Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/LGZXRjlMsd8l00GKR2QE87j1TTA.roa
File:                     LGZXRjlMsd8l00GKR2QE87j1TTA.roa (raw, json)
Hash identifier:          PaebTCq43309eJujsiliFxMpMTh3T8ONlskEyWdZeN8=
Subject key identifier:   2C:66:57:46:39:4C:B1:DF:25:D3:41:8A:47:64:04:F3:B8:F5:4D:30
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       019C6B5BA0B7B81D8EBA8ADF4F795247077C
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/LGZXRjlMsd8l00GKR2QE87j1TTA.roa
Signing time:             Tue 17 Feb 2026 11:28:12 +0000
ROA not before:           Tue 17 Feb 2026 11:28:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     13287
IP address blocks:        109.122.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:6b:5b:a0:b7:b8:1d:8e:ba:8a:df:4f:79:52:47:07:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Feb 17 11:28:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2c665746394cb1df25d3418a476404f3b8f54d30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0a:36:cd:24:69:7d:80:ca:37:40:85:65:91:
                    6c:dc:62:cb:41:e5:57:59:43:1d:37:80:b4:69:21:
                    ea:e0:19:47:d2:5e:f2:a0:74:ce:43:b6:bc:eb:80:
                    ab:a3:f8:fd:c1:96:db:83:41:97:e2:9c:2c:f9:c4:
                    12:e0:5a:8d:41:e7:87:4c:b6:9d:9a:2c:00:19:c0:
                    02:44:15:b8:5e:ef:dd:8f:5c:94:4c:03:a0:50:06:
                    d3:6c:62:fe:82:e6:6e:1a:3b:98:46:11:09:a5:1c:
                    49:0b:79:06:03:db:47:e1:d5:8a:29:e0:31:3d:62:
                    bd:6a:84:94:14:45:dd:54:08:96:38:70:b5:b1:f8:
                    cb:d4:f0:59:af:a8:e6:c0:06:1f:ba:a8:af:ca:cf:
                    b9:03:a5:19:27:21:d1:07:d7:4a:60:ca:4f:76:b1:
                    ab:b8:22:59:74:69:fa:0f:67:59:da:58:ac:eb:5b:
                    5a:98:d1:c1:16:9a:5d:c0:7b:ed:cf:6e:d5:4b:94:
                    28:fa:f3:19:d7:f6:e2:6a:bc:b3:0f:26:05:09:ea:
                    b1:9c:6c:e9:46:e6:b0:a3:40:c4:47:7e:6d:49:85:
                    aa:a0:23:8b:10:2b:d2:36:09:54:e5:47:1e:08:f3:
                    b2:e4:7a:64:b4:e3:39:f1:d8:dd:63:aa:ca:93:14:
                    5b:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:66:57:46:39:4C:B1:DF:25:D3:41:8A:47:64:04:F3:B8:F5:4D:30
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/LGZXRjlMsd8l00GKR2QE87j1TTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:76:98:6a:b9:e5:b6:e7:98:00:39:6e:85:98:e5:09:c4:43:
         db:2b:7d:49:ba:1f:48:5f:4d:c7:71:71:59:b8:77:a5:bd:01:
         f8:1f:5a:11:f0:65:e4:23:e4:c4:16:0a:13:9b:6c:86:d4:25:
         9e:10:a9:cb:9c:f1:40:92:f6:30:f5:df:30:ca:0a:39:71:e8:
         33:89:00:91:c6:14:e8:75:b8:4b:04:5e:d2:da:14:f1:82:63:
         21:bc:d4:7d:3b:b5:64:6c:69:b6:8e:b0:46:2c:1c:f3:e2:00:
         ed:74:8b:f6:9e:05:93:96:58:da:a7:bf:3b:7d:ac:68:a5:e6:
         ab:b4:97:94:2f:fe:f4:c7:f4:1c:58:95:fb:26:21:e2:5e:10:
         ed:c4:5f:34:90:70:d6:93:df:50:f9:72:64:38:ea:75:c6:6d:
         ce:e0:7c:70:11:90:e0:d0:d1:c4:f8:c4:2a:10:42:f9:98:fc:
         d2:fd:b9:69:87:19:90:3d:c9:e6:aa:d4:cb:a3:c6:34:59:d9:
         b8:34:4f:9c:0a:74:a2:6c:5d:fc:c7:f6:da:0e:5d:5b:d4:af:
         29:cd:b0:d5:6c:68:9d:ab:97:68:63:2f:dc:2f:b3:15:f4:ed:
         51:9e:09:2e:32:74:3f:44:1c:a3:27:a0:dd:5f:12:7e:14:fc:
         da:3c:28:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxrW6C3uB2OuorfT3lSRwd8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjYwMjE3MTEyODEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzY2NTc0NjM5NGNiMWRmMjVkMzQxOGE0NzY0MDRmM2I4ZjU0ZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAo2zSRpfYDKN0CFZZFs3GLLQeVX
WUMdN4C0aSHq4BlH0l7yoHTOQ7a864Cro/j9wZbbg0GX4pws+cQS4FqNQeeHTLad
miwAGcACRBW4Xu/dj1yUTAOgUAbTbGL+guZuGjuYRhEJpRxJC3kGA9tH4dWKKeAx
PWK9aoSUFEXdVAiWOHC1sfjL1PBZr6jmwAYfuqivys+5A6UZJyHRB9dKYMpPdrGr
uCJZdGn6D2dZ2lis61tamNHBFppdwHvtz27VS5Qo+vMZ1/biaryzDyYFCeqxnGzp
Ruawo0DER35tSYWqoCOLECvSNglU5UceCPOy5HpktOM58djdY6rKkxRbDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxmV0Y5TLHfJdNBikdkBPO49U0wMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvTEdaWFJqbE1zZDhsMDBHS1IyUUU4N2oxVFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXo6MA0G
CSqGSIb3DQEBCwUAA4IBAQDUdphqueW255gAOW6FmOUJxEPbK31Juh9IX03HcXFZ
uHelvQH4H1oR8GXkI+TEFgoTm2yG1CWeEKnLnPFAkvYw9d8wygo5cegziQCRxhTo
dbhLBF7S2hTxgmMhvNR9O7VkbGm2jrBGLBzz4gDtdIv2ngWTlljap787faxopear
tJeUL/70x/QcWJX7JiHiXhDtxF80kHDWk99Q+XJkOOp1xm3O4HxwEZDg0NHE+MQq
EEL5mPzS/blphxmQPcnmqtTLo8Y0Wdm4NE+cCnSibF38x/baDl1b1K8pzbDVbGid
q5doYy/cL7MV9O1RngkuMnQ/RByjJ6DdXxJ+FPzaPCgx
-----END CERTIFICATE-----