Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/LJaTMA7hzqrxIKqt1N8qKcGjpzQ.roa
File:                     LJaTMA7hzqrxIKqt1N8qKcGjpzQ.roa (raw, json)
Hash identifier:          dKpW/NNNJvCP5rCPr1Wf+Aj+IhMSdVYLHgvIte9eB14=
Subject key identifier:   2C:96:93:30:0E:E1:CE:AA:F1:20:AA:AD:D4:DF:2A:29:C1:A3:A7:34
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019D0FE577DE599E230D0726D8EE0E3D7311
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/LJaTMA7hzqrxIKqt1N8qKcGjpzQ.roa
Signing time:             Sat 21 Mar 2026 10:16:29 +0000
ROA not before:           Sat 21 Mar 2026 10:16:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     14618
IP address blocks:        185.81.30.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 26 Mar 2026 17:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0f:e5:77:de:59:9e:23:0d:07:26:d8:ee:0e:3d:73:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Mar 21 10:16:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c9693300ee1ceaaf120aaadd4df2a29c1a3a734
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:0b:40:26:28:60:30:85:e0:4c:06:b9:57:d2:
                    df:53:d6:47:31:6a:e0:30:4c:10:d5:51:53:49:ca:
                    9f:b0:e6:20:ae:42:48:b5:91:95:c5:09:a6:10:fc:
                    6a:81:76:9a:d1:6b:ae:c5:a5:4b:04:16:94:4c:bd:
                    5f:18:a7:65:fb:82:42:90:9d:bf:24:84:0f:20:fb:
                    d8:5b:fc:8c:71:47:91:9b:67:96:f4:df:84:83:18:
                    e8:ba:d0:b7:40:07:fa:e8:69:90:7f:2d:1c:c1:7f:
                    d8:d0:17:ae:5d:cd:d0:56:95:6f:ba:6b:68:5a:f5:
                    6a:5b:c1:2a:13:3c:9c:bd:b6:8c:93:00:87:70:5c:
                    5f:bf:55:33:c1:ec:0c:1d:c0:80:6d:b2:76:3d:f3:
                    82:c8:5d:0a:c0:f6:b0:c2:0d:2f:f9:30:35:5d:2a:
                    c3:98:c8:8d:11:8f:40:a5:f8:03:93:55:e7:ca:c0:
                    be:82:43:3e:63:af:68:6e:6c:a4:c0:90:d3:17:ce:
                    22:f6:bb:f5:a3:90:a5:1e:3e:24:d0:c1:fc:57:61:
                    cf:e5:42:61:95:2a:bc:14:f6:7b:de:55:d2:64:a6:
                    db:dd:a7:bf:41:60:a3:4b:0f:b6:67:7f:63:6c:15:
                    1e:12:aa:b9:8a:4e:64:f5:7b:da:af:b8:04:cb:59:
                    c4:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:96:93:30:0E:E1:CE:AA:F1:20:AA:AD:D4:DF:2A:29:C1:A3:A7:34
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/LJaTMA7hzqrxIKqt1N8qKcGjpzQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.30.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5d:8e:67:8f:46:32:8a:f5:b8:ac:5e:de:ad:d7:2a:ff:47:ff:
         d6:25:65:f1:75:81:e9:6f:af:09:9b:cb:75:4d:3a:9a:c2:70:
         9a:99:81:65:1c:76:47:b2:df:8d:fb:a9:66:03:df:24:bf:0f:
         eb:fd:e6:8e:43:72:da:e1:fc:e8:ce:64:e8:f0:65:af:09:29:
         d8:bd:1a:59:56:72:fa:2f:f9:23:5b:d8:9f:97:a7:f0:c8:59:
         c4:cd:3f:7a:9e:a2:ee:c4:d5:01:08:ee:dd:ed:aa:45:83:e6:
         97:e1:e3:1f:1d:53:77:a9:2f:e2:a0:bb:85:13:99:29:ac:0a:
         12:37:5b:6a:2e:e3:c9:9c:43:2b:a0:fe:b4:04:e0:dd:4d:ea:
         97:4d:fe:a5:b8:dd:0d:66:1c:25:29:41:9a:bf:89:a6:93:eb:
         1d:50:6e:60:2c:26:a1:13:d5:e6:da:84:b8:19:9c:9e:d9:1f:
         e8:b1:59:70:22:e8:ea:3e:1e:65:2b:a3:34:34:79:00:e0:1a:
         ee:c5:5d:ae:d4:e2:f3:59:ed:7f:27:63:66:87:0d:56:00:39:
         0d:1a:f4:50:28:29:1e:ba:e5:b1:75:6e:dc:2a:cc:e1:23:8d:
         ca:0e:b1:3d:27:15:51:22:17:62:5f:d5:f6:77:54:25:4c:a4:
         d5:a6:e6:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0P5XfeWZ4jDQcm2O4OPXMRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjYwMzIxMTAxNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzk2OTMzMDBlZTFjZWFhZjEyMGFhYWRkNGRmMmEyOWMxYTNhNzM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhwtAJihgMIXgTAa5V9LfU9ZHMWrg
MEwQ1VFTScqfsOYgrkJItZGVxQmmEPxqgXaa0WuuxaVLBBaUTL1fGKdl+4JCkJ2/
JIQPIPvYW/yMcUeRm2eW9N+EgxjoutC3QAf66GmQfy0cwX/Y0BeuXc3QVpVvumto
WvVqW8EqEzycvbaMkwCHcFxfv1UzwewMHcCAbbJ2PfOCyF0KwPawwg0v+TA1XSrD
mMiNEY9ApfgDk1XnysC+gkM+Y69obmykwJDTF84i9rv1o5ClHj4k0MH8V2HP5UJh
lSq8FPZ73lXSZKbb3ae/QWCjSw+2Z39jbBUeEqq5ik5k9Xvar7gEy1nE5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyWkzAO4c6q8SCqrdTfKinBo6c0MB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvTEphVE1BN2h6cXJ4SUtxdDFOOHFLY0dqcHpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVEeMA0G
CSqGSIb3DQEBCwUAA4IBAQBdjmePRjKK9bisXt6t1yr/R//WJWXxdYHpb68Jm8t1
TTqawnCamYFlHHZHst+N+6lmA98kvw/r/eaOQ3La4fzozmTo8GWvCSnYvRpZVnL6
L/kjW9ifl6fwyFnEzT96nqLuxNUBCO7d7apFg+aX4eMfHVN3qS/ioLuFE5kprAoS
N1tqLuPJnEMroP60BODdTeqXTf6luN0NZhwlKUGav4mmk+sdUG5gLCahE9Xm2oS4
GZye2R/osVlwIujqPh5lK6M0NHkA4BruxV2u1OLzWe1/J2Nmhw1WADkNGvRQKCke
uuWxdW7cKszhI43KDrE9JxVRIhdiX9X2d1QlTKTVpuas
-----END CERTIFICATE-----