Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/lugW21gGeuaGm697DyxmwJljgS0.roa
File:                     lugW21gGeuaGm697DyxmwJljgS0.roa (raw, json)
Hash identifier:          6BTNi4ybARb+KthdQDA3auPtDeLT+Nu/WzRIV+1kw6c=
Subject key identifier:   96:E8:16:DB:58:06:7A:E6:86:9B:AF:7B:0F:2C:66:C0:99:63:81:2D
Certificate issuer:       /CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
Certificate serial:       019E92CC68424B4E3C15A9AFD6A510C8F015
Authority key identifier: 71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/lugW21gGeuaGm697DyxmwJljgS0.roa
Signing time:             Thu 04 Jun 2026 13:22:09 +0000
ROA not before:           Thu 04 Jun 2026 13:22:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201744
IP address blocks:        185.224.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 17:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:92:cc:68:42:4b:4e:3c:15:a9:af:d6:a5:10:c8:f0:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=71bddeaf0f30fbdaf9e75b92ac7d5bd13f285de7
        Validity
            Not Before: Jun  4 13:22:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=96e816db58067ae6869baf7b0f2c66c09963812d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:bf:cb:56:61:e9:bc:18:a7:89:7d:22:9b:03:
                    64:80:43:a1:37:ec:d7:ed:4d:14:41:70:04:8d:67:
                    4e:27:2f:ec:6d:df:3d:bc:fb:b8:45:a5:5b:4f:44:
                    be:91:49:79:ef:58:83:31:9a:fe:55:28:38:a2:c2:
                    64:8c:f3:ff:a8:25:6a:d4:25:d3:6d:d5:b9:0b:bb:
                    a1:1e:3a:81:4a:1c:5e:2e:b9:76:b5:49:7e:ac:86:
                    e2:0f:c9:f5:07:e9:1d:91:32:b7:a6:9c:dc:97:37:
                    7c:30:6e:4b:b7:0f:ca:1a:1e:0a:aa:0c:2f:80:f6:
                    f7:7f:c0:31:7b:39:88:2b:83:df:cf:79:a5:8c:d0:
                    44:33:8f:7b:b3:d4:17:1a:2d:53:7a:80:b6:a8:2a:
                    75:0b:c7:be:7d:19:53:d4:e0:4e:1e:2e:58:06:e4:
                    18:00:f4:7d:fc:ae:89:5a:e0:0e:66:de:b6:62:f9:
                    5f:09:93:46:2b:33:d2:bf:ae:a7:6a:41:ab:d9:52:
                    f9:e2:08:0a:9f:4f:79:5c:e2:5b:c6:c9:21:0a:0b:
                    04:6e:9e:f0:76:09:49:6b:5d:b9:a5:31:f6:95:cc:
                    90:1f:8d:d0:72:7c:fd:f2:80:8f:d8:fa:f6:ae:03:
                    ce:ec:ba:b9:36:8a:7c:26:92:b1:e3:2e:f3:2f:f5:
                    09:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:E8:16:DB:58:06:7A:E6:86:9B:AF:7B:0F:2C:66:C0:99:63:81:2D
            X509v3 Authority Key Identifier:
