Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/06ltcr-VR0mDGk3DU2V0Qs-Epps.roa
File:                     06ltcr-VR0mDGk3DU2V0Qs-Epps.roa (raw, json)
Hash identifier:          xy2x0t9miUDfzt16/BgNvKW7tRDWVpdYnHH/h+rimzA=
Subject key identifier:   D3:A9:6D:72:BF:95:47:49:83:1A:4D:C3:53:65:74:42:CF:84:A6:9B
Certificate issuer:       /CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
Certificate serial:       019CC587F3797701AF1A015DAF73277FDF50
Authority key identifier: A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/06ltcr-VR0mDGk3DU2V0Qs-Epps.roa
Signing time:             Fri 06 Mar 2026 23:42:27 +0000
ROA not before:           Fri 06 Mar 2026 23:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     23961
IP address blocks:        194.104.146.0/23 maxlen: 24
                          194.114.138.0/23 maxlen: 23
                          194.114.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Mar 2026 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:c5:87:f3:79:77:01:af:1a:01:5d:af:73:27:7f:df:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a576eb2cc462e6e4bf0de69b9f634875debbaae2
        Validity
            Not Before: Mar  6 23:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d3a96d72bf954749831a4dc353657442cf84a69b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:6f:c2:10:64:9c:8c:b8:8c:af:e9:ac:83:0d:
                    1c:86:1a:a2:76:ca:52:e2:93:d3:51:10:6b:8c:8b:
                    44:9e:f7:71:7f:28:45:9f:8c:22:ee:b8:63:38:4a:
                    92:13:c7:f8:f0:8d:d4:ee:b0:c0:51:87:7c:79:4b:
                    64:9d:34:40:62:af:ed:2b:d5:60:91:55:84:81:d5:
                    d3:6d:b5:df:4b:9c:85:e6:c5:72:67:c2:4f:a8:b9:
                    d6:1a:66:48:b7:2e:58:25:a1:9d:d6:f9:76:5b:ae:
                    e2:d9:76:90:4b:dd:6f:bf:fa:6a:d8:12:f6:e6:e3:
                    5a:fe:10:b1:cb:63:ba:f0:e0:6a:36:1d:91:55:e6:
                    1b:cf:ad:bc:1d:1a:5b:3b:72:c2:14:aa:66:32:e1:
                    5b:0d:f8:95:01:fc:1f:b2:56:56:e8:56:0f:d6:d8:
                    f2:f0:97:d8:15:fd:4b:3e:89:bf:4f:85:73:7b:e6:
                    84:98:d5:88:d3:2d:5b:b2:a0:ca:32:3f:aa:87:55:
                    65:8d:4c:e3:22:07:67:34:6a:9c:57:2c:31:34:47:
                    74:18:8a:41:c8:66:7d:7a:85:65:f8:fd:8b:c7:fb:
                    77:9e:ad:bd:cf:da:e4:81:e5:ae:2c:c8:c4:bc:44:
                    17:7b:75:be:31:16:58:d5:b1:78:a6:0b:d4:e0:38:
                    ca:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:A9:6D:72:BF:95:47:49:83:1A:4D:C3:53:65:74:42:CF:84:A6:9B
            X509v3 Authority Key Identifier:
                keyid:A5:76:EB:2C:C4:62:E6:E4:BF:0D:E6:9B:9F:63:48:75:DE:BB:AA:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pXbrLMRi5uS_Deabn2NIdd67quI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/06ltcr-VR0mDGk3DU2V0Qs-Epps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/931927-9f38-41b6-87fa-254acd92b4e1/1/pXbrLMRi5uS_Deabn2NIdd67quI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.104.146.0/23
                  194.114.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6d:f4:ed:70:3e:b3:42:28:2b:7c:25:42:cc:b5:86:d4:ae:3a:
         61:e9:4f:40:e6:96:c5:7e:cf:48:a2:82:43:b5:bb:01:82:ed:
         a6:a2:02:87:cc:82:19:56:93:71:6c:55:87:ef:19:92:f7:d2:
         66:b5:b8:18:30:84:c8:77:a0:d3:df:7e:2c:ce:74:76:86:bf:
         06:a1:54:6c:3b:60:02:74:e8:d7:89:7d:66:bf:47:a3:52:f3:
         a8:d2:cd:c6:f5:98:bd:a6:fa:92:43:1e:4d:ec:64:20:80:e0:
         08:71:ae:2c:04:d8:62:74:9f:1f:f4:a0:2b:e8:ab:1b:a9:cd:
         2d:37:df:e8:0b:96:cf:e3:69:58:54:48:99:6c:a2:8c:7e:f4:
         4b:6c:81:ad:7b:11:df:8a:49:23:ce:f2:2a:f6:1a:9e:09:94:
         49:4f:e1:a3:7b:b0:ed:ef:f8:5f:23:53:88:c4:32:a7:26:75:
         51:fb:23:bc:40:93:e2:06:ee:56:96:c5:93:50:16:0d:bd:25:
         b6:bc:ea:a3:7f:3f:1a:f1:96:b1:86:65:46:cf:6b:84:85:62:
         37:db:73:e0:b4:77:f7:b4:7d:54:5e:91:5d:46:5a:62:01:2d:
         ee:ee:54:11:df:6a:39:84:5f:f2:7a:2e:7e:40:f8:b3:d4:ab:
         a9:b4:ed:4e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZzFh/N5dwGvGgFdr3Mnf99QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1NzZlYjJjYzQ2MmU2ZTRiZjBkZTY5YjlmNjM0ODc1ZGVi
YmFhZTIwHhcNMjYwMzA2MjM0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2E5NmQ3MmJmOTU0NzQ5ODMxYTRkYzM1MzY1NzQ0MmNmODRhNjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2m/CEGScjLiMr+msgw0chhqidspS
4pPTURBrjItEnvdxfyhFn4wi7rhjOEqSE8f48I3U7rDAUYd8eUtknTRAYq/tK9Vg
kVWEgdXTbbXfS5yF5sVyZ8JPqLnWGmZIty5YJaGd1vl2W67i2XaQS91vv/pq2BL2
5uNa/hCxy2O68OBqNh2RVeYbz628HRpbO3LCFKpmMuFbDfiVAfwfslZW6FYP1tjy
8JfYFf1LPom/T4Vze+aEmNWI0y1bsqDKMj+qh1VljUzjIgdnNGqcVywxNEd0GIpB
yGZ9eoVl+P2Lx/t3nq29z9rkgeWuLMjEvEQXe3W+MRZY1bF4pgvU4DjKOQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNOpbXK/lUdJgxpNw1NldELPhKabMB8GA1UdIwQY
MBaAFKV26yzEYubkvw3mm59jSHXeu6riMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEt
MjU0YWNkOTJiNGUxLzEvMDZsdGNyLVZSMG1ER2szRFUyVjBRcy1FcHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny85MzE5MjctOWYzOC00MWI2LTg3ZmEtMjU0YWNkOTJiNGUx
LzEvcFhickxNUmk1dVNfRGVhYm4yTklkZDY3cXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwmiSAwQB
wnKKMA0GCSqGSIb3DQEBCwUAA4IBAQBt9O1wPrNCKCt8JULMtYbUrjph6U9A5pbF
fs9IooJDtbsBgu2mogKHzIIZVpNxbFWH7xmS99JmtbgYMITId6DT334sznR2hr8G
oVRsO2ACdOjXiX1mv0ejUvOo0s3G9Zi9pvqSQx5N7GQggOAIca4sBNhidJ8f9KAr
6Ksbqc0tN9/oC5bP42lYVEiZbKKMfvRLbIGtexHfikkjzvIq9hqeCZRJT+Gje7Dt
7/hfI1OIxDKnJnVR+yO8QJPiBu5WlsWTUBYNvSW2vOqjfz8a8ZaxhmVGz2uEhWI3
23PgtHf3tH1UXpFdRlpiAS3u7lQR32o5hF/yei5+QPiz1KuptO1O
-----END CERTIFICATE-----