Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/38ldLSKWidZmyXvegwPR-zXE01w.roa
File:                     38ldLSKWidZmyXvegwPR-zXE01w.roa (raw, json)
Hash identifier:          5V3+eI8I2SoQJwGvQGp2SjkVPx6UQZS85qMpq9IlC34=
Subject key identifier:   DF:C9:5D:2D:22:96:89:D6:66:C9:7B:DE:83:03:D1:FB:35:C4:D3:5C
Certificate issuer:       /CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
Certificate serial:       019C8F43BD063F9EB07FB382965E96CF92F0
Authority key identifier: 2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/38ldLSKWidZmyXvegwPR-zXE01w.roa
Signing time:             Tue 24 Feb 2026 10:48:27 +0000
ROA not before:           Tue 24 Feb 2026 10:48:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213870
IP address blocks:        138.249.144.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:8f:43:bd:06:3f:9e:b0:7f:b3:82:96:5e:96:cf:92:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e6a86e62f0ce98e02e980869ff4414ee2a0f0ce
        Validity
            Not Before: Feb 24 10:48:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfc95d2d229689d666c97bde8303d1fb35c4d35c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:8a:36:f3:a5:46:43:7f:e1:e9:03:f0:57:35:
                    5b:b5:d8:bc:fd:78:80:4f:85:71:82:93:a1:45:92:
                    1c:37:2e:fc:f9:a3:7e:29:05:c1:4f:95:8c:43:d8:
                    41:27:8e:a1:e0:f5:2f:65:84:f9:90:30:5c:3a:a5:
                    c7:e2:2c:8f:31:94:15:6c:35:b0:0f:78:9a:e5:38:
                    f5:f3:01:29:2f:6b:f3:1f:61:90:1f:f6:7b:13:a9:
                    6e:ac:ba:92:41:43:89:cd:57:ed:59:23:d6:c9:1d:
                    0c:83:81:1f:ae:2d:25:8b:07:6b:d4:9d:3b:27:a8:
                    f6:a5:22:87:5b:4c:c1:c0:00:b3:da:57:89:01:2d:
                    9c:18:ae:b8:7a:ca:70:56:24:32:26:6b:5c:30:9c:
                    1a:b9:5a:b0:d2:84:64:b0:2c:f7:89:f7:04:56:2d:
                    ae:1d:0e:f8:a5:e0:39:9d:2a:68:60:bb:66:6b:3b:
                    dc:ec:65:f1:25:0e:3c:9e:46:f9:c8:ea:ab:42:cc:
                    e2:3b:e4:55:a1:04:87:64:6b:57:7d:84:ba:4d:56:
                    02:70:5d:a9:62:fb:7d:96:7c:11:de:f9:4c:ad:70:
                    62:63:aa:92:36:e4:4f:b5:bc:60:00:d8:31:88:19:
                    88:65:ad:28:03:32:f9:4a:be:65:8d:88:47:23:2b:
                    74:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:C9:5D:2D:22:96:89:D6:66:C9:7B:DE:83:03:D1:FB:35:C4:D3:5C
            X509v3 Authority Key Identifier:
                keyid:2E:6A:86:E6:2F:0C:E9:8E:02:E9:80:86:9F:F4:41:4E:E2:A0:F0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/38ldLSKWidZmyXvegwPR-zXE01w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/2b6030-6d88-4e3e-9f3a-a667bb765060/1/LmqG5i8M6Y4C6YCGn_RBTuKg8M4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  138.249.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         54:fd:ca:df:2e:3c:73:54:f7:fa:04:c1:45:09:9e:26:26:18:
         d7:65:78:bf:0f:29:d7:67:78:e1:1a:95:b2:d8:72:2b:4a:e3:
         29:ee:9f:2d:38:9f:91:56:a5:59:10:55:31:9e:ed:e6:bb:a9:
         83:35:86:49:5f:44:1b:6e:8e:fc:23:54:95:78:78:d9:d8:1f:
         57:90:fa:c0:de:f7:96:9a:70:d3:85:0a:3e:d7:1c:ff:ae:47:
         0e:c5:fb:33:bc:7b:c9:04:6d:f5:23:b3:34:fa:90:28:ee:a4:
         60:77:c4:f8:56:90:cb:c9:39:c8:30:79:3a:bb:88:96:7f:63:
         43:88:fa:9b:c0:09:a8:65:cf:e7:b5:40:69:ae:bc:00:67:df:
         6d:65:40:7f:7e:a7:5f:f4:aa:69:e4:5f:a9:49:f5:33:b1:d1:
         e4:70:47:89:ac:4b:cb:70:5d:1d:6f:3a:c3:57:f4:24:08:2e:
         57:d1:33:2c:7b:23:4d:f1:98:91:81:ea:7c:37:a2:a4:6e:7d:
         b3:31:1d:6a:10:1e:87:a2:88:94:ae:b0:31:96:a1:b4:9a:f1:
         4e:90:45:a5:ba:d8:b0:b3:0f:16:55:75:a4:99:8a:aa:05:b9:
         99:8b:6c:67:92:f9:32:d4:66:7d:77:9f:8f:a5:51:3c:12:5c:
         ab:8e:aa:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZyPQ70GP56wf7OCll6Wz5LwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNmE4NmU2MmYwY2U5OGUwMmU5ODA4NjlmZjQ0MTRlZTJh
MGYwY2UwHhcNMjYwMjI0MTA0ODI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmM5NWQyZDIyOTY4OWQ2NjZjOTdiZGU4MzAzZDFmYjM1YzRkMzVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoo286VGQ3/h6QPwVzVbtdi8/XiA
T4VxgpOhRZIcNy78+aN+KQXBT5WMQ9hBJ46h4PUvZYT5kDBcOqXH4iyPMZQVbDWw
D3ia5Tj18wEpL2vzH2GQH/Z7E6lurLqSQUOJzVftWSPWyR0Mg4Efri0liwdr1J07
J6j2pSKHW0zBwACz2leJAS2cGK64espwViQyJmtcMJwauVqw0oRksCz3ifcEVi2u
HQ74peA5nSpoYLtmazvc7GXxJQ48nkb5yOqrQsziO+RVoQSHZGtXfYS6TVYCcF2p
Yvt9lnwR3vlMrXBiY6qSNuRPtbxgANgxiBmIZa0oAzL5Sr5ljYhHIyt01wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN/JXS0ilonWZsl73oMD0fs1xNNcMB8GA1UdIwQY
MBaAFC5qhuYvDOmOAumAhp/0QU7ioPDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2Et
YTY2N2JiNzY1MDYwLzEvMzhsZExTS1dpZFpteVh2ZWd3UFItelhFMDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC8yYjYwMzAtNmQ4OC00ZTNlLTlmM2EtYTY2N2JiNzY1MDYw
LzEvTG1xRzVpOE02WTRDNllDR25fUkJUdUtnOE00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCivmQMA0G
CSqGSIb3DQEBCwUAA4IBAQBU/crfLjxzVPf6BMFFCZ4mJhjXZXi/DynXZ3jhGpWy
2HIrSuMp7p8tOJ+RVqVZEFUxnu3mu6mDNYZJX0Qbbo78I1SVeHjZ2B9XkPrA3veW
mnDThQo+1xz/rkcOxfszvHvJBG31I7M0+pAo7qRgd8T4VpDLyTnIMHk6u4iWf2ND
iPqbwAmoZc/ntUBprrwAZ99tZUB/fqdf9Kpp5F+pSfUzsdHkcEeJrEvLcF0dbzrD
V/QkCC5X0TMseyNN8ZiRgep8N6Kkbn2zMR1qEB6HooiUrrAxlqG0mvFOkEWlutiw
sw8WVXWkmYqqBbmZi2xnkvky1GZ9d5+PpVE8ElyrjqoG
-----END CERTIFICATE-----