Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/LUGSDv7DrtC6uhqKMg1-4tFi0x8.roa
File:                     LUGSDv7DrtC6uhqKMg1-4tFi0x8.roa (raw, json)
Hash identifier:          fV+caAzqEo99T8yXb9ytJ67VOc9pjgshPYU0owP7CNs=
Subject key identifier:   2D:41:92:0E:FE:C3:AE:D0:BA:BA:1A:8A:32:0D:7E:E2:D1:62:D3:1F
Certificate issuer:       /CN=4927124d9803a7de54883164a376ea72e3c63eaf
Certificate serial:       019B7AC9286E945125F66CA43230AF8FC455
Authority key identifier: 49:27:12:4D:98:03:A7:DE:54:88:31:64:A3:76:EA:72:E3:C6:3E:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SScSTZgDp95UiDFko3bqcuPGPq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/LUGSDv7DrtC6uhqKMg1-4tFi0x8.roa
Signing time:             Thu 01 Jan 2026 18:19:21 +0000
ROA not before:           Thu 01 Jan 2026 18:19:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     48053
IP address blocks:        194.0.4.0/24 maxlen: 24
                          2001:678:7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/SScSTZgDp95UiDFko3bqcuPGPq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/SScSTZgDp95UiDFko3bqcuPGPq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SScSTZgDp95UiDFko3bqcuPGPq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c9:28:6e:94:51:25:f6:6c:a4:32:30:af:8f:c4:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4927124d9803a7de54883164a376ea72e3c63eaf
        Validity
            Not Before: Jan  1 18:19:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d41920efec3aed0baba1a8a320d7ee2d162d31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:32:a9:68:c4:3e:9d:b5:7c:02:b4:c9:65:c6:
                    4b:ec:dc:74:2c:bf:af:7e:a4:c8:91:e5:92:c4:a9:
                    78:fd:ad:d7:01:ff:f4:30:be:49:4c:68:83:93:f7:
                    f1:47:32:9a:87:17:67:47:c7:60:78:4c:76:c3:9a:
                    ea:1e:93:bd:b9:78:9a:ff:ef:27:88:69:52:5e:e5:
                    85:6d:75:51:dd:94:28:81:75:14:51:9e:8b:38:a8:
                    b9:f5:3d:3b:34:7e:0b:ac:27:ec:37:d6:14:c1:6b:
                    44:65:49:5c:be:66:a3:36:92:e0:e0:f4:6d:6e:fa:
                    85:37:8c:7c:4b:e5:5a:ba:e2:28:4c:1f:fe:30:f1:
                    a6:c8:b5:8c:15:df:59:5d:e7:25:f3:95:50:9d:eb:
                    1b:89:b7:6e:5b:50:e5:1a:4c:88:f8:0d:5d:55:34:
                    87:81:a7:ae:88:ff:be:37:b2:7d:58:42:13:b5:e4:
                    c9:6d:a9:90:38:5c:db:de:41:c4:72:60:d7:32:64:
                    16:27:94:a4:80:1c:94:5f:b7:8a:02:6f:a2:b3:95:
                    de:ed:a0:d7:ff:dd:9c:3c:cd:77:8a:1e:de:22:87:
                    f0:81:c9:e1:dc:ad:6a:be:2a:ed:90:e6:93:c1:ab:
                    2a:17:9c:3e:d9:e3:bf:50:77:11:65:e4:83:8e:f7:
                    46:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:41:92:0E:FE:C3:AE:D0:BA:BA:1A:8A:32:0D:7E:E2:D1:62:D3:1F
            X509v3 Authority Key Identifier:
                keyid:49:27:12:4D:98:03:A7:DE:54:88:31:64:A3:76:EA:72:E3:C6:3E:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SScSTZgDp95UiDFko3bqcuPGPq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/LUGSDv7DrtC6uhqKMg1-4tFi0x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/3e2c38-f96f-40df-aeac-f0150c81acf5/1/SScSTZgDp95UiDFko3bqcuPGPq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.0.4.0/24
                IPv6:
                  2001:678:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         18:ef:52:35:53:76:17:c5:6e:12:97:9e:df:19:08:3e:64:78:
         59:ec:0e:e7:a8:00:b4:bf:1b:c3:83:f2:76:96:b6:2c:5b:e8:
         3e:ec:e5:f2:cb:3b:1c:1e:cb:bc:88:17:06:cb:39:c2:db:87:
         c4:a1:42:7f:d5:9e:b3:50:2a:50:75:ab:ad:d6:ae:18:6b:be:
         12:07:cb:ff:86:0b:6c:96:8a:0e:d4:33:e8:fe:a2:d0:2f:fd:
         94:b9:0b:f0:aa:07:ab:c8:52:92:8e:5f:60:b7:b6:4b:c8:bc:
         b1:b7:3f:21:b8:58:e2:9d:70:80:6a:85:54:e0:14:e7:81:23:
         45:69:76:a1:d6:62:d3:cc:df:83:34:d7:95:63:a6:9f:2b:f1:
         02:19:e6:6a:78:9f:d6:ef:0d:3a:bc:04:dd:73:30:1f:25:9c:
         c1:cf:f1:1d:9e:1e:ff:27:4e:49:6b:37:d9:4d:92:ab:28:50:
         6d:63:a6:72:7a:29:7d:82:e0:df:b0:31:e4:73:c9:15:a0:39:
         b8:40:3a:8c:2a:77:06:33:80:e2:6e:a2:51:c5:79:53:4c:bd:
         6f:15:a2:7d:be:da:d8:c8:b4:5c:ae:af:f0:ee:3f:69:f2:2d:
         36:69:c4:3e:ee:f5:49:f5:ef:f9:36:ab:6b:26:f5:8b:97:36:
         be:87:b0:eb
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZt6yShulFEl9mykMjCvj8RVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5MjcxMjRkOTgwM2E3ZGU1NDg4MzE2NGEzNzZlYTcyZTNj
NjNlYWYwHhcNMjYwMTAxMTgxOTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDQxOTIwZWZlYzNhZWQwYmFiYTFhOGEzMjBkN2VlMmQxNjJkMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujKpaMQ+nbV8ArTJZcZL7Nx0LL+v
fqTIkeWSxKl4/a3XAf/0ML5JTGiDk/fxRzKahxdnR8dgeEx2w5rqHpO9uXia/+8n
iGlSXuWFbXVR3ZQogXUUUZ6LOKi59T07NH4LrCfsN9YUwWtEZUlcvmajNpLg4PRt
bvqFN4x8S+VauuIoTB/+MPGmyLWMFd9ZXecl85VQnesbibduW1DlGkyI+A1dVTSH
gaeuiP++N7J9WEITteTJbamQOFzb3kHEcmDXMmQWJ5SkgByUX7eKAm+is5Xe7aDX
/92cPM13ih7eIofwgcnh3K1qvirtkOaTwasqF5w+2eO/UHcRZeSDjvdG0wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFC1Bkg7+w67QuroaijINfuLRYtMfMB8GA1UdIwQY
MBaAFEknEk2YA6feVIgxZKN26nLjxj6vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1NjU1RaZ0RwOTVVaURGa28zYnFjdVBHUHE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC8zZTJjMzgtZjk2Zi00MGRmLWFlYWMt
ZjAxNTBjODFhY2Y1LzEvTFVHU0R2N0RydEM2dWhxS01nMS00dEZpMHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC8zZTJjMzgtZjk2Zi00MGRmLWFlYWMtZjAxNTBjODFhY2Y1
LzEvU1NjU1RaZ0RwOTVVaURGa28zYnFjdVBHUHE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwgAEMA8E
AgACMAkDBwAgAQZ4AAcwDQYJKoZIhvcNAQELBQADggEBABjvUjVTdhfFbhKXnt8Z
CD5keFnsDueoALS/G8OD8naWtixb6D7s5fLLOxwey7yIFwbLOcLbh8ShQn/VnrNQ
KlB1q63WrhhrvhIHy/+GC2yWig7UM+j+otAv/ZS5C/CqB6vIUpKOX2C3tkvIvLG3
PyG4WOKdcIBqhVTgFOeBI0VpdqHWYtPM34M015Vjpp8r8QIZ5mp4n9bvDTq8BN1z
MB8lnMHP8R2eHv8nTklrN9lNkqsoUG1jpnJ6KX2C4N+wMeRzyRWgObhAOowqdwYz
gOJuolHFeVNMvW8Von2+2tjItFyur/DuP2nyLTZpxD7u9Un17/k2q2sm9YuXNr6H
sOs=
-----END CERTIFICATE-----