Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/n2xUNvDk18rLqQSNe2f3PMEubyw.roa
File:                     n2xUNvDk18rLqQSNe2f3PMEubyw.roa (raw, json)
Hash identifier:          lX+8bFJSIgJTTebZpJKwme2ves5Fc8BoHxIIezCFcxs=
Subject key identifier:   9F:6C:54:36:F0:E4:D7:CA:CB:A9:04:8D:7B:67:F7:3C:C1:2E:6F:2C
Certificate issuer:       /CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
Certificate serial:       019D68D93B8546A6A976F51530FC6461161C
Authority key identifier: 2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/n2xUNvDk18rLqQSNe2f3PMEubyw.roa
Signing time:             Tue 07 Apr 2026 16:49:20 +0000
ROA not before:           Tue 07 Apr 2026 16:49:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44955
IP address blocks:        109.70.72.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 02:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:d9:3b:85:46:a6:a9:76:f5:15:30:fc:64:61:16:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f2a0fa20383332a3f414f054753a0b60b25ba10
        Validity
            Not Before: Apr  7 16:49:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9f6c5436f0e4d7cacba9048d7b67f73cc12e6f2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:d8:2b:6e:a6:7a:75:65:42:32:83:87:78:44:
                    ea:0f:ea:06:93:ce:65:68:68:6c:1d:bc:8b:39:8e:
                    35:e3:0a:80:d0:44:75:df:51:a6:12:14:f4:be:cd:
                    12:3f:e4:57:e0:6c:f9:81:a3:14:68:f4:bb:e1:f6:
                    35:e0:85:86:7a:ce:80:f5:bb:d9:10:d0:66:8c:95:
                    60:04:29:20:b6:0b:60:0b:9a:ff:d1:80:5f:6f:4b:
                    02:c5:ae:41:81:5b:ea:92:ca:e6:3e:55:c4:68:cb:
                    1f:70:04:80:aa:ca:11:28:a2:04:07:ec:52:e5:af:
                    0c:1d:7e:cc:63:7c:40:df:b5:ea:45:ec:1a:75:58:
                    a7:d6:87:4e:e2:e4:74:7b:85:cc:4e:4e:d3:2b:c6:
                    e9:20:e9:1f:de:dd:80:c6:b6:fd:8b:af:ad:b3:e4:
                    15:77:9c:62:51:31:21:77:d9:1e:93:e1:14:e5:05:
                    cd:b7:6e:a6:05:ee:3f:3e:26:40:cd:d4:5a:06:8c:
                    6f:67:1f:e5:e3:e6:14:89:61:1d:8c:87:f1:5a:55:
                    1f:cd:ff:49:63:41:02:e1:83:c0:2f:59:97:c1:48:
                    3e:55:29:5e:ac:23:d7:9a:de:a3:b5:24:50:13:c4:
                    98:18:b4:de:bf:3c:3c:e1:a8:ec:3c:c3:d1:a5:1a:
                    6a:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:6C:54:36:F0:E4:D7:CA:CB:A9:04:8D:7B:67:F7:3C:C1:2E:6F:2C
            X509v3 Authority Key Identifier:
                keyid:2F:2A:0F:A2:03:83:33:2A:3F:41:4F:05:47:53:A0:B6:0B:25:BA:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LyoPogODMyo_QU8FR1OgtgsluhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/n2xUNvDk18rLqQSNe2f3PMEubyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/d6d30b-0b9b-429e-8413-55a930fc0c71/1/LyoPogODMyo_QU8FR1OgtgsluhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.70.72.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:38:be:b1:33:0b:cf:3f:2f:0d:29:03:e4:63:6a:9a:1c:0c:
         99:82:0f:9a:75:91:35:17:ca:a3:25:fd:38:67:a5:ea:b2:ee:
         2f:ae:c1:d7:70:2a:05:5c:89:dc:29:cf:22:eb:0b:cb:3e:cc:
         82:e8:81:46:6b:fb:34:d3:1f:4b:4b:76:b7:f1:3b:57:34:85:
         86:93:d7:d5:ed:f0:a2:05:67:bc:03:71:34:0b:44:f8:d1:c6:
         07:01:5f:bf:ae:72:fb:8e:15:5e:f0:91:b5:7a:85:83:2f:7e:
         21:4d:7b:cb:8d:98:96:4e:f7:8c:b8:a4:bc:fb:54:5d:6d:b8:
         d5:14:0e:2b:76:3e:43:bf:2a:4f:72:53:b5:de:f7:2a:3c:d3:
         61:72:ba:4a:15:11:be:a6:da:d5:6c:aa:18:8c:38:4f:f9:0e:
         ce:75:05:e1:c3:a4:5e:d5:17:f8:5c:29:d9:7b:1c:d3:5a:c9:
         f3:0d:94:3c:d0:c0:75:18:cb:03:2c:48:0e:4f:1c:79:2b:9f:
         f8:a2:0a:ac:58:75:55:a1:80:33:61:8f:9b:73:7d:0c:ae:5e:
         5d:db:41:32:81:eb:ed:95:e9:70:e7:0c:8c:e0:8f:47:87:5f:
         df:95:df:4d:96:bf:b0:cf:7b:33:51:82:4d:d1:13:de:51:18:
         9f:35:68:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1o2TuFRqapdvUVMPxkYRYcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMmEwZmEyMDM4MzMzMmEzZjQxNGYwNTQ3NTNhMGI2MGIy
NWJhMTAwHhcNMjYwNDA3MTY0OTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjZjNTQzNmYwZTRkN2NhY2JhOTA0OGQ3YjY3ZjczY2MxMmU2ZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5dgrbqZ6dWVCMoOHeETqD+oGk85l
aGhsHbyLOY414wqA0ER131GmEhT0vs0SP+RX4Gz5gaMUaPS74fY14IWGes6A9bvZ
ENBmjJVgBCkgtgtgC5r/0YBfb0sCxa5BgVvqksrmPlXEaMsfcASAqsoRKKIEB+xS
5a8MHX7MY3xA37XqRewadVin1odO4uR0e4XMTk7TK8bpIOkf3t2Axrb9i6+ts+QV
d5xiUTEhd9kek+EU5QXNt26mBe4/PiZAzdRaBoxvZx/l4+YUiWEdjIfxWlUfzf9J
Y0EC4YPAL1mXwUg+VSlerCPXmt6jtSRQE8SYGLTevzw84ajsPMPRpRpqlQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9sVDbw5NfKy6kEjXtn9zzBLm8sMB8GA1UdIwQY
MBaAFC8qD6IDgzMqP0FPBUdToLYLJboQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMt
NTVhOTMwZmMwYzcxLzEvbjJ4VU52RGsxOHJMcVFTTmUyZjNQTUV1Ynl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9kNmQzMGItMGI5Yi00MjllLTg0MTMtNTVhOTMwZmMwYzcx
LzEvTHlvUG9nT0RNeW9fUVU4RlIxT2d0Z3NsdWhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUZIMA0G
CSqGSIb3DQEBCwUAA4IBAQAuOL6xMwvPPy8NKQPkY2qaHAyZgg+adZE1F8qjJf04
Z6Xqsu4vrsHXcCoFXIncKc8i6wvLPsyC6IFGa/s00x9LS3a38TtXNIWGk9fV7fCi
BWe8A3E0C0T40cYHAV+/rnL7jhVe8JG1eoWDL34hTXvLjZiWTveMuKS8+1RdbbjV
FA4rdj5DvypPclO13vcqPNNhcrpKFRG+ptrVbKoYjDhP+Q7OdQXhw6Re1Rf4XCnZ
exzTWsnzDZQ80MB1GMsDLEgOTxx5K5/4ogqsWHVVoYAzYY+bc30Mrl5d20Eygevt
lelw5wyM4I9Hh1/fld9Nlr+wz3szUYJN0RPeURifNWge
-----END CERTIFICATE-----