1:b5:20:7e:d2:20:28:fd:7f:e9:93:
         68:83:f7:32:2b:fe:f0:e3:54:64:8d:2c:7e:99:11:d6:53:fc:
         eb:53:bc:7e:fc:47:5d:ca:e1:69:ec:b5:cf:d5:ec:e7:49:ee:
         df:e7:92:55:5f:1a:37:bc:4f:77:a8:04:b4:28:b8:26:03:73:
         09:1b:0c:59:e7:34:a1:3d:80:47:2c:e1:99:ce:44:6e:9f:a2:
         64:38:ab:67:de:49:c1:24:bb:3b:65:ea:3e:e2:86:e8:a6:09:
         b4:bd:52:e8:7f:d0:98:da:8b:f7:ef:31:7f:bb:f7:25:e1:5c:
         9a:ef:bb:ce:58:d2:bf:8b:59:4a:1b:53:83:a3:72:ce:75:dd:
         53:0d:ea:2b:9b:da:85:90:1b:c3:92:49:f1:37:71:ae:0d:11:
         f8:b1:0c:87:31:35:b0:b5:ea:f0:47:3e:f5:8b:21:3c:4b:1a:
         5f:f4:5c:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0A6H1AlQAEWxNkYq+JNrRmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjYwMzE4MTIyNTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGI4NjYxMzBlYzgxMGM2ZmVhOTQ4ZDhlY2NkZTQwOWRmMWM1OGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvEOmxa+cvdbe0ItmHdo/KdyF+UhZ
ajB87Z8SDjOqzHHgcJZ5YbCcOGBij34wgWSzmYVW7vc2GW2zqbfDgPUefnKmudz7
XLjfo3vEWgiaBzYnES4t2yfekBFUAZh6YVI8iWAPkwFSYqTxCD5+5OM5uf0fISdw
vt1zVVem7NLUQFMHY1A56CTNBTT8WoklbyErOi0RUvqEq8qXJv6qZ/uL5PKzsag4
Ngqq5AfMRpTziDOzkQN4x+WQDAq3jzwijgM50yjulpEb3Bz5aqKDmZKf0twHo3As
Cm+UDHxbCOL5X7Fu+aFb8jq9NqWG2KNoqHolG2EanOiZrxEg+3tYu2U5ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJS4ZhMOyBDG/qlI2OzN5AnfHFjgMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvbExobUV3N0lFTWItcVVqWTdNM2tDZDhjV09BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1DQMMA0G
CSqGSIb3DQEBCwUAA4IBAQBn5tNYPqSEw+GiL/NyWMVXXX9zgL40g1QR5XO+GT0Y
FX9iRGxGInnBBUGOoGAN5aaEy5ZLzQp1/0lWJOvjLx4AMPVVnxzfbyGQI8zlmH2d
4bUgftIgKP1/6ZNog/cyK/7w41RkjSx+mRHWU/zrU7x+/EddyuFp7LXP1eznSe7f
55JVXxo3vE93qAS0KLgmA3MJGwxZ5zShPYBHLOGZzkRun6JkOKtn3knBJLs7Zeo+
4obopgm0vVLof9CY2ov37zF/u/cl4Vya77vOWNK/i1lKG1ODo3LOdd1TDeorm9qF
kBvDkknxN3GuDRH4sQyHMTWwterwRz71iyE8Sxpf9FxA
-----END CERTIFICATE-----