Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/Lh89wnbqg7wSoE7Dn0YRpSUD1As.roa
File:                     Lh89wnbqg7wSoE7Dn0YRpSUD1As.roa (raw, json)
Hash identifier:          WRrXcO4RCbjFqgI5xUr9BaSA/vzn9KlystUhc3EqtKo=
Subject key identifier:   2E:1F:3D:C2:76:EA:83:BC:12:A0:4E:C3:9F:46:11:A5:25:03:D4:0B
Certificate issuer:       /CN=794838864d6805162693bdf249f3b8ac31f680bd
Certificate serial:       019E032E273E89A20EF7D6CD86E4EC7B7F6C
Authority key identifier: 79:48:38:86:4D:68:05:16:26:93:BD:F2:49:F3:B8:AC:31:F6:80:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/Lh89wnbqg7wSoE7Dn0YRpSUD1As.roa
Signing time:             Thu 07 May 2026 16:03:36 +0000
ROA not before:           Thu 07 May 2026 16:03:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     917
IP address blocks:        201.78.144.0/20 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 May 2026 20:10:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:03:2e:27:3e:89:a2:0e:f7:d6:cd:86:e4:ec:7b:7f:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=794838864d6805162693bdf249f3b8ac31f680bd
        Validity
            Not Before: May  7 16:03:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e1f3dc276ea83bc12a04ec39f4611a52503d40b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:11:98:8f:f9:7b:b6:af:be:d0:cc:b5:9f:d7:
                    5c:2a:3a:4c:4e:ba:cc:16:0b:ce:d1:d1:85:d7:16:
                    a0:08:0f:8e:f2:49:1f:9e:fa:72:41:90:f9:6e:02:
                    da:1b:f4:6b:fe:08:19:72:b0:e9:4f:d1:76:a3:86:
                    42:6c:49:ae:2e:49:32:05:a3:38:1b:5b:db:d8:c4:
                    17:ed:a6:0d:0a:ec:d1:a9:59:09:e2:7f:02:d5:1e:
                    9b:9e:1b:62:d6:13:c7:97:c8:4c:d7:73:63:7e:a1:
                    79:e5:a2:67:a6:60:ad:6d:4a:8f:a4:dc:2b:26:64:
                    97:09:c7:11:21:4a:71:0f:d1:a8:a7:f1:66:ef:50:
                    c0:cf:03:42:9f:2b:89:d1:9f:09:9b:d1:d6:0a:45:
                    2b:a0:0f:a8:db:77:0f:b9:90:83:b0:3d:d6:15:e8:
                    99:cb:f4:ea:70:26:db:94:52:23:4f:c0:0b:ac:16:
                    75:22:c9:5a:d8:84:60:df:c3:fa:83:ce:7e:54:7f:
                    56:9d:19:0e:a2:86:d7:72:15:71:a0:05:9a:00:04:
                    08:d2:56:d1:29:eb:50:41:0c:30:6b:d1:1d:40:63:
                    16:5e:da:69:c3:7b:c0:3b:4e:ec:d6:86:63:e3:70:
                    fb:22:32:4f:bf:5f:c5:57:ce:e7:4a:9e:64:0d:9c:
                    9c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:1F:3D:C2:76:EA:83:BC:12:A0:4E:C3:9F:46:11:A5:25:03:D4:0B
            X509v3 Authority Key Identifier:
                keyid:79:48:38:86:4D:68:05:16:26:93:BD:F2:49:F3:B8:AC:31:F6:80:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eUg4hk1oBRYmk73ySfO4rDH2gL0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/Lh89wnbqg7wSoE7Dn0YRpSUD1As.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/1d5ad0-4785-4046-b8e6-a0e70e5056ef/1/eUg4hk1oBRYmk73ySfO4rDH2gL0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  201.78.144.0/20

