Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/LOHkKboHHj98Sud03cU5OIAfDEA.roa
File:                     LOHkKboHHj98Sud03cU5OIAfDEA.roa (raw, json)
Hash identifier:          jTKW2wbQOoCIA97EofLg3elq1L7+ob1lcwso1uyxnO0=
Subject key identifier:   2C:E1:E4:29:BA:07:1E:3F:7C:4A:E7:74:DD:C5:39:38:80:1F:0C:40
Certificate issuer:       /CN=c3c18527e3a206af2842028d95aec41338e8daf8
Certificate serial:       019C41059DFDEAEADFF6333637C23C6AA61E
Authority key identifier: C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/LOHkKboHHj98Sud03cU5OIAfDEA.roa
Signing time:             Mon 09 Feb 2026 06:10:13 +0000
ROA not before:           Mon 09 Feb 2026 06:10:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206208
IP address blocks:        62.60.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 22:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:41:05:9d:fd:ea:ea:df:f6:33:36:37:c2:3c:6a:a6:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c18527e3a206af2842028d95aec41338e8daf8
        Validity
            Not Before: Feb  9 06:10:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ce1e429ba071e3f7c4ae774ddc53938801f0c40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:6e:f1:29:ed:c3:e7:fe:bd:9b:18:27:c9:6c:
                    0d:af:92:ee:05:a4:8e:74:f9:15:96:f3:66:3a:f0:
                    33:89:e6:19:44:9b:4e:bc:6e:db:ad:60:3b:16:79:
                    57:b7:ec:7f:d8:72:7f:dd:18:5b:96:70:33:3c:67:
                    a7:cc:e4:8c:0e:65:b6:57:49:67:b3:46:7f:7e:cf:
                    fa:66:21:1b:14:66:22:c9:a6:47:d4:f5:4a:2d:73:
                    c3:ed:f9:4c:f0:3c:25:a1:02:2f:a4:85:21:05:98:
                    66:9a:b7:3f:d7:45:93:2e:aa:f5:f6:c5:c3:a7:3e:
                    b0:53:6c:22:7f:d9:26:32:58:ea:ee:03:ba:dc:be:
                    3f:89:af:5b:19:be:8d:b3:fa:29:3b:42:b0:79:ac:
                    47:fd:60:a5:a7:b3:14:a0:1b:b2:2e:fd:d0:5c:4a:
                    95:f7:68:cc:d1:0a:e3:7b:ee:ee:e4:fd:9d:2c:b3:
                    a9:36:ac:07:1d:0c:35:b0:c9:75:47:78:4d:d2:45:
                    0e:22:08:e1:c4:79:c6:ad:ac:e9:8f:6c:d7:1e:bd:
                    3f:8a:0b:d0:ca:32:14:9b:05:52:1a:0d:c9:04:ba:
                    a4:ba:8e:d7:ef:90:62:b8:a5:db:0b:90:c2:bf:a8:
                    0f:55:05:c4:b9:7c:c2:7b:c4:2f:db:52:ff:04:cc:
                    85:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:E1:E4:29:BA:07:1E:3F:7C:4A:E7:74:DD:C5:39:38:80:1F:0C:40
            X509v3 Authority Key Identifier:
                keyid:C3:C1:85:27:E3:A2:06:AF:28:42:02:8D:95:AE:C4:13:38:E8:DA:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8GFJ-OiBq8oQgKNla7EEzjo2vg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/LOHkKboHHj98Sud03cU5OIAfDEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/1339df-8e06-41de-94f3-0cba33efc5bb/1/w8GFJ-OiBq8oQgKNla7EEzjo2vg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.60.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:3b:a9:86:b9:d2:bd:57:d6:87:7f:41:bc:92:f9:26:ea:0c:
         8b:84:6b:43:4c:ac:8f:4e:22:0e:70:98:63:74:6a:0c:25:76:
         37:a9:cd:fc:cb:0d:82:f7:3c:4c:30:21:5b:cb:5e:0c:85:05:
         99:e5:82:c3:3c:b1:5c:4d:14:f0:3f:5a:8f:0d:f6:29:4b:d7:
         10:15:64:9b:12:34:cd:9b:84:4d:8c:15:23:b0:d8:73:2c:76:
         7a:74:95:4b:c3:2e:ef:82:cd:ff:2a:ea:b8:27:ba:8f:f1:9b:
         36:b1:32:92:71:89:f9:44:82:96:32:2d:3a:f1:0d:da:14:86:
         26:08:c1:a2:60:52:5d:1d:58:e3:2c:8c:bc:d8:2d:83:3d:74:
         34:a8:dc:c9:6f:8e:bc:ef:8b:c8:d5:1d:59:2d:e2:48:28:15:
         41:6a:86:11:39:af:18:5a:1c:63:24:3e:f3:85:db:71:a8:65:
         5f:1a:76:b9:08:cd:20:1b:71:fb:ff:fb:91:2a:df:ff:fa:c9:
         f8:90:72:69:cb:82:db:c4:65:aa:b0:a1:97:f5:68:ca:00:b8:
         6c:26:4e:d5:90:f5:42:d3:e2:23:97:92:69:16:fe:f9:6e:2c:
         bb:42:33:77:02:b8:c3:5f:64:9a:15:a7:68:72:de:59:8f:ee:
         58:e0:18:c5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxBBZ396urf9jM2N8I8aqYeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzE4NTI3ZTNhMjA2YWYyODQyMDI4ZDk1YWVjNDEzMzhl
OGRhZjgwHhcNMjYwMjA5MDYxMDEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2UxZTQyOWJhMDcxZTNmN2M0YWU3NzRkZGM1MzkzODgwMWYwYzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyG7xKe3D5/69mxgnyWwNr5LuBaSO
dPkVlvNmOvAzieYZRJtOvG7brWA7FnlXt+x/2HJ/3RhblnAzPGenzOSMDmW2V0ln
s0Z/fs/6ZiEbFGYiyaZH1PVKLXPD7flM8DwloQIvpIUhBZhmmrc/10WTLqr19sXD
pz6wU2wif9kmMljq7gO63L4/ia9bGb6Ns/opO0KweaxH/WClp7MUoBuyLv3QXEqV
92jM0Qrje+7u5P2dLLOpNqwHHQw1sMl1R3hN0kUOIgjhxHnGrazpj2zXHr0/igvQ
yjIUmwVSGg3JBLqkuo7X75BiuKXbC5DCv6gPVQXEuXzCe8Qv21L/BMyFBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCzh5Cm6Bx4/fErndN3FOTiAHwxAMB8GA1UdIwQY
MBaAFMPBhSfjogavKEICjZWuxBM46Nr4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMt
MGNiYTMzZWZjNWJiLzEvTE9Ia0tib0hIajk4U3VkMDNjVTVPSUFmREVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy8xMzM5ZGYtOGUwNi00MWRlLTk0ZjMtMGNiYTMzZWZjNWJi
LzEvdzhHRkotT2lCcThvUWdLTmxhN0VFempvMnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPjzjMA0G
CSqGSIb3DQEBCwUAA4IBAQB1O6mGudK9V9aHf0G8kvkm6gyLhGtDTKyPTiIOcJhj
dGoMJXY3qc38yw2C9zxMMCFby14MhQWZ5YLDPLFcTRTwP1qPDfYpS9cQFWSbEjTN
m4RNjBUjsNhzLHZ6dJVLwy7vgs3/Kuq4J7qP8Zs2sTKScYn5RIKWMi068Q3aFIYm
CMGiYFJdHVjjLIy82C2DPXQ0qNzJb46874vI1R1ZLeJIKBVBaoYROa8YWhxjJD7z
hdtxqGVfGna5CM0gG3H7//uRKt//+sn4kHJpy4LbxGWqsKGX9WjKALhsJk7VkPVC
0+Ijl5JpFv75biy7QjN3ArjDX2SaFadoct5Zj+5Y4BjF
-----END CERTIFICATE-----