Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/lLrP9WZJVu67w8VWvc3evNgffN0.roa
File:                     lLrP9WZJVu67w8VWvc3evNgffN0.roa (raw, json)
Hash identifier:          lw47WpCkCYsUgXJXyHNCrdM9AarqB6nynEy8SuZM628=
Subject key identifier:   94:BA:CF:F5:66:49:56:EE:BB:C3:C5:56:BD:CD:DE:BC:D8:1F:7C:DD
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019C4272EA430ECA2FC99237839B318EBC75
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/lLrP9WZJVu67w8VWvc3evNgffN0.roa
Signing time:             Mon 09 Feb 2026 12:49:13 +0000
ROA not before:           Mon 09 Feb 2026 12:49:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213850
IP address blocks:        2.56.247.0/24 maxlen: 24
                          45.142.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:42:72:ea:43:0e:ca:2f:c9:92:37:83:9b:31:8e:bc:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Feb  9 12:49:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=94bacff5664956eebbc3c556bdcddebcd81f7cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:bb:32:94:7f:f0:57:c6:14:a6:cf:5a:39:ba:
                    d5:e3:f2:02:57:b7:4c:04:4a:76:cf:6d:d2:93:a7:
                    06:f1:59:2d:67:1f:f4:1c:53:9f:17:13:ee:c1:eb:
                    a7:87:0f:6c:a7:ea:b0:a4:ed:e5:d8:7b:ab:66:e6:
                    1f:0d:21:ee:db:3a:71:f9:2d:94:96:91:5c:38:c5:
                    a7:bb:32:5b:ae:9e:e4:74:3f:4a:35:6f:e6:4d:f4:
                    83:fc:a0:9d:93:67:58:b6:59:78:3b:b6:81:5c:ab:
                    e8:0b:98:91:dd:cd:18:53:f2:89:1a:e7:2e:76:85:
                    ff:a8:22:49:a6:cb:5f:34:fa:5d:d8:73:1d:7b:08:
                    59:33:15:77:94:9c:ad:04:ee:32:b9:d8:cd:29:45:
                    cc:d3:26:f3:f4:c2:04:2c:19:e0:9d:47:aa:56:16:
                    cd:65:85:a3:87:43:e7:ff:05:94:14:38:e6:c5:87:
                    cc:ae:5a:64:d8:a3:b7:4c:8b:2e:15:69:f3:08:d6:
                    ab:92:db:5e:ae:6d:75:ce:8a:a7:01:23:e9:83:56:
                    6f:4d:34:94:9f:80:26:f2:fc:06:6e:3b:bb:bb:e6:
                    2f:19:25:5e:a0:6c:bb:6d:0e:69:c0:ff:41:2f:49:
                    82:15:9a:cd:9b:cb:7a:0d:fd:67:23:a6:96:56:4e:
                    e6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:BA:CF:F5:66:49:56:EE:BB:C3:C5:56:BD:CD:DE:BC:D8:1F:7C:DD
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/lLrP9WZJVu67w8VWvc3evNgffN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.56.247.0/24
                  45.142.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:e5:64:76:71:35:89:cd:56:7c:a9:b5:e5:26:4d:30:1c:d3:
         af:82:23:69:71:7c:37:62:88:ce:5c:11:20:1e:b2:64:26:de:
         8a:4f:23:93:f9:33:86:cb:28:2e:c6:b6:02:34:3e:03:36:b8:
         fd:9c:b6:88:40:21:57:92:53:9a:00:29:08:5b:bd:49:70:e7:
         2e:dc:8e:d7:20:98:3e:88:bb:78:e5:b3:17:0f:1d:c9:e9:59:
         20:44:64:96:e7:66:9e:3f:5f:4f:b4:20:a9:36:e9:1d:b9:23:
         06:54:2c:c0:31:09:54:b6:b5:8c:90:bc:25:db:a7:25:af:12:
         13:d5:9c:3c:4c:33:b4:f1:bf:7d:8b:5a:bd:c8:70:db:48:d2:
         70:9d:86:e8:55:82:80:29:f5:37:78:1b:5a:47:55:f4:36:82:
         bb:9a:3d:26:59:5a:97:42:bb:cc:83:b7:e0:8f:c7:00:8c:f5:
         21:d6:8e:19:b3:16:17:2a:c2:f8:4c:40:b1:d6:a1:98:30:48:
         dc:8a:ed:9f:77:f3:8a:23:36:3b:cc:9c:77:f6:3c:8c:4d:5d:
         41:26:1c:83:fa:dd:27:98:7f:85:5b:5f:45:73:3f:0f:fd:ea:
         ab:53:84:99:93:ef:60:95:cf:0c:e6:cb:22:e6:0c:69:4c:1d:
         5a:5b:34:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZxCcupDDsovyZI3g5sxjrx1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjYwMjA5MTI0OTEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NGJhY2ZmNTY2NDk1NmVlYmJjM2M1NTZiZGNkZGViY2Q4MWY3Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrsylH/wV8YUps9aObrV4/ICV7dM
BEp2z23Sk6cG8VktZx/0HFOfFxPuweunhw9sp+qwpO3l2HurZuYfDSHu2zpx+S2U
lpFcOMWnuzJbrp7kdD9KNW/mTfSD/KCdk2dYtll4O7aBXKvoC5iR3c0YU/KJGucu
doX/qCJJpstfNPpd2HMdewhZMxV3lJytBO4yudjNKUXM0ybz9MIELBngnUeqVhbN
ZYWjh0Pn/wWUFDjmxYfMrlpk2KO3TIsuFWnzCNarktterm11zoqnASPpg1ZvTTSU
n4Am8vwGbju7u+YvGSVeoGy7bQ5pwP9BL0mCFZrNm8t6Df1nI6aWVk7mVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJS6z/VmSVbuu8PFVr3N3rzYH3zdMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvbExyUDlXWkpWdTY3dzhWV3ZjM2V2TmdmZk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAjj3AwQA
LY5oMA0GCSqGSIb3DQEBCwUAA4IBAQAQ5WR2cTWJzVZ8qbXlJk0wHNOvgiNpcXw3
YojOXBEgHrJkJt6KTyOT+TOGyyguxrYCND4DNrj9nLaIQCFXklOaACkIW71JcOcu
3I7XIJg+iLt45bMXDx3J6VkgRGSW52aeP19PtCCpNukduSMGVCzAMQlUtrWMkLwl
26clrxIT1Zw8TDO08b99i1q9yHDbSNJwnYboVYKAKfU3eBtaR1X0NoK7mj0mWVqX
QrvMg7fgj8cAjPUh1o4ZsxYXKsL4TECx1qGYMEjciu2fd/OKIzY7zJx39jyMTV1B
JhyD+t0nmH+FW19Fcz8P/eqrU4SZk+9glc8M5ssi5gxpTB1aWzTa
-----END CERTIFICATE-----