Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LYDjrF__hQ2iuh2sZT6-21x6fNg.roa
File:                     LYDjrF__hQ2iuh2sZT6-21x6fNg.roa (raw, json)
Hash identifier:          SyjbfoWaTfu8VxRCmcDbx8EIX4Y5JAkmYwLpylSU6Ag=
Subject key identifier:   2D:80:E3:AC:5F:FF:85:0D:A2:BA:1D:AC:65:3E:BE:DB:5C:7A:7C:D8
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019C65A98449466012B8E9CB97E27BBB9A1A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LYDjrF__hQ2iuh2sZT6-21x6fNg.roa
Signing time:             Mon 16 Feb 2026 08:55:34 +0000
ROA not before:           Mon 16 Feb 2026 08:55:34 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     57043
IP address blocks:        84.245.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:65:a9:84:49:46:60:12:b8:e9:cb:97:e2:7b:bb:9a:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Feb 16 08:55:34 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d80e3ac5fff850da2ba1dac653ebedb5c7a7cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:89:12:42:10:f0:c9:50:ea:6e:2a:01:b9:e6:
                    a8:19:17:b1:83:5b:cd:46:2f:db:27:36:b9:28:c0:
                    51:c6:05:c7:54:24:fb:54:a0:9f:19:16:4f:bb:4a:
                    db:0e:49:0c:92:92:33:b6:8a:c7:65:f2:23:25:26:
                    f0:33:90:6c:7e:31:a4:4a:df:8b:7e:1c:c4:b0:24:
                    c7:85:86:bc:32:53:06:c8:9c:c7:6a:50:ca:5c:7d:
                    28:88:f2:d8:c6:ee:61:54:39:33:ff:46:7c:78:a6:
                    93:9e:79:6b:ee:f9:9d:98:55:1e:8e:56:76:55:f0:
                    75:4d:9b:30:a6:d9:46:98:24:89:dc:e5:83:c5:0f:
                    4e:fb:73:5d:28:7c:73:e9:81:76:fb:cd:0d:d6:68:
                    56:27:71:11:6d:72:01:77:77:73:4e:12:c1:0a:f5:
                    e2:d3:62:98:5e:9d:45:47:7e:00:ca:a4:01:d7:93:
                    14:84:2c:ca:02:66:38:77:a2:92:4c:3a:a8:ea:80:
                    0d:6f:24:a2:4f:ca:30:bb:98:84:9f:cb:29:3c:3a:
                    17:df:48:7b:89:dd:3f:a7:2f:9e:34:0a:2c:ac:24:
                    05:7f:03:ad:05:f3:c1:0f:cd:25:02:4c:9a:21:d4:
                    b4:15:35:f1:5c:6f:48:d3:96:a5:2b:a3:c4:63:4c:
                    9c:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:80:E3:AC:5F:FF:85:0D:A2:BA:1D:AC:65:3E:BE:DB:5C:7A:7C:D8
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/LYDjrF__hQ2iuh2sZT6-21x6fNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.245.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:1c:59:9c:c4:ff:4b:1e:15:84:0e:7f:75:77:2d:40:1b:32:
         df:1b:51:2e:31:2b:f6:88:b0:b5:f1:d0:88:63:a4:96:07:83:
         a1:b4:37:70:6f:9f:5b:25:f8:2c:fa:cd:9c:47:73:84:c0:06:
         a2:e1:bd:73:9f:ce:b9:5c:a5:49:1a:90:7e:fa:a5:6b:20:cf:
         1c:9e:d3:fb:54:eb:a1:14:57:65:89:7d:fc:bb:bc:f7:c7:03:
         2a:27:a0:27:19:15:ca:9c:02:b0:f3:34:dd:ee:61:0f:1c:98:
         e1:bc:78:c5:d8:01:8a:4d:86:b5:8d:4f:8c:44:9c:77:89:93:
         59:5a:e8:bb:61:b8:f0:6e:a5:ec:9a:26:71:cd:47:9b:00:f8:
         5b:91:e0:bb:36:b1:5d:af:74:cf:1d:86:c8:e4:66:d1:65:15:
         2a:21:b8:5e:b4:7d:c7:a6:73:14:c5:5f:ff:ea:2a:3a:92:df:
         06:e7:79:8e:b7:e3:4e:9b:73:9b:aa:cb:ca:39:e2:cd:8e:17:
         73:af:ac:5b:8e:fe:5e:2b:37:1b:c3:4e:02:44:60:72:ef:54:
         d2:2e:5a:3e:04:34:b7:97:8f:53:ec:f7:9e:fe:bc:37:a9:a5:
         eb:0d:d4:35:a0:8e:d4:73:34:52:83:84:2e:74:ba:a7:dc:d3:
         9c:b5:99:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxlqYRJRmASuOnLl+J7u5oaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjYwMjE2MDg1NTM0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDgwZTNhYzVmZmY4NTBkYTJiYTFkYWM2NTNlYmVkYjVjN2E3Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIkSQhDwyVDqbioBueaoGRexg1vN
Ri/bJza5KMBRxgXHVCT7VKCfGRZPu0rbDkkMkpIztorHZfIjJSbwM5BsfjGkSt+L
fhzEsCTHhYa8MlMGyJzHalDKXH0oiPLYxu5hVDkz/0Z8eKaTnnlr7vmdmFUejlZ2
VfB1TZswptlGmCSJ3OWDxQ9O+3NdKHxz6YF2+80N1mhWJ3ERbXIBd3dzThLBCvXi
02KYXp1FR34AyqQB15MUhCzKAmY4d6KSTDqo6oANbySiT8owu5iEn8spPDoX30h7
id0/py+eNAosrCQFfwOtBfPBD80lAkyaIdS0FTXxXG9I05alK6PEY0ycPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2A46xf/4UNorodrGU+vttcenzYMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvTFlEanJGX19oUTJpdWgyc1pUNi0yMXg2Zk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVPUTMA0G
CSqGSIb3DQEBCwUAA4IBAQAuHFmcxP9LHhWEDn91dy1AGzLfG1EuMSv2iLC18dCI
Y6SWB4OhtDdwb59bJfgs+s2cR3OEwAai4b1zn865XKVJGpB++qVrIM8cntP7VOuh
FFdliX38u7z3xwMqJ6AnGRXKnAKw8zTd7mEPHJjhvHjF2AGKTYa1jU+MRJx3iZNZ
Wui7YbjwbqXsmiZxzUebAPhbkeC7NrFdr3TPHYbI5GbRZRUqIbhetH3HpnMUxV//
6io6kt8G53mOt+NOm3ObqsvKOeLNjhdzr6xbjv5eKzcbw04CRGBy71TSLlo+BDS3
l49T7Pee/rw3qaXrDdQ1oI7UczRSg4QudLqn3NOctZkY
-----END CERTIFICATE-----