Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/lpaC_L_3Kh3Us_J5PIM5IP-2MB0.roa
File:                     lpaC_L_3Kh3Us_J5PIM5IP-2MB0.roa (raw, json)
Hash identifier:          4WQbvnKdlS0s85jQle9ELQNyZdFgg7qqpkEdDrjdCZ0=
Subject key identifier:   96:96:82:FC:BF:F7:2A:1D:D4:B3:F2:79:3C:83:39:20:FF:B6:30:1D
Certificate issuer:       /CN=3bca34a3034177d084338d33b089b7e03cca3a8a
Certificate serial:       019B7AC80E41A7F0CEFB7C8175ACE964DF01
Authority key identifier: 3B:CA:34:A3:03:41:77:D0:84:33:8D:33:B0:89:B7:E0:3C:CA:3A:8A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/lpaC_L_3Kh3Us_J5PIM5IP-2MB0.roa
Signing time:             Thu 01 Jan 2026 18:18:09 +0000
ROA not before:           Thu 01 Jan 2026 18:18:09 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     29624
IP address blocks:        82.212.192.0/19 maxlen: 19
                          2a00:cb0::/34 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 09:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7a:c8:0e:41:a7:f0:ce:fb:7c:81:75:ac:e9:64:df:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bca34a3034177d084338d33b089b7e03cca3a8a
        Validity
            Not Before: Jan  1 18:18:09 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=969682fcbff72a1dd4b3f2793c833920ffb6301d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:67:84:e7:55:8f:a1:4b:6e:80:7e:98:3d:e2:
                    42:7a:a4:cd:6a:27:4a:e3:0c:cf:04:54:93:c8:25:
                    a3:70:5d:d1:b2:70:d8:ff:7d:bd:c3:fa:b5:58:ab:
                    4b:65:4d:e8:c4:94:f8:9c:00:e3:0c:ad:aa:90:c6:
                    c2:89:0c:1f:4e:a4:a6:b5:b0:9b:0a:23:4c:8d:5e:
                    16:36:72:85:5e:3f:1d:f4:01:ee:5e:05:c9:98:87:
                    d3:b3:6d:2c:20:43:7f:20:b7:bd:55:59:ad:b1:fd:
                    16:a6:22:79:57:b6:2d:ca:c8:5d:04:a7:af:0b:40:
                    1d:43:8d:13:7d:ef:97:54:9a:3d:b4:35:90:25:16:
                    81:d3:7a:16:90:79:4d:bd:cc:e0:ce:14:72:6d:21:
                    fb:0c:fa:8c:a4:be:99:58:d8:d1:56:9f:f0:d6:b4:
                    a7:75:a5:cf:f5:fb:cc:70:1b:9b:52:b1:c6:1a:32:
                    f3:d3:6a:46:1f:30:12:65:d4:ad:ad:2f:90:e4:a0:
                    4a:ea:26:8d:9a:c3:7b:04:70:cd:1f:c9:04:1d:71:
                    97:6b:55:25:2b:bc:b0:7e:e7:ef:cc:89:06:8d:31:
                    33:f8:cb:f8:08:49:f3:47:5a:38:8b:d6:4c:18:dc:
                    36:0f:62:9f:d4:21:78:10:13:d2:48:5b:cd:f2:de:
                    86:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:96:82:FC:BF:F7:2A:1D:D4:B3:F2:79:3C:83:39:20:FF:B6:30:1D
            X509v3 Authority Key Identifier:
                keyid:3B:CA:34:A3:03:41:77:D0:84:33:8D:33:B0:89:B7:E0:3C:CA:3A:8A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O8o0owNBd9CEM40zsIm34DzKOoo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/lpaC_L_3Kh3Us_J5PIM5IP-2MB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/d1245c-02cf-48b5-9e42-89753f2b47dc/1/O8o0owNBd9CEM40zsIm34DzKOoo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.212.192.0/19
                IPv6:
                  2a00:cb0::/34

    Signature Algorithm: sha256WithRSAEncryption
         72:b2:4b:00:0d:3b:01:27:70:4d:2f:8a:cb:35:34:65:45:cd:
         f6:2f:b4:07:33:42:22:40:1b:96:1e:f0:c9:85:69:cc:f7:e1:
         c9:c4:18:4d:2c:d4:44:60:dc:10:13:ec:22:50:c6:2b:2b:bb:
         a8:6c:18:78:38:11:10:ae:69:68:bd:0c:81:0a:8a:28:ca:74:
         71:ea:bd:e7:fc:30:6f:bc:c7:88:d7:0d:ae:19:76:c6:1b:a6:
         4a:7e:38:7b:3e:6e:32:b2:66:30:1c:2a:7c:e7:49:5b:73:62:
         94:50:60:5a:ff:37:85:ab:7c:b7:82:bc:76:bf:b1:09:e3:56:
         6d:29:97:8f:17:75:1e:04:d1:ac:ec:a8:ab:ff:7e:74:e9:85:
         ac:38:0e:78:6a:0c:e7:c0:1c:1a:f3:db:54:70:33:55:dc:b4:
         77:cd:66:83:59:49:28:0c:ae:85:a6:b6:11:0a:91:95:e4:cc:
         54:31:ed:74:b2:89:e7:68:5d:60:2a:ad:5c:cd:4f:4d:16:a5:
         76:5f:6f:9b:08:4b:44:78:b6:64:c1:c2:3c:09:ca:18:a1:93:
         4f:84:51:21:88:d8:e4:cd:f9:4d:07:7b:6f:9d:30:63:b7:57:
         0d:5b:0b:71:cf:9e:2e:02:a1:81:34:7d:e5:cc:c9:ee:ba:38:
         99:ca:b1:98
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZt6yA5Bp/DO+3yBdazpZN8BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2EzNGEzMDM0MTc3ZDA4NDMzOGQzM2IwODliN2UwM2Nj
YTNhOGEwHhcNMjYwMTAxMTgxODA5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Njk2ODJmY2JmZjcyYTFkZDRiM2YyNzkzYzgzMzkyMGZmYjYzMDFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGeE51WPoUtugH6YPeJCeqTNaidK
4wzPBFSTyCWjcF3RsnDY/329w/q1WKtLZU3oxJT4nADjDK2qkMbCiQwfTqSmtbCb
CiNMjV4WNnKFXj8d9AHuXgXJmIfTs20sIEN/ILe9VVmtsf0WpiJ5V7YtyshdBKev
C0AdQ40Tfe+XVJo9tDWQJRaB03oWkHlNvczgzhRybSH7DPqMpL6ZWNjRVp/w1rSn
daXP9fvMcBubUrHGGjLz02pGHzASZdStrS+Q5KBK6iaNmsN7BHDNH8kEHXGXa1Ul
K7ywfufvzIkGjTEz+Mv4CEnzR1o4i9ZMGNw2D2Kf1CF4EBPSSFvN8t6GKQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFJaWgvy/9yod1LPyeTyDOSD/tjAdMB8GA1UdIwQY
MBaAFDvKNKMDQXfQhDONM7CJt+A8yjqKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzhvMG93TkJkOUNFTTQwenNJbTM0RHpLT29vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9kMTI0NWMtMDJjZi00OGI1LTllNDIt
ODk3NTNmMmI0N2RjLzEvbHBhQ19