                keyid:71:BD:DE:AF:0F:30:FB:DA:F9:E7:5B:92:AC:7D:5B:D1:3F:28:5D:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb3erw8w-9r551uSrH1b0T8oXec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/lugW21gGeuaGm697DyxmwJljgS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/814ec5-9e41-4b5a-a6fe-477231191a35/1/cb3erw8w-9r551uSrH1b0T8oXec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ea:b8:1b:d4:cf:11:e9:91:24:cc:16:d0:44:3e:8b:ce:28:
         9d:66:41:d4:e8:a2:7b:7d:46:63:73:3c:89:95:84:8f:59:31:
         f7:95:ff:46:37:62:c6:11:11:4a:c8:b5:ac:69:4d:bf:72:97:
         c7:2e:5d:a3:12:79:dd:e8:8e:e2:c1:eb:45:f4:d3:b5:e8:20:
         d2:66:ed:43:40:5d:6f:2e:ea:fc:30:25:8b:63:99:ee:bf:2f:
         46:73:30:11:42:bd:b7:5b:95:25:39:e5:68:68:20:57:a0:81:
         9d:90:14:4a:42:7a:86:20:88:69:b3:e3:52:9d:fa:92:c9:0c:
         a1:3e:1c:94:5d:55:cc:98:eb:fe:b4:77:df:08:a8:c8:22:f3:
         5c:5b:c4:c9:e7:49:4e:d0:c2:1e:a0:8a:c4:37:ec:fa:4c:75:
         7f:ac:ae:94:50:f0:59:0e:49:d7:54:0a:09:df:3e:92:88:de:
         53:60:7f:ac:59:90:bd:35:4e:b0:0b:5a:dc:38:e7:cc:16:f4:
         e7:32:f1:3a:76:b4:d4:e6:7e:99:32:60:ef:91:73:4d:70:1d:
         6b:a0:96:85:de:df:47:4d:2a:50:8e:6a:b3:66:fb:f3:54:a3:
         52:e6:a9:30:89:d8:6f:4c:f0:e2:4f:be:d9:79:e2:23:c1:fd:
         16:e9:db:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6SzGhCS048Famv1qUQyPAVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxYmRkZWFmMGYzMGZiZGFmOWU3NWI5MmFjN2Q1YmQxM2Yy
ODVkZTcwHhcNMjYwNjA0MTMyMjA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmU4MTZkYjU4MDY3YWU2ODY5YmFmN2IwZjJjNjZjMDk5NjM4MTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA07/LVmHpvBiniX0imwNkgEOhN+zX
7U0UQXAEjWdOJy/sbd89vPu4RaVbT0S+kUl571iDMZr+VSg4osJkjPP/qCVq1CXT
bdW5C7uhHjqBShxeLrl2tUl+rIbiD8n1B+kdkTK3ppzclzd8MG5Ltw/KGh4Kqgwv
gPb3f8AxezmIK4Pfz3mljNBEM497s9QXGi1TeoC2qCp1C8e+fRlT1OBOHi5YBuQY
APR9/K6JWuAOZt62YvlfCZNGKzPSv66nakGr2VL54ggKn095XOJbxskhCgsEbp7w
dglJa125pTH2lcyQH43Qcnz98oCP2Pr2rgPO7Lq5Nop8JpKx4y7zL/UJUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJboFttYBnrmhpuvew8sZsCZY4EtMB8GA1UdIwQY
MBaAFHG93q8PMPva+edbkqx9W9E/KF3nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUt
NDc3MjMxMTkxYTM1LzEvbHVnVzIxZ0dldWFHbTY5N0R5eG13SmxqZ1MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS84MTRlYzUtOWU0MS00YjVhLWE2ZmUtNDc3MjMxMTkxYTM1
LzEvY2IzZXJ3OHctOXI1NTF1U3JIMWIwVDhvWGVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueDYMA0G
CSqGSIb3DQEBCwUAA4IBAQCF6rgb1M8R6ZEkzBbQRD6LziidZkHU6KJ7fUZjczyJ
lYSPWTH3lf9GN2LGERFKyLWsaU2/cpfHLl2jEnnd6I7iwetF9NO16CDSZu1DQF1v
Lur8MCWLY5nuvy9GczARQr23W5UlOeVoaCBXoIGdkBRKQnqGIIhps+NSnfqSyQyh
PhyUXVXMmOv+tHffCKjIIvNcW8TJ50lO0MIeoIrEN+z6THV/rK6UUPBZDknXVAoJ
3z6SiN5TYH+sWZC9NU6wC1rcOOfMFvTnMvE6drTU5n6ZMmDvkXNNcB1roJaF3t9H
TSpQjmqzZvvzVKNS5qkwidhvTPDiT77ZeeIjwf0W6dtQ
-----END CERTIFICATE-----