Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/d8225f-8b73-46b0-9d84-a09a73770568/1/LixKFAOu81SmYmL4xCgVhf_Xlcg.roa
File:                     LixKFAOu81SmYmL4xCgVhf_Xlcg.roa (raw, json)
Hash identifier:          aRLT5CHgFsSmckl/aN4gO8NDbuP1WY8705e0YB2xo6U=
Subject key identifier:   2E:2C:4A:14:03:AE:F3:54:A6:62:62:F8:C4:28:15:85:FF:D7:95:C8
Certificate issuer:       /CN=94ca7d9bf91cde769b2772d4d519885bc985e7a9
Certificate serial:       019C664FD14D8C311CEB13F7DB5DABFEEAE0
Authority key identifier: 94:CA:7D:9B:F9:1C:DE:76:9B:27:72:D4:D5:19:88:5B:C9:85:E7:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lMp9m_kc3nabJ3LU1RmIW8mF56k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/d8225f-8b73-46b0-9d84-a09a73770568/1/LixKFAOu81SmYmL4xCgVhf_Xlcg.roa
Signing time:             Mon 16 Feb 2026 11:57:12 +0000
ROA not before:           Mon 16 Feb 2026 11:57:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214778
IP address blocks:        185.81.205.0/24 maxlen: 24
                          212.47.39.0/24 maxlen: 24
                          2a02:2bc0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/d8225f-8b73-46b0-9d84-a09a73770568/1/lMp9m_kc3nabJ3LU1RmIW8mF56k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/d8225f-8b73-46b0-9d84-a09a73770568/1/lMp9m_kc3nabJ3LU1RmIW8mF56k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lMp9m_kc3nabJ3LU1RmIW8mF56k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Mar 2026 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:66:4f:d1:4d:8c:31:1c:eb:13:f7:db:5d:ab:fe:ea:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94ca7d9bf91cde769b2772d4d519885bc985e7a9
        Validity
            Not Before: Feb 16 11:57:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e2c4a1403aef354a66262f8c4281585ffd795c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:1e:3f:ac:03:f5:67:84:cf:8c:41:29:60:bb:
                    68:75:58:ff:48:4f:00:43:99:dc:a0:df:40:47:08:
                    1c:21:03:b4:6b:02:73:f1:cc:87:23:e9:52:30:3d:
                    ba:eb:c0:26:6f:fd:6c:25:af:20:f5:22:e6:6f:a8:
                    32:7a:0c:71:68:fc:cf:71:d3:d1:e0:03:f1:08:34:
                    89:d4:ed:7c:5b:31:d1:b1:c6:4c:7d:11:93:d8:0a:
                    98:80:4e:4e:2e:d3:d2:c4:a3:71:f5:2d:56:df:c1:
                    95:09:4a:91:76:30:88:fb:db:70:70:55:ca:89:17:
                    3a:ad:b3:21:06:3d:8f:7c:d7:3a:5d:0d:1c:10:bf:
                    b3:63:b7:b1:4b:92:25:c2:d0:f1:bb:8b:0e:73:c1:
                    9f:45:24:4f:58:b3:9b:d4:3f:c4:c5:14:ec:a5:1b:
                    71:93:bc:2a:3d:01:c2:76:49:3f:61:52:a7:62:ae:
                    67:44:45:82:1b:f5:8f:55:8d:be:e6:ee:ce:14:8e:
                    6a:cb:1d:a1:5f:5c:22:7c:a1:e3:19:da:5d:cb:4f:
                    60:dc:ec:d0:02:dd:71:05:63:40:79:0a:40:c1:f6:
                    9c:fb:8c:07:38:d7:6f:1f:af:de:47:18:34:35:42:
                    13:08:14:0c:ad:b8:db:a3:d2:1e:a7:fd:36:66:2b:
                    2b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:2C:4A:14:03:AE:F3:54:A6:62:62:F8:C4:28:15:85:FF:D7:95:C8
            X509v3 Authority Key Identifier:
                keyid:94:CA:7D:9B:F9:1C:DE:76:9B:27:72:D4:D5:19:88:5B:C9:85:E7:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lMp9m_kc3nabJ3LU1RmIW8mF56k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d8225f-8b73-46b0-9d84-a09a73770568/1/LixKFAOu81SmYmL4xCgVhf_Xlcg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/d8225f-8b73-46b0-9d84-a09a73770568/1/lMp9m_kc3nabJ3LU1RmIW8mF56k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.81.205.0/24
                  212.47.39.0/24
                IPv6:
                  2a02:2bc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:93:3a:8c:1b:5b:c8:38:0b:62:2c:33:f3:ba:f9:11:92:31:
         25:bf:78:fa:de:8e:cc:5d:2e:24:75:55:1c:48:2f:2f:b7:00:
         37:52:4a:33:d6:8c:b6:50:23:b1:33:ac:59:67:8e:5e:56:7c:
         46:ad:85:f0:9a:d3:0f:f3:1e:42:03:20:38:22:99:97:32:1f:
         f9:c2:21:17:96:bc:b3:e6:7a:a9:c1:05:ac:b1:f6:a5:0d:ba:
         8f:c3:3b:5c:4d:05:db:5f:96:2c:3c:1a:48:76:82:65:43:bd:
         0e:bc:d5:19:22:b8:a8:9f:2d:35:ef:bc:45:64:be:c7:d1:40:
         63:48:c4:85:3b:47:b1:cb:0a:26:bf:ab:c0:28:b8:96:e1:dc:
         59:3e:c5:32:3f:8e:b8:e5:3b:e2:8e:d6:77:e7:12:ff:f0:33:
         9e:a6:be:fe:e6:61:9a:95:8a:f8:a6:8d:4d:c1:34:34:86:50:
         73:a1:e0:76:15:5e:a7:60:c1:ab:df:b5:75:78:ae:a0:48:69:
         32:f2:8e:e5:2d:89:3c:05:7e:a2:72:67:2d:6a:12:93:c4:bc:
         b4:2b:83:33:33:16:9e:37:37:5e:7f:97:af:5e:19:53:d7:c4:
         24:45:b5:53:a2:2a:9d:a5:62:ab:81:fd:d3:b3:7d:45:f9:29:
         3a:51:4e:04
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZxmT9FNjDEc6xP3212r/urgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0Y2E3ZDliZjkxY2RlNzY5YjI3NzJkNGQ1MTk4ODViYzk4
NWU3YTkwHhcNMjYwMjE2MTE1NzEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTJjNGExNDAzYWVmMzU0YTY2MjYyZjhjNDI4MTU4NWZmZDc5NWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlB4/rAP1Z4TPjEEpYLtodVj/SE8A
Q5ncoN9ARwgcIQO0awJz8cyHI+lSMD2668Amb/1sJa8g9SLmb6gyegxxaPzPcdPR
4APxCDSJ1O18WzHRscZMfRGT2AqYgE5OLtPSxKNx9S1W38GVCUqRdjCI+9twcFXK
iRc6rbMhBj2PfNc6XQ0cEL+zY7exS5IlwtDxu4sOc8GfRSRPWLOb1D/ExRTspRtx
k7wqPQHCdkk/YVKnYq5nREWCG/WPVY2+5u7OFI5qyx2hX1wifKHjGdpdy09g3OzQ
At1xBWNAeQpAwfac+4wHONdvH6/eRxg0NUITCBQMrbjbo9Iep/02ZisrywIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFC4sShQDrvNUpmJi+MQoFYX/15XIMB8GA1UdIwQY
MBaAFJTKfZv5HN52mydy1NUZiFvJheepMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE1wOW1fa2MzbmFiSjNMVTFSbUlXOG1GNTZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS9kODIyNWYtOGI3My00NmIwLTlkODQt
YTA5YTczNzcwNTY4LzEvTGl4S0ZBT3U4MVNtWW1MNHhDZ1ZoZl9YbGNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS9kODIyNWYtOGI3My00NmIwLTlkODQtYTA5YTczNzcwNTY4
LzEvbE1wOW1fa2MzbmFiSjNMVTFSbUlXOG1GNTZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuVHNAwQA
1C8nMA0EAgACMAcDBQMqAivAMA0GCSqGSIb3DQEBCwUAA4IBAQAHkzqMG1vIOAti
LDPzuvkRkjElv3j63o7MXS4kdVUcSC8vtwA3Ukoz1oy2UCOxM6xZZ45eVnxGrYXw
mtMP8x5CAyA4IpmXMh/5wiEXlryz5nqpwQWssfalDbqPwztcTQXbX5YsPBpIdoJl
Q70OvNUZIriony0177xFZL7H0UBjSMSFO0exywomv6vAKLiW4dxZPsUyP4645Tvi
jtZ35xL/8DOepr7+5mGalYr4po1NwTQ0hlBzoeB2FV6nYMGr37V1eK6gSGky8o7l
LYk8BX6icmctahKTxLy0K4MzMxaeNzdef5evXhlT18QkRbVToiqdpWKrgf3Ts31F
+Sk6UU4E
-----END CERTIFICATE-----