Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/lQ5I1RQhBLo7oEEMwItGQL1D4co.roa
File:                     lQ5I1RQhBLo7oEEMwItGQL1D4co.roa (raw, json)
Hash identifier:          JsbTSCE7CBEzvAaKOwDU8edPgIOKQAAWgiGQC/UlKpg=
Subject key identifier:   95:0E:48:D5:14:21:04:BA:3B:A0:41:0C:C0:8B:46:40:BD:43:E1:CA
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       019D4CDC669261EC7E360C59E2C82F65D166
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/lQ5I1RQhBLo7oEEMwItGQL1D4co.roa
Signing time:             Thu 02 Apr 2026 06:23:25 +0000
ROA not before:           Thu 02 Apr 2026 06:23:25 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57844
IP address blocks:        45.83.182.0/24 maxlen: 24
                          139.28.72.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 01:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:4c:dc:66:92:61:ec:7e:36:0c:59:e2:c8:2f:65:d1:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Apr  2 06:23:25 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=950e48d5142104ba3ba0410cc08b4640bd43e1ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:84:a8:5c:95:c4:0d:aa:90:41:46:d1:94:bd:
                    6e:8e:7b:46:6e:57:45:da:b9:02:1a:ca:f6:7d:93:
                    25:f5:25:35:ec:77:8a:b1:5e:da:08:c3:92:44:bb:
                    06:2a:4e:66:0c:46:72:3f:2a:74:56:78:b0:b4:71:
                    28:66:3e:c8:09:4f:ac:ce:f1:58:f3:36:94:59:f5:
                    19:0d:22:42:db:ec:4b:00:e2:07:d3:c6:68:04:80:
                    f7:bc:4f:72:1b:f4:dc:04:ff:2b:44:db:2c:61:45:
                    1b:96:ef:99:60:39:c0:05:e7:e4:4f:6f:91:a7:34:
                    54:c8:92:32:20:99:39:38:b4:62:4b:c5:a1:bb:08:
                    b6:91:47:09:0e:6e:b8:29:9d:89:b2:9f:7a:9e:19:
                    65:a4:18:5e:b9:a6:d3:f3:19:a6:16:2e:09:7a:6d:
                    56:cc:0b:b2:80:98:31:39:4c:3d:b6:95:47:54:76:
                    5b:f2:4a:7b:15:82:28:a5:cd:9a:f2:83:e6:43:93:
                    2f:33:7a:0c:ae:11:26:d6:e6:cd:dc:77:2c:b5:6c:
                    38:50:e2:c0:4a:54:ed:a2:f7:d8:43:1d:3c:5b:f1:
                    e9:41:c1:b7:72:a4:2e:b3:14:60:d1:09:74:11:ea:
                    37:8f:4f:37:dc:d3:c2:5f:71:88:d0:e7:d1:c8:e3:
                    68:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:0E:48:D5:14:21:04:BA:3B:A0:41:0C:C0:8B:46:40:BD:43:E1:CA
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/lQ5I1RQhBLo7oEEMwItGQL1D4co.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.182.0/24
                  139.28.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:90:05:5e:ed:e6:02:73:57:ab:4f:94:93:49:02:a1:ad:61:
         6d:8f:26:c9:1c:a5:ec:5b:d2:6f:ef:88:34:6b:ed:b5:62:bb:
         cf:35:54:21:6a:a2:3c:14:94:57:90:e6:80:90:38:a3:57:ba:
         d4:48:ee:78:73:44:dc:96:fd:0d:e8:01:89:a2:f9:9f:ee:81:
         a4:9f:f2:6a:13:0a:04:2c:fa:4c:6b:f9:5d:aa:c4:f3:db:61:
         19:a0:0a:11:d4:b4:cb:6e:ea:60:7b:82:a7:98:95:bc:70:25:
         cc:eb:64:a4:b4:00:be:df:13:b0:16:27:0c:18:70:e6:55:57:
         92:8a:4d:e1:ba:f7:95:ca:a9:1c:8e:f3:fb:0e:ec:d4:ee:a9:
         99:b9:0e:fc:26:bf:fd:e7:55:24:1a:3a:34:8c:3c:28:b0:1a:
         82:53:99:dc:8b:b4:32:74:c8:97:ec:ae:16:a8:3e:52:35:1b:
         c5:14:00:8a:50:3c:ad:94:7e:e4:ce:33:3e:26:5a:5a:7e:76:
         06:26:ad:51:1c:f7:77:dd:ae:21:98:e8:70:4b:da:71:b7:21:
         a5:09:73:88:d9:e2:40:3c:0e:66:6b:c6:90:f9:f0:0e:04:1a:
         7f:74:8e:d5:b3:37:ef:20:73:c5:86:b5:53:1c:64:31:9d:e5:
         b1:0e:dd:a2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1M3GaSYex+NgxZ4sgvZdFmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjYwNDAyMDYyMzI1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTBlNDhkNTE0MjEwNGJhM2JhMDQxMGNjMDhiNDY0MGJkNDNlMWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3oSoXJXEDaqQQUbRlL1ujntGbldF
2rkCGsr2fZMl9SU17HeKsV7aCMOSRLsGKk5mDEZyPyp0VniwtHEoZj7ICU+szvFY
8zaUWfUZDSJC2+xLAOIH08ZoBID3vE9yG/TcBP8rRNssYUUblu+ZYDnABefkT2+R
pzRUyJIyIJk5OLRiS8Whuwi2kUcJDm64KZ2Jsp96nhllpBheuabT8xmmFi4Jem1W
zAuygJgxOUw9tpVHVHZb8kp7FYIopc2a8oPmQ5MvM3oMrhEm1ubN3HcstWw4UOLA
SlTtovfYQx08W/HpQcG3cqQusxRg0Ql0Eeo3j0833NPCX3GI0OfRyONoVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJUOSNUUIQS6O6BBDMCLRkC9Q+HKMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvbFE1STFSUWhCTG83b0VFTXdJdEdRTDFENGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVO2AwQC
ixxIMA0GCSqGSIb3DQEBCwUAA4IBAQBvkAVe7eYCc1erT5STSQKhrWFtjybJHKXs
W9Jv74g0a+21YrvPNVQhaqI8FJRXkOaAkDijV7rUSO54c0Tclv0N6AGJovmf7oGk
n/JqEwoELPpMa/ldqsTz22EZoAoR1LTLbupge4KnmJW8cCXM62SktAC+3xOwFicM
GHDmVVeSik3huveVyqkcjvP7DuzU7qmZuQ78Jr/951UkGjo0jDwosBqCU5nci7Qy
dMiX7K4WqD5SNRvFFACKUDytlH7kzjM+JlpafnYGJq1RHPd33a4hmOhwS9pxtyGl
CXOI2eJAPA5ma8aQ+fAOBBp/dI7VszfvIHPFhrVTHGQxneWxDt2i
-----END CERTIFICATE-----