Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/LVPO8JZfNdJa2U5Ik8I34YcEOUA.roa
File:                     LVPO8JZfNdJa2U5Ik8I34YcEOUA.roa (raw, json)
Hash identifier:          p6JxXEEX7qFpTZe35bHvc23RUvTVNt4iONQ/5P6VF/A=
Subject key identifier:   2D:53:CE:F0:96:5F:35:D2:5A:D9:4E:48:93:C2:37:E1:87:04:39:40
Certificate issuer:       /CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
Certificate serial:       019C5727D06B7D34319EAF5923B5E5B4FC0E
Authority key identifier: 3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/LVPO8JZfNdJa2U5Ik8I34YcEOUA.roa
Signing time:             Fri 13 Feb 2026 13:19:12 +0000
ROA not before:           Fri 13 Feb 2026 13:19:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     12929
IP address blocks:        2001:2020::/31 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:57:27:d0:6b:7d:34:31:9e:af:59:23:b5:e5:b4:fc:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ba5b1c09aa31f6713c61b32e558109e47966d42
        Validity
            Not Before: Feb 13 13:19:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d53cef0965f35d25ad94e4893c237e187043940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:27:b0:7a:fb:52:91:00:4b:2b:38:b7:73:e8:
                    3b:63:b9:84:d5:33:14:fe:9a:06:15:d2:05:6a:33:
                    fd:f9:94:1c:6b:6e:ff:55:4b:f8:2d:5f:7f:24:3f:
                    4b:b8:0e:17:14:c2:c8:f6:c3:a1:d5:26:67:68:40:
                    c2:54:70:d6:5e:4e:77:4b:af:83:8e:1b:da:4b:a3:
                    47:0c:39:3c:f8:0e:ec:78:c4:3b:e7:70:7b:5d:e3:
                    30:50:4d:9e:91:0e:8b:40:91:25:07:cc:54:ea:76:
                    7f:8c:4a:58:e0:ff:2f:73:ca:88:90:ef:82:94:a0:
                    18:3f:0a:89:d8:e1:01:c6:7c:c4:a3:5d:95:e9:fa:
                    81:cb:f7:a1:40:05:9b:df:24:8c:e3:ff:e5:e3:0a:
                    3e:db:84:31:46:72:db:8e:fe:0c:f0:15:de:17:2a:
                    c2:33:ba:bf:ce:ca:6a:00:36:b3:ca:de:45:e6:4d:
                    0c:d8:46:ae:1e:14:67:82:ad:ed:62:86:49:7b:b2:
                    02:92:b7:1e:63:1b:15:34:27:93:d2:2c:95:3e:94:
                    83:be:7d:eb:67:c5:10:f0:2f:ec:09:10:83:9b:a1:
                    53:c6:48:b2:f6:b6:64:6c:70:72:7a:95:6d:6f:f6:
                    11:4d:9c:52:03:33:ef:d1:c5:ad:a2:94:9f:c4:3e:
                    0b:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:53:CE:F0:96:5F:35:D2:5A:D9:4E:48:93:C2:37:E1:87:04:39:40
            X509v3 Authority Key Identifier:
                keyid:3B:A5:B1:C0:9A:A3:1F:67:13:C6:1B:32:E5:58:10:9E:47:96:6D:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O6WxwJqjH2cTxhsy5VgQnkeWbUI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/LVPO8JZfNdJa2U5Ik8I34YcEOUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/13bd77-d297-4689-bee4-466e9cab7864/1/O6WxwJqjH2cTxhsy5VgQnkeWbUI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:2020::/31

    Signature Algorithm: sha256WithRSAEncryption
         02:a5:8b:76:81:6b:17:29:e0:e9:a6:25:56:8d:15:6e:09:1a:
         22:ec:6b:b7:90:dc:e4:08:dc:17:8f:b7:7d:18:d8:f9:ec:7b:
         7f:b2:e2:cf:8c:50:a6:fd:8a:80:73:3a:b8:c6:f7:ae:c5:78:
         30:fa:93:47:b4:96:aa:17:3b:bb:43:f9:67:2b:94:1e:24:5c:
         ba:fe:c3:5d:7b:2e:f0:3f:d2:61:e5:27:00:bf:27:41:3e:36:
         8e:9b:46:11:92:92:c2:ac:d3:81:fe:d8:17:a2:4a:c0:22:12:
         81:25:3d:cb:c3:34:c2:f5:b1:48:61:78:44:73:d1:be:40:00:
         76:4f:c8:82:53:a6:6a:c5:03:22:d6:88:49:a4:3c:7c:a9:c6:
         f5:a3:cc:05:af:76:fa:de:83:83:e0:70:dc:0c:b2:30:2a:cb:
         72:60:d5:ad:d2:1d:80:54:08:dd:e0:77:2a:4f:f8:1b:cd:c1:
         14:af:2d:8c:33:05:ab:44:3f:d3:e7:24:c2:f3:72:80:7b:0a:
         4d:6f:2d:90:c5:60:c0:ea:bf:e3:2b:f3:b9:fc:b0:51:e1:da:
         4c:26:7e:5e:e0:51:eb:6d:7d:73:f9:bd:51:24:41:33:ce:56:
         d8:14:76:2c:da:ee:75:87:06:7a:b8:f8:26:eb:db:48:cf:57:
         7f:93:2e:d7
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZxXJ9BrfTQxnq9ZI7XltPwOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiYTViMWMwOWFhMzFmNjcxM2M2MWIzMmU1NTgxMDllNDc5
NjZkNDIwHhcNMjYwMjEzMTMxOTEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDUzY2VmMDk2NWYzNWQyNWFkOTRlNDg5M2MyMzdlMTg3MDQzOTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqSewevtSkQBLKzi3c+g7Y7mE1TMU
/poGFdIFajP9+ZQca27/VUv4LV9/JD9LuA4XFMLI9sOh1SZnaEDCVHDWXk53S6+D
jhvaS6NHDDk8+A7seMQ753B7XeMwUE2ekQ6LQJElB8xU6nZ/jEpY4P8vc8qIkO+C
lKAYPwqJ2OEBxnzEo12V6fqBy/ehQAWb3ySM4//l4wo+24QxRnLbjv4M8BXeFyrC
M7q/zspqADazyt5F5k0M2EauHhRngq3tYoZJe7ICkrceYxsVNCeT0iyVPpSDvn3r
Z8UQ8C/sCRCDm6FTxkiy9rZkbHByepVtb/YRTZxSAzPv0cWtopSfxD4LfQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFC1TzvCWXzXSWtlOSJPCN+GHBDlAMB8GA1UdIwQY
MBaAFDulscCaox9nE8YbMuVYEJ5Hlm1CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQt
NDY2ZTljYWI3ODY0LzEvTFZQTzhKWmZOZEphMlU1SWs4STM0WWNFT1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC8xM2JkNzctZDI5Ny00Njg5LWJlZTQtNDY2ZTljYWI3ODY0
LzEvTzZXeHdKcWpIMmNUeGhzeTVWZ1Fua2VXYlVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUBIAEgIDAN
BgkqhkiG9w0BAQsFAAOCAQEAAqWLdoFrFyng6aYlVo0VbgkaIuxrt5Dc5AjcF4+3
fRjY+ex7f7Liz4xQpv2KgHM6uMb3rsV4MPqTR7SWqhc7u0P5ZyuUHiRcuv7DXXsu
8D/SYeUnAL8nQT42jptGEZKSwqzTgf7YF6JKwCISgSU9y8M0wvWxSGF4RHPRvkAA
dk/IglOmasUDItaISaQ8fKnG9aPMBa92+t6Dg+Bw3AyyMCrLcmDVrdIdgFQI3eB3
Kk/4G83BFK8tjDMFq0Q/0+ckwvNygHsKTW8tkMVgwOq/4yvzufywUeHaTCZ+XuBR
6219c/m9USRBM85W2BR2LNrudYcGerj4JuvbSM9Xf5Mu1w==
-----END CERTIFICATE-----