Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/LK0mnFpvLZH3CQotrWmjRdadc2Q.roa
File:                     LK0mnFpvLZH3CQotrWmjRdadc2Q.roa (raw, json)
Hash identifier:          PzW6hCIxfzoM1kAt1RELho6ifNDKFCjnbvBci0lFP9E=
Subject key identifier:   2C:AD:26:9C:5A:6F:2D:91:F7:09:0A:2D:AD:69:A3:45:D6:9D:73:64
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019C4F30F20D477873C9C3A4DF0391BBDB3D
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/LK0mnFpvLZH3CQotrWmjRdadc2Q.roa
Signing time:             Thu 12 Feb 2026 00:12:13 +0000
ROA not before:           Thu 12 Feb 2026 00:12:13 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205899
IP address blocks:        185.231.173.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 00:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:4f:30:f2:0d:47:78:73:c9:c3:a4:df:03:91:bb:db:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Feb 12 00:12:13 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2cad269c5a6f2d91f7090a2dad69a345d69d7364
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:4a:f1:05:c9:93:b1:3c:a1:3d:41:39:f9:8e:
                    d3:d5:d0:3e:e6:9d:89:47:ea:49:db:56:6d:25:ff:
                    d4:a7:d9:a7:a6:a6:9f:7c:59:87:5c:a1:9e:d1:6e:
                    89:ac:01:39:68:d4:4a:44:49:80:5d:46:7b:14:07:
                    72:3d:62:f4:50:ae:17:9d:8c:a4:61:63:c2:df:ee:
                    a7:6a:d1:97:31:f0:ec:27:24:cd:a8:13:19:9b:4d:
                    de:a3:c2:ad:e0:cc:6f:f9:8e:4d:e7:63:65:41:05:
                    06:bd:4f:06:04:b3:ba:6f:df:3f:ea:b3:85:b5:69:
                    8d:c6:0b:50:c9:e9:18:0b:71:7a:cf:46:9d:40:95:
                    e5:0a:ef:55:9a:7d:06:17:1c:e3:d6:1e:9e:5d:e0:
                    53:50:66:16:99:06:7c:7c:6e:f3:86:9e:27:7a:35:
                    35:2f:c9:23:b8:99:ff:ca:4f:1e:6d:e2:9e:10:e7:
                    2d:5d:24:57:30:77:63:37:4b:96:41:40:a2:5a:5f:
                    22:82:b2:e6:4c:4d:a8:e5:35:dd:dd:81:86:47:db:
                    94:05:66:0a:c8:99:78:13:75:26:43:d8:3e:f4:91:
                    ed:d8:ec:07:a6:f4:2c:6a:d8:3d:73:c5:24:d0:40:
                    48:dd:70:93:bf:76:db:3a:ea:00:4a:51:d8:c3:9a:
                    1e:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:AD:26:9C:5A:6F:2D:91:F7:09:0A:2D:AD:69:A3:45:D6:9D:73:64
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/LK0mnFpvLZH3CQotrWmjRdadc2Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.173.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c7:d9:70:95:1a:15:34:a4:75:b8:de:62:44:a2:03:7f:69:
         f1:5f:e8:e8:04:89:77:de:dd:26:98:77:80:8f:05:54:76:86:
         75:f1:fa:de:86:32:b2:a9:ab:f6:0f:9e:8d:be:d9:62:c8:bb:
         da:56:e8:0e:df:2f:20:13:b3:83:e8:39:64:c9:a8:07:44:10:
         1a:02:9e:34:dc:51:eb:89:fa:ac:e3:a8:77:34:df:27:95:86:
         b5:02:3e:5e:72:97:83:d3:84:75:32:c3:56:1a:da:74:94:6c:
         9d:69:ca:af:61:7b:97:f5:00:1f:47:9b:f8:ff:da:8e:fb:3c:
         0e:0d:54:f2:75:2b:3b:17:23:47:d5:e4:41:39:46:0d:41:35:
         27:e9:1e:eb:be:3d:ee:69:65:31:f6:4a:63:45:15:1c:eb:a8:
         2c:74:fb:16:b2:4b:b2:a3:1b:d8:77:82:d9:25:c4:29:fc:53:
         b7:86:af:65:c4:05:3e:77:33:b8:67:da:b9:42:fb:6c:74:94:
         bf:f5:bb:f8:29:5c:14:fe:ae:09:21:38:64:9a:b5:81:a9:07:
         3d:8d:41:4c:02:40:db:da:79:ca:3a:f2:46:ef:65:f2:5d:46:
         72:13:7c:55:69:da:f4:f4:6e:bc:4c:17:8c:9b:e9:ad:1b:1a:
         fa:e3:15:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxPMPINR3hzycOk3wORu9s9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjYwMjEyMDAxMjEzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2FkMjY5YzVhNmYyZDkxZjcwOTBhMmRhZDY5YTM0NWQ2OWQ3MzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUrxBcmTsTyhPUE5+Y7T1dA+5p2J
R+pJ21ZtJf/Up9mnpqaffFmHXKGe0W6JrAE5aNRKREmAXUZ7FAdyPWL0UK4XnYyk
YWPC3+6natGXMfDsJyTNqBMZm03eo8Kt4Mxv+Y5N52NlQQUGvU8GBLO6b98/6rOF
tWmNxgtQyekYC3F6z0adQJXlCu9Vmn0GFxzj1h6eXeBTUGYWmQZ8fG7zhp4nejU1
L8kjuJn/yk8ebeKeEOctXSRXMHdjN0uWQUCiWl8igrLmTE2o5TXd3YGGR9uUBWYK
yJl4E3UmQ9g+9JHt2OwHpvQsatg9c8Uk0EBI3XCTv3bbOuoASlHYw5oeBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCytJpxaby2R9wkKLa1po0XWnXNkMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvTEswbW5GcHZMWkgzQ1FvdHJXbWpSZGFkYzJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueetMA0G
CSqGSIb3DQEBCwUAA4IBAQBBx9lwlRoVNKR1uN5iRKIDf2nxX+joBIl33t0mmHeA
jwVUdoZ18frehjKyqav2D56NvtliyLvaVugO3y8gE7OD6DlkyagHRBAaAp403FHr
ifqs46h3NN8nlYa1Aj5ecpeD04R1MsNWGtp0lGydacqvYXuX9QAfR5v4/9qO+zwO
DVTydSs7FyNH1eRBOUYNQTUn6R7rvj3uaWUx9kpjRRUc66gsdPsWskuyoxvYd4LZ
JcQp/FO3hq9lxAU+dzO4Z9q5QvtsdJS/9bv4KVwU/q4JIThkmrWBqQc9jUFMAkDb
2nnKOvJG72XyXUZyE3xVadr09G68TBeMm+mtGxr64xXS
-----END CERTIFICATE-----