Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LZOKjCTvkerXNaQHARpRo56Kqso.roa
File:                     LZOKjCTvkerXNaQHARpRo56Kqso.roa (raw, json)
Hash identifier:          /7ze2xxSfyryQxdjncvWxyLh3U/nea4i62kJoou5YO8=
Subject key identifier:   2D:93:8A:8C:24:EF:91:EA:D7:35:A4:07:01:1A:51:A3:9E:8A:AA:CA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E7AE8F8AAE328321B52703A99DACC1783
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LZOKjCTvkerXNaQHARpRo56Kqso.roa
Signing time:             Sat 30 May 2026 22:02:28 +0000
ROA not before:           Sat 30 May 2026 22:02:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154383
IP address blocks:        2.26.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 10:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:7a:e8:f8:aa:e3:28:32:1b:52:70:3a:99:da:cc:17:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 30 22:02:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2d938a8c24ef91ead735a407011a51a39e8aaaca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b0:4f:ea:2d:55:c4:3c:4c:1c:ed:e7:5e:08:
                    61:68:38:73:4a:0c:2e:c5:da:b9:d2:0a:76:f3:fe:
                    b2:12:e2:34:43:b5:03:d4:67:bf:f5:26:56:24:55:
                    5b:79:17:d2:5a:97:2f:c5:d3:39:cd:c8:3d:05:86:
                    65:48:48:cd:7e:61:e2:29:65:ea:1c:71:00:3e:e7:
                    a3:37:65:12:11:b1:35:41:e3:83:c7:0f:49:a5:b9:
                    0d:6f:0b:8b:f3:34:be:3e:a7:7b:1f:cc:6a:7d:01:
                    15:ab:4f:59:e1:c0:e9:c2:35:e4:60:57:73:28:80:
                    51:31:8e:32:e7:b9:43:14:cb:c8:5a:43:6b:fe:91:
                    4d:cf:eb:30:d5:9f:c3:c9:6f:29:24:e0:d3:85:79:
                    6b:64:1e:2e:d5:13:13:09:81:a6:f7:2a:8c:d6:a3:
                    18:06:f5:1a:b2:08:0e:e3:95:93:68:0d:19:af:9a:
                    32:62:25:78:3d:bf:01:95:b4:a8:26:7e:80:31:4e:
                    f4:c9:80:5a:98:78:a1:c0:e7:82:9a:7a:8c:ba:08:
                    11:27:ad:8c:46:8f:48:d2:10:bb:50:b5:b3:ae:1e:
                    4a:d4:38:b0:1a:14:26:c6:d2:bc:91:8a:27:57:aa:
                    b9:2e:3d:bc:fd:2e:2e:5d:ba:7c:6f:85:4c:c6:a7:
                    cd:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:93:8A:8C:24:EF:91:EA:D7:35:A4:07:01:1A:51:A3:9E:8A:AA:CA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/LZOKjCTvkerXNaQHARpRo56Kqso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:af:aa:f9:94:15:b3:bc:b7:ca:7e:1b:a8:a5:dc:d1:25:58:
         59:72:d4:5e:53:cd:67:64:85:20:9b:20:45:57:e7:1e:e5:6d:
         f8:e5:ab:73:c6:ea:97:8e:e4:0e:76:2f:94:7e:c8:c9:cd:ee:
         57:e4:87:0d:8a:0f:e6:25:50:8b:af:aa:11:fe:43:fe:3b:45:
         32:b0:0a:f3:59:a0:ac:2a:5c:91:51:84:8f:3b:9c:aa:6b:aa:
         b4:4a:7a:61:23:b8:8c:ba:a7:45:ba:a4:3f:b1:3b:5d:52:cf:
         02:8c:33:6e:f6:89:37:9b:b3:53:9e:8c:c7:7d:59:a6:e2:fa:
         49:b4:bc:50:c4:a1:bc:66:35:89:50:68:eb:5a:c0:a9:f1:7a:
         b8:b5:6f:38:5d:5d:54:fa:90:49:53:55:15:94:04:f0:22:08:
         65:cd:97:4c:91:b7:ab:01:3f:ee:40:b1:3b:59:37:4b:93:e4:
         9c:80:6b:e2:6e:b4:f0:62:08:a8:f2:34:51:3b:6c:e1:68:ae:
         e2:a1:a5:00:15:6d:99:92:d0:ba:a4:b7:36:9c:a8:ed:ca:65:
         93:4a:d4:4f:52:29:47:18:aa:e6:80:ba:ac:f7:fd:a2:4c:ee:
         33:4b:3a:69:2d:4e:86:90:be:65:ab:85:9b:99:ac:64:34:bd:
         50:61:b7:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ566Piq4ygyG1JwOpnazBeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTMwMjIwMjI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDkzOGE4YzI0ZWY5MWVhZDczNWE0MDcwMTFhNTFhMzllOGFhYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7BP6i1VxDxMHO3nXghhaDhzSgwu
xdq50gp28/6yEuI0Q7UD1Ge/9SZWJFVbeRfSWpcvxdM5zcg9BYZlSEjNfmHiKWXq
HHEAPuejN2USEbE1QeODxw9JpbkNbwuL8zS+Pqd7H8xqfQEVq09Z4cDpwjXkYFdz
KIBRMY4y57lDFMvIWkNr/pFNz+sw1Z/DyW8pJODThXlrZB4u1RMTCYGm9yqM1qMY
BvUasggO45WTaA0Zr5oyYiV4Pb8BlbSoJn6AMU70yYBamHihwOeCmnqMuggRJ62M
Ro9I0hC7ULWzrh5K1DiwGhQmxtK8kYonV6q5Lj28/S4uXbp8b4VMxqfN5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC2Tiowk75Hq1zWkBwEaUaOeiqrKMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTFpPS2pDVHZrZXJYTmFRSEFScFJvNTZLcXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhq/MA0G
CSqGSIb3DQEBCwUAA4IBAQCtr6r5lBWzvLfKfhuopdzRJVhZctReU81nZIUgmyBF
V+ce5W345atzxuqXjuQOdi+UfsjJze5X5IcNig/mJVCLr6oR/kP+O0UysArzWaCs
KlyRUYSPO5yqa6q0SnphI7iMuqdFuqQ/sTtdUs8CjDNu9ok3m7NTnozHfVmm4vpJ
tLxQxKG8ZjWJUGjrWsCp8Xq4tW84XV1U+pBJU1UVlATwIghlzZdMkberAT/uQLE7
WTdLk+ScgGvibrTwYgio8jRRO2zhaK7ioaUAFW2ZktC6pLc2nKjtymWTStRPUilH
GKrmgLqs9/2iTO4zSzppLU6GkL5lq4WbmaxkNL1QYbdt
-----END CERTIFICATE-----