    Signature Algorithm: sha256WithRSAEncryption
         35:d5:7f:ff:3f:96:9e:1c:c1:62:47:0e:f2:12:fb:6d:3f:c2:
         7e:a9:e0:86:57:ef:b9:ee:a3:37:71:b1:fd:cd:82:62:80:1c:
         70:15:d8:b6:61:36:d5:be:c8:10:3c:11:21:30:8f:00:c0:a9:
         55:82:cb:d2:67:60:ff:a9:54:05:70:b0:2d:ca:51:85:8a:be:
         2b:b9:e8:b4:b7:5c:16:c9:f1:df:55:ad:f1:83:80:79:4c:aa:
         f4:17:26:bb:0d:2a:db:ac:94:f1:ae:dd:71:8b:8b:aa:51:9e:
         2c:66:0b:79:2d:5b:f0:6a:8f:8b:e5:3e:8f:3e:7e:c1:c7:6f:
         31:24:27:14:58:64:6e:0b:9d:45:80:ec:30:60:47:4c:20:99:
         f9:41:96:f7:6f:6e:61:83:91:33:62:4e:3f:8c:28:a5:c8:17:
         d9:bc:7a:56:d2:2f:32:dc:f9:c9:6a:67:e8:c5:9d:da:9b:bd:
         ca:78:bf:4b:e8:48:db:df:22:41:08:83:19:c1:40:48:33:08:
         5e:18:9e:cd:fb:ce:01:77:ab:bb:15:b0:c7:de:38:2b:f1:39:
         9d:6c:ea:68:67:e2:10:5a:80:77:2e:af:5c:19:f5:95:af:94:
         14:67:c9:f9:5e:46:1e:b6:a0:fc:0a:9a:78:a7:92:da:c2:9a:
         d8:3e:b5:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ4DLic+iaIO99bNhuTse39sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5NDgzODg2NGQ2ODA1MTYyNjkzYmRmMjQ5ZjNiOGFjMzFm
NjgwYmQwHhcNMjYwNTA3MTYwMzM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTFmM2RjMjc2ZWE4M2JjMTJhMDRlYzM5ZjQ2MTFhNTI1MDNkNDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhGYj/l7tq++0My1n9dcKjpMTrrM
FgvO0dGF1xagCA+O8kkfnvpyQZD5bgLaG/Rr/ggZcrDpT9F2o4ZCbEmuLkkyBaM4
G1vb2MQX7aYNCuzRqVkJ4n8C1R6bnhti1hPHl8hM13NjfqF55aJnpmCtbUqPpNwr
JmSXCccRIUpxD9Gop/Fm71DAzwNCnyuJ0Z8Jm9HWCkUroA+o23cPuZCDsD3WFeiZ
y/TqcCbblFIjT8ALrBZ1Isla2IRg38P6g85+VH9WnRkOoobXchVxoAWaAAQI0lbR
KetQQQwwa9EdQGMWXtppw3vAO07s1oZj43D7IjJPv1/FV87nSp5kDZycqQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4fPcJ26oO8EqBOw59GEaUlA9QLMB8GA1UdIwQY
MBaAFHlIOIZNaAUWJpO98knzuKwx9oC9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZVVnNGhrMW9CUlltazczeVNmTzRyREgyZ0wwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS8xZDVhZDAtNDc4NS00MDQ2LWI4ZTYt
YTBlNzBlNTA1NmVmLzEvTGg4OXduYnFnN3dTb0U3RG4wWVJwU1VEMUFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS8xZDVhZDAtNDc4NS00MDQ2LWI4ZTYtYTBlNzBlNTA1NmVm
LzEvZVVnNGhrMW9CUlltazczeVNmTzRyREgyZ0wwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEyU6QMA0G
CSqGSIb3DQEBCwUAA4IBAQA11X//P5aeHMFiRw7yEvttP8J+qeCGV++57qM3cbH9
zYJigBxwFdi2YTbVvsgQPBEhMI8AwKlVgsvSZ2D/qVQFcLAtylGFir4ruei0t1wW
yfHfVa3xg4B5TKr0Fya7DSrbrJTxrt1xi4uqUZ4sZgt5LVvwao+L5T6PPn7Bx28x
JCcUWGRuC51FgOwwYEdMIJn5QZb3b25hg5EzYk4/jCilyBfZvHpW0i8y3PnJamfo
xZ3am73KeL9L6Ejb3yJBCIMZwUBIMwheGJ7N+84Bd6u7FbDH3jgr8TmdbOpoZ+IQ
WoB3Lq9cGfWVr5QUZ8n5XkYetqD8Cpp4p5LawprYPrUh
-----END CERTIFICATE-----