Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/LXVLneKd5nd3VNMstA4eoK1elTI.roa
File:                     LXVLneKd5nd3VNMstA4eoK1elTI.roa (raw, json)
Hash identifier:          y1ZerFXOYCu4kKWr/GvOxSa/P1KjUPTg6tx+kBq/Dgs=
Subject key identifier:   2D:75:4B:9D:E2:9D:E6:77:77:54:D3:2C:B4:0E:1E:A0:AD:5E:95:32
Certificate issuer:       /CN=122a646bed4c417a6b4805f93d77a7a465e34b93
Certificate serial:       019E4A51135B07EFDFA433E96ADCA89F4D33
Authority key identifier: 12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/LXVLneKd5nd3VNMstA4eoK1elTI.roa
Signing time:             Thu 21 May 2026 11:34:47 +0000
ROA not before:           Thu 21 May 2026 11:34:47 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     197099
IP address blocks:        93.159.177.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 17 Jun 2026 23:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:4a:51:13:5b:07:ef:df:a4:33:e9:6a:dc:a8:9f:4d:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a646bed4c417a6b4805f93d77a7a465e34b93
        Validity
            Not Before: May 21 11:34:47 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d754b9de29de6777754d32cb40e1ea0ad5e9532
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:38:2d:38:b9:52:f9:d1:b9:0f:6e:46:c5:90:
                    3b:b7:8e:d2:3d:97:70:0a:de:57:47:0b:df:d6:b5:
                    7f:c4:22:58:e3:2f:73:f5:de:04:99:56:01:1a:b4:
                    3e:a9:63:9e:a2:67:a6:de:20:8f:d5:f9:85:16:08:
                    71:37:29:b2:fb:47:37:56:0e:d6:55:e7:1e:71:4a:
                    d7:27:d3:b5:f1:46:a2:45:16:fe:9f:85:64:a0:6b:
                    33:f7:8e:93:10:f6:76:ac:43:74:f6:ad:96:91:64:
                    fe:9a:a8:b1:a2:c7:bd:a1:e2:3c:6e:c8:05:6b:b7:
                    0f:67:f9:42:93:2d:3b:6a:23:3d:9e:36:5b:84:07:
                    f3:94:db:58:1e:44:82:ff:d6:e5:1d:46:3d:e3:2f:
                    ef:7e:7f:3c:3b:37:3f:9e:63:e8:f4:78:3a:3d:f6:
                    ed:d0:27:a7:98:cb:e5:5f:4c:93:47:44:db:c6:ed:
                    e3:63:fa:1b:33:d7:99:5e:fb:5c:9f:71:c3:27:86:
                    50:f2:70:58:b4:76:da:38:a6:61:72:47:6e:af:e3:
                    60:b3:2d:aa:9c:98:63:c4:78:c0:bf:2b:12:c9:28:
                    06:6d:71:6d:d0:88:74:39:0b:f6:a2:a2:da:99:a7:
                    73:0e:c7:7d:f1:8e:10:5a:88:c2:fe:8b:19:e1:94:
                    6a:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:75:4B:9D:E2:9D:E6:77:77:54:D3:2C:B4:0E:1E:A0:AD:5E:95:32
            X509v3 Authority Key Identifier:
                keyid:12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/LXVLneKd5nd3VNMstA4eoK1elTI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.177.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:08:97:39:b0:73:6e:10:04:f6:f4:08:7c:ca:8f:4a:20:4d:
         a4:47:8c:d0:48:22:9e:9f:e5:52:3a:92:24:2b:33:5b:98:d6:
         ae:fc:3f:3b:82:2b:39:fc:66:3d:44:a3:62:2e:87:2b:a9:49:
         67:8a:70:87:35:7b:86:6d:49:07:7c:de:1a:4a:14:8b:64:33:
         47:b5:2d:f9:3a:63:40:e4:a8:07:f9:6d:2c:20:72:77:2b:e8:
         f1:95:88:9d:73:9d:65:b2:91:9a:3b:e6:8d:bc:4b:51:ac:1a:
         a1:fd:27:1d:92:2f:dc:38:49:dc:51:c9:76:0f:24:e2:ba:33:
         7f:28:0a:d0:6b:07:d0:a8:f7:ee:e3:4a:25:06:d6:94:85:a2:
         53:bd:8f:97:8e:43:60:b9:79:f0:40:89:f0:c9:88:8c:0f:f5:
         82:a1:80:69:e9:e2:13:43:2a:f0:60:08:ed:e8:01:a0:87:c4:
         03:ec:8d:cd:53:00:77:bd:88:be:03:e9:b1:ef:f9:bb:9b:2c:
         1c:85:2f:9d:81:28:c1:72:24:fb:8b:ee:c2:88:46:82:83:ea:
         78:55:ea:54:49:eb:1e:9f:4c:38:32:0a:07:7e:50:f1:17:99:
         cb:c7:06:3f:d6:41:c5:85:ec:29:a2:c6:ff:b6:ad:ab:aa:30:
         9f:5a:e6:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5KURNbB+/fpDPpatyon00zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmE2NDZiZWQ0YzQxN2E2YjQ4MDVmOTNkNzdhN2E0NjVl
MzRiOTMwHhcNMjYwNTIxMTEzNDQ3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDc1NGI5ZGUyOWRlNjc3Nzc1NGQzMmNiNDBlMWVhMGFkNWU5NTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArjgtOLlS+dG5D25GxZA7t47SPZdw
Ct5XRwvf1rV/xCJY4y9z9d4EmVYBGrQ+qWOeomem3iCP1fmFFghxNymy+0c3Vg7W
VececUrXJ9O18UaiRRb+n4VkoGsz946TEPZ2rEN09q2WkWT+mqixose9oeI8bsgF
a7cPZ/lCky07aiM9njZbhAfzlNtYHkSC/9blHUY94y/vfn88Ozc/nmPo9Hg6Pfbt
0CenmMvlX0yTR0Tbxu3jY/obM9eZXvtcn3HDJ4ZQ8nBYtHbaOKZhckdur+Ngsy2q
nJhjxHjAvysSySgGbXFt0Ih0OQv2oqLamadzDsd98Y4QWojC/osZ4ZRqyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC11S53ineZ3d1TTLLQOHqCtXpUyMB8GA1UdIwQY
MBaAFBIqZGvtTEF6a0gF+T13p6Rl40uTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWIt
NWNiZDFmM2ZmMzlhLzEvTFhWTG5lS2Q1bmQzVk5Nc3RBNGVvSzFlbFRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWItNWNiZDFmM2ZmMzlh
LzEvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXZ+xMA0G
CSqGSIb3DQEBCwUAA4IBAQCCCJc5sHNuEAT29Ah8yo9KIE2kR4zQSCKen+VSOpIk
KzNbmNau/D87gis5/GY9RKNiLocrqUlninCHNXuGbUkHfN4aShSLZDNHtS35OmNA
5KgH+W0sIHJ3K+jxlYidc51lspGaO+aNvEtRrBqh/Scdki/cOEncUcl2DyTiujN/
KArQawfQqPfu40olBtaUhaJTvY+XjkNguXnwQInwyYiMD/WCoYBp6eITQyrwYAjt
6AGgh8QD7I3NUwB3vYi+A+mx7/m7mywchS+dgSjBciT7i+7CiEaCg+p4VepUSese
n0w4MgoHflDxF5nLxwY/1kHFhewposb/tq2rqjCfWuZk
-----END CERTIFICATE-----