Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/LgD5htJGPPhQqKRT3OXosm95CvA.roa
File:                     LgD5htJGPPhQqKRT3OXosm95CvA.roa (raw, json)
Hash identifier:          oCLNTeRXkZO9pSz62dS9ZHRdid9Os6l7QArra7xL/Dg=
Subject key identifier:   2E:00:F9:86:D2:46:3C:F8:50:A8:A4:53:DC:E5:E8:B2:6F:79:0A:F0
Certificate issuer:       /CN=c6a707934a762bbdf34fc0148f265ce124577213
Certificate serial:       019CA01E9E6C7635D26E5745734BEEAE8FFC
Authority key identifier: C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/LgD5htJGPPhQqKRT3OXosm95CvA.roa
Signing time:             Fri 27 Feb 2026 17:21:27 +0000
ROA not before:           Fri 27 Feb 2026 17:21:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     205775
IP address blocks:        5.252.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:a0:1e:9e:6c:76:35:d2:6e:57:45:73:4b:ee:ae:8f:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6a707934a762bbdf34fc0148f265ce124577213
        Validity
            Not Before: Feb 27 17:21:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e00f986d2463cf850a8a453dce5e8b26f790af0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:a7:e2:0c:ef:84:dd:05:e2:86:3b:32:7f:d2:
                    a6:bd:26:b9:f0:62:37:c1:a7:2e:ba:8c:e4:f0:ba:
                    f9:7d:a3:d9:11:a9:bf:b1:84:e2:61:84:28:c1:4d:
                    e8:c6:ef:37:69:a5:8d:16:fe:36:90:f1:96:9b:f9:
                    6c:ed:22:72:f0:4d:ae:2c:03:12:a8:9d:36:51:c4:
                    5a:f4:c1:1b:b6:55:a1:c0:11:d8:7d:f9:62:66:b3:
                    41:23:9c:0e:42:e2:c7:40:b9:d5:ae:ac:89:54:8b:
                    3e:df:de:8a:5b:7c:99:84:90:bb:cd:33:cc:d6:b4:
                    25:c2:ed:6d:8e:44:5c:43:9e:c3:49:8b:c0:90:70:
                    c8:1e:ac:23:5f:55:5c:3d:63:88:5b:0b:07:1d:c4:
                    c6:e5:4d:30:30:fa:72:c9:2f:81:ee:8f:c6:1e:53:
                    38:54:f4:5e:8d:71:04:73:b4:ab:34:8a:2f:ed:35:
                    a5:15:ae:03:16:c7:9f:d6:17:dc:19:91:9e:3b:9e:
                    89:5d:51:fd:aa:d1:fc:cd:73:e3:01:f0:fe:22:f4:
                    04:0d:3f:fb:20:7d:73:e8:24:e2:a5:61:f0:23:29:
                    ca:fa:6d:d0:38:51:73:f1:c8:94:5b:0e:ef:46:99:
                    12:e5:65:28:42:9c:9d:5e:3e:2a:95:e0:c9:c8:9a:
                    22:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:00:F9:86:D2:46:3C:F8:50:A8:A4:53:DC:E5:E8:B2:6F:79:0A:F0
            X509v3 Authority Key Identifier:
                keyid:C6:A7:07:93:4A:76:2B:BD:F3:4F:C0:14:8F:26:5C:E1:24:57:72:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xqcHk0p2K73zT8AUjyZc4SRXchM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/LgD5htJGPPhQqKRT3OXosm95CvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/486c96-8e0f-4161-a00e-b8ea18eb75f4/1/xqcHk0p2K73zT8AUjyZc4SRXchM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.252.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:84:9a:4b:0f:82:50:d2:5d:91:5d:1e:e3:ca:92:23:ad:5f:
         71:da:77:80:0e:89:33:d8:8b:2e:3b:c6:97:17:bd:4f:5c:06:
         74:97:50:d4:8a:55:7b:61:da:b8:be:c5:6c:28:cb:f2:2e:d9:
         73:7b:19:ee:e6:bd:9e:71:26:c3:8b:a8:92:95:f6:c1:90:b8:
         82:51:11:0f:0a:75:fd:f0:c5:38:b2:e3:ed:f1:41:09:a5:d6:
         39:27:ea:d8:e1:e9:ed:60:99:e7:ab:57:1a:91:80:bf:7d:4b:
         87:70:4e:b3:ab:94:6e:4f:c2:99:b6:5e:09:93:57:5f:f7:8f:
         f9:00:10:b0:8b:ba:c8:52:af:c3:06:07:f4:fd:5c:d6:e9:0f:
         14:95:2d:3a:75:07:e9:49:ba:35:06:36:69:0f:d8:f1:3c:38:
         35:07:fb:3c:d5:5f:64:5d:18:ad:49:76:16:55:4f:71:52:af:
         2c:37:c3:f3:1a:c7:89:aa:bb:9f:75:40:9b:02:76:72:96:a0:
         a7:ce:8e:e3:81:c4:ad:68:36:25:ee:e5:11:67:89:95:e2:41:
         29:06:cb:a3:ee:90:fd:6d:7c:dd:cd:a2:85:ae:6b:0d:b8:ec:
         92:ba:de:78:7a:ed:91:8c:b8:03:2b:5a:1e:e5:ab:75:97:9d:
         f1:a8:0a:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZygHp5sdjXSbldFc0vuro/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2YTcwNzkzNGE3NjJiYmRmMzRmYzAxNDhmMjY1Y2UxMjQ1
NzcyMTMwHhcNMjYwMjI3MTcyMTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTAwZjk4NmQyNDYzY2Y4NTBhOGE0NTNkY2U1ZThiMjZmNzkwYWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhqfiDO+E3QXihjsyf9KmvSa58GI3
wacuuozk8Lr5faPZEam/sYTiYYQowU3oxu83aaWNFv42kPGWm/ls7SJy8E2uLAMS
qJ02UcRa9MEbtlWhwBHYffliZrNBI5wOQuLHQLnVrqyJVIs+396KW3yZhJC7zTPM
1rQlwu1tjkRcQ57DSYvAkHDIHqwjX1VcPWOIWwsHHcTG5U0wMPpyyS+B7o/GHlM4
VPRejXEEc7SrNIov7TWlFa4DFsef1hfcGZGeO56JXVH9qtH8zXPjAfD+IvQEDT/7
IH1z6CTipWHwIynK+m3QOFFz8ciUWw7vRpkS5WUoQpydXj4qleDJyJoiZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC4A+YbSRjz4UKikU9zl6LJveQrwMB8GA1UdIwQY
MBaAFManB5NKdiu980/AFI8mXOEkV3ITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUt
YjhlYTE4ZWI3NWY0LzEvTGdENWh0SkdQUGhRcUtSVDNPWG9zbTk1Q3ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi80ODZjOTYtOGUwZi00MTYxLWEwMGUtYjhlYTE4ZWI3NWY0
LzEveHFjSGswcDJLNzN6VDhBVWp5WmM0U1JYY2hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABfyZMA0G
CSqGSIb3DQEBCwUAA4IBAQBxhJpLD4JQ0l2RXR7jypIjrV9x2neADokz2IsuO8aX
F71PXAZ0l1DUilV7Ydq4vsVsKMvyLtlzexnu5r2ecSbDi6iSlfbBkLiCUREPCnX9
8MU4suPt8UEJpdY5J+rY4entYJnnq1cakYC/fUuHcE6zq5RuT8KZtl4Jk1df94/5
ABCwi7rIUq/DBgf0/VzW6Q8UlS06dQfpSbo1BjZpD9jxPDg1B/s81V9kXRitSXYW
VU9xUq8sN8PzGseJqrufdUCbAnZylqCnzo7jgcStaDYl7uURZ4mV4kEpBsuj7pD9
bXzdzaKFrmsNuOySut54eu2RjLgDK1oe5at1l53xqArr
-----END CERTIFICATE-----