Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LPQ-W0swhnuqJDRK5OyZUQ5_co0.roa
File:                     LPQ-W0swhnuqJDRK5OyZUQ5_co0.roa (raw, json)
Hash identifier:          KipecPu2PdIqjOLDLPj5vSkqEcsQ5HSI7mi05C0Snjo=
Subject key identifier:   2C:F4:3E:5B:4B:30:86:7B:AA:24:34:4A:E4:EC:99:51:0E:7F:72:8D
Certificate issuer:       /CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
Certificate serial:       019C8B62659E494A6454AFB49B83640C6E33
Authority key identifier: 55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LPQ-W0swhnuqJDRK5OyZUQ5_co0.roa
Signing time:             Mon 23 Feb 2026 16:43:27 +0000
ROA not before:           Mon 23 Feb 2026 16:43:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198690
IP address blocks:        178.253.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8b:62:65:9e:49:4a:64:54:af:b4:9b:83:64:0c:6e:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55baf26967510b3c52e46d1dc593967cdf29f9c9
        Validity
            Not Before: Feb 23 16:43:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2cf43e5b4b30867baa24344ae4ec99510e7f728d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:c3:ed:e7:45:7a:4c:c1:2e:be:62:aa:d7:a3:
                    05:63:a3:6c:57:6a:47:df:42:6c:4b:3c:04:cf:3c:
                    c2:73:2b:c9:0f:d7:12:c4:e6:c5:90:32:05:dd:4d:
                    b0:33:f6:9e:36:81:5b:13:54:01:10:dc:0b:4a:12:
                    c3:48:64:1a:f1:92:8a:42:53:c0:84:4b:87:3c:88:
                    c6:4e:a8:09:bc:05:10:4d:5b:22:59:34:dc:32:cd:
                    21:34:d7:64:05:72:7c:f1:96:94:00:83:a4:69:b8:
                    17:99:3e:37:5e:9a:a7:c0:37:36:b8:8e:42:de:0f:
                    eb:e8:ed:3d:9c:9f:e3:fd:75:bb:3a:2e:39:58:d0:
                    07:a6:7b:ab:fd:c1:b4:21:32:35:b2:ae:24:85:11:
                    22:10:1d:c8:e9:35:71:8f:f9:7b:a4:6f:84:7f:5f:
                    0e:35:8e:25:0a:ee:c6:38:54:0d:01:88:8f:b1:fc:
                    69:1c:3e:31:3c:36:b6:63:4e:00:ae:67:bd:bf:ea:
                    54:b5:f4:cf:c8:6d:26:1b:0c:7e:43:19:0c:c3:d8:
                    13:b0:6c:23:d8:90:1f:cc:99:4f:20:71:9c:e0:be:
                    52:8f:b8:48:de:e3:63:47:3e:f0:59:9f:fa:c5:f1:
                    56:33:46:f8:c6:be:51:1a:f1:a9:ad:c7:dc:66:ce:
                    2f:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:F4:3E:5B:4B:30:86:7B:AA:24:34:4A:E4:EC:99:51:0E:7F:72:8D
            X509v3 Authority Key Identifier:
                keyid:55:BA:F2:69:67:51:0B:3C:52:E4:6D:1D:C5:93:96:7C:DF:29:F9:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VbryaWdRCzxS5G0dxZOWfN8p-ck.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/LPQ-W0swhnuqJDRK5OyZUQ5_co0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/5aa4dc-d184-4db4-9e10-49f981ee5981/1/VbryaWdRCzxS5G0dxZOWfN8p-ck.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.253.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:1a:16:7b:1e:21:6a:8d:64:77:6d:e8:79:d0:74:c8:fe:78:
         79:ae:dc:30:7e:eb:d6:8a:2c:7c:9d:a6:24:ed:9f:01:0c:6d:
         ef:b3:47:35:88:00:8c:8e:23:03:7e:8a:3e:91:92:94:e3:9e:
         0c:1d:65:3e:53:3c:40:31:40:9d:92:a4:9f:70:65:ea:48:28:
         c8:7a:3a:14:56:58:bf:19:97:5b:58:79:8a:73:0e:54:68:0c:
         c2:1f:f0:af:6b:38:41:96:ca:b5:36:6d:e9:47:bb:b6:2f:ef:
         f4:0e:67:ae:8f:c1:19:bd:2e:57:17:98:d4:ef:87:fd:05:19:
         12:e1:01:12:1a:24:a4:a5:6f:91:f8:b1:3c:ed:17:29:0c:13:
         10:9c:e7:b5:c8:50:0a:1c:49:97:6c:04:71:c2:ae:9a:d6:04:
         9e:01:1c:f8:51:d8:a3:25:fa:ab:9a:6c:ad:ae:c0:ce:9c:97:
         63:41:7b:f4:30:80:07:10:9f:78:2f:5e:38:8d:26:49:23:9e:
         59:a9:12:da:d8:8d:d2:5e:3b:78:d6:ed:e3:23:04:a8:1c:ea:
         81:0f:5a:2a:73:12:d1:3a:1c:e2:06:e3:5f:82:c2:8e:33:e5:
         cb:ab:5e:b0:fc:17:9f:23:fe:23:91:43:83:08:af:64:17:16:
         eb:6b:bb:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyLYmWeSUpkVK+0m4NkDG4zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1YmFmMjY5Njc1MTBiM2M1MmU0NmQxZGM1OTM5NjdjZGYy
OWY5YzkwHhcNMjYwMjIzMTY0MzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2Y0M2U1YjRiMzA4NjdiYWEyNDM0NGFlNGVjOTk1MTBlN2Y3MjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuMPt50V6TMEuvmKq16MFY6NsV2pH
30JsSzwEzzzCcyvJD9cSxObFkDIF3U2wM/aeNoFbE1QBENwLShLDSGQa8ZKKQlPA
hEuHPIjGTqgJvAUQTVsiWTTcMs0hNNdkBXJ88ZaUAIOkabgXmT43XpqnwDc2uI5C
3g/r6O09nJ/j/XW7Oi45WNAHpnur/cG0ITI1sq4khREiEB3I6TVxj/l7pG+Ef18O
NY4lCu7GOFQNAYiPsfxpHD4xPDa2Y04Arme9v+pUtfTPyG0mGwx+QxkMw9gTsGwj
2JAfzJlPIHGc4L5Sj7hI3uNjRz7wWZ/6xfFWM0b4xr5RGvGprcfcZs4vNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCz0PltLMIZ7qiQ0SuTsmVEOf3KNMB8GA1UdIwQY
MBaAFFW68mlnUQs8UuRtHcWTlnzfKfnJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAt
NDlmOTgxZWU1OTgxLzEvTFBRLVcwc3dobnVxSkRSSzVPeVpVUTVfY28wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS81YWE0ZGMtZDE4NC00ZGI0LTllMTAtNDlmOTgxZWU1OTgx
LzEvVmJyeWFXZFJDenhTNUcwZHhaT1dmTjhwLWNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsv0QMA0G
CSqGSIb3DQEBCwUAA4IBAQA4GhZ7HiFqjWR3beh50HTI/nh5rtwwfuvWiix8naYk
7Z8BDG3vs0c1iACMjiMDfoo+kZKU454MHWU+UzxAMUCdkqSfcGXqSCjIejoUVli/
GZdbWHmKcw5UaAzCH/CvazhBlsq1Nm3pR7u2L+/0Dmeuj8EZvS5XF5jU74f9BRkS
4QESGiSkpW+R+LE87RcpDBMQnOe1yFAKHEmXbARxwq6a1gSeARz4UdijJfqrmmyt
rsDOnJdjQXv0MIAHEJ94L144jSZJI55ZqRLa2I3SXjt41u3jIwSoHOqBD1oqcxLR
OhziBuNfgsKOM+XLq16w/BefI/4jkUODCK9kFxbra7uo
-----END CERTIFICATE-----