Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/LFR5qbrE5Uy3tdad-kBcaLU_j2k.roa
File:                     LFR5qbrE5Uy3tdad-kBcaLU_j2k.roa (raw, json)
Hash identifier:          P9lHYpHkfHigIN2LWbUJKZwPuoN9ZAw2YiqMed3DDBE=
Subject key identifier:   2C:54:79:A9:BA:C4:E5:4C:B7:B5:D6:9D:FA:40:5C:68:B5:3F:8F:69
Certificate issuer:       /CN=5954b6183e459748c89ee5431b8f31de692ae3b7
Certificate serial:       019EA8168B102F70FE2494F85B0ABF4EAE69
Authority key identifier: 59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/LFR5qbrE5Uy3tdad-kBcaLU_j2k.roa
Signing time:             Mon 08 Jun 2026 16:35:10 +0000
ROA not before:           Mon 08 Jun 2026 16:35:10 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154132
IP address blocks:        212.180.121.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 00:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:16:8b:10:2f:70:fe:24:94:f8:5b:0a:bf:4e:ae:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5954b6183e459748c89ee5431b8f31de692ae3b7
        Validity
            Not Before: Jun  8 16:35:10 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c5479a9bac4e54cb7b5d69dfa405c68b53f8f69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4f:5a:25:5e:6c:53:55:a1:b2:75:1d:32:97:
                    f2:c8:21:06:78:ca:e7:c3:3f:33:7a:a1:7a:28:45:
                    5b:5d:8e:a3:ee:fe:b4:b3:dd:3d:b1:6c:7c:a8:c6:
                    2c:f9:6d:e2:4d:43:f8:58:83:f4:c4:b7:36:b4:5d:
                    81:43:03:a7:a2:0d:67:31:cf:d2:a8:b9:fd:91:8c:
                    ca:f6:96:43:9b:e4:d5:05:63:d5:97:bf:2e:7d:87:
                    62:6a:3d:ec:4a:74:f5:ef:a4:81:b9:70:5d:cf:04:
                    6c:f4:90:84:b2:d2:a7:61:5c:bc:cb:86:ee:17:11:
                    57:fc:35:95:82:47:c1:93:3b:8a:31:c5:b2:9e:e6:
                    5b:75:ed:f6:81:71:2c:28:cd:8f:48:ac:4e:e9:7c:
                    72:b7:0f:88:c1:74:20:7e:b0:f8:6b:ac:1c:32:67:
                    6b:23:27:25:6d:23:7d:fd:19:aa:f9:1d:77:ff:02:
                    66:34:c4:4e:24:a8:58:bf:a0:28:a5:80:f1:ca:66:
                    26:21:a9:23:fa:87:c0:41:e4:9d:ec:84:00:0a:a1:
                    47:7f:ba:06:e5:4c:52:4b:cc:94:2b:07:b6:16:9e:
                    23:4c:11:c6:5e:d3:47:22:7e:e6:53:6d:6c:cb:b5:
                    3c:8e:79:0f:93:b0:33:0e:e6:a6:0b:f6:5f:8a:9a:
                    de:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:54:79:A9:BA:C4:E5:4C:B7:B5:D6:9D:FA:40:5C:68:B5:3F:8F:69
            X509v3 Authority Key Identifier:
                keyid:59:54:B6:18:3E:45:97:48:C8:9E:E5:43:1B:8F:31:DE:69:2A:E3:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WVS2GD5Fl0jInuVDG48x3mkq47c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/LFR5qbrE5Uy3tdad-kBcaLU_j2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7de65c-90f5-4def-b873-d2adeed755d8/1/WVS2GD5Fl0jInuVDG48x3mkq47c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.180.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:f8:c6:a0:1e:47:1f:ce:70:ef:78:de:7f:67:44:02:f3:2b:
         58:9f:03:0d:16:8d:16:2d:41:4f:b5:fb:dc:a5:5b:61:54:56:
         db:50:b5:9f:c2:34:25:76:01:ea:17:36:c1:76:34:e8:6d:68:
         a5:68:d8:5e:eb:62:4e:ad:ca:f3:d7:81:56:b5:80:2f:51:24:
         f7:f5:bd:63:69:84:64:48:8b:cf:16:99:6a:be:1c:c9:71:d8:
         03:b2:b5:aa:33:fb:b4:f7:1c:3b:8b:9d:a4:ed:b6:6f:53:3e:
         1e:56:66:41:24:af:40:85:31:86:6d:45:55:fd:46:2a:91:85:
         9c:3a:21:3e:9d:79:0c:67:e8:c4:9f:ad:5c:2f:d6:a6:7a:de:
         d4:1b:30:f8:07:48:17:0d:9e:06:3b:5b:71:91:19:1b:8c:7b:
         a8:fc:ae:6a:d9:2d:c8:cd:13:d0:cd:f4:4d:ea:dc:4a:53:72:
         f1:ad:9a:fe:57:a1:16:3e:11:90:ea:d9:eb:74:e8:d9:8b:24:
         03:4c:64:e3:40:74:e0:79:5d:19:6e:c8:94:48:fc:1a:16:c3:
         02:85:50:6d:60:ea:07:16:bb:f0:0a:cb:fa:ac:c6:cd:b9:5d:
         1c:b9:97:3b:d4:c8:8a:7a:33:1c:ef:f0:64:1d:b9:ea:46:cb:
         02:ed:4e:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ6oFosQL3D+JJT4Wwq/Tq5pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU5NTRiNjE4M2U0NTk3NDhjODllZTU0MzFiOGYzMWRlNjky
YWUzYjcwHhcNMjYwNjA4MTYzNTEwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU0NzlhOWJhYzRlNTRjYjdiNWQ2OWRmYTQwNWM2OGI1M2Y4ZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjk9aJV5sU1WhsnUdMpfyyCEGeMrn
wz8zeqF6KEVbXY6j7v60s909sWx8qMYs+W3iTUP4WIP0xLc2tF2BQwOnog1nMc/S
qLn9kYzK9pZDm+TVBWPVl78ufYdiaj3sSnT176SBuXBdzwRs9JCEstKnYVy8y4bu
FxFX/DWVgkfBkzuKMcWynuZbde32gXEsKM2PSKxO6Xxytw+IwXQgfrD4a6wcMmdr
IyclbSN9/Rmq+R13/wJmNMROJKhYv6AopYDxymYmIakj+ofAQeSd7IQACqFHf7oG
5UxSS8yUKwe2Fp4jTBHGXtNHIn7mU21sy7U8jnkPk7AzDuamC/ZfipregwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxUeam6xOVMt7XWnfpAXGi1P49pMB8GA1UdIwQY
MBaAFFlUthg+RZdIyJ7lQxuPMd5pKuO3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMt
ZDJhZGVlZDc1NWQ4LzEvTEZSNXFickU1VXkzdGRhZC1rQmNhTFVfajJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83ZGU2NWMtOTBmNS00ZGVmLWI4NzMtZDJhZGVlZDc1NWQ4
LzEvV1ZTMkdENUZsMGpJbnVWREc0OHgzbWtxNDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1LR5MA0G
CSqGSIb3DQEBCwUAA4IBAQBn+MagHkcfznDveN5/Z0QC8ytYnwMNFo0WLUFPtfvc
pVthVFbbULWfwjQldgHqFzbBdjTobWilaNhe62JOrcrz14FWtYAvUST39b1jaYRk
SIvPFplqvhzJcdgDsrWqM/u09xw7i52k7bZvUz4eVmZBJK9AhTGGbUVV/UYqkYWc
OiE+nXkMZ+jEn61cL9amet7UGzD4B0gXDZ4GO1txkRkbjHuo/K5q2S3IzRPQzfRN
6txKU3LxrZr+V6EWPhGQ6tnrdOjZiyQDTGTjQHTgeV0ZbsiUSPwaFsMChVBtYOoH
FrvwCsv6rMbNuV0cuZc71MiKejMc7/BkHbnqRssC7U6Z
-----END CERTIFICATE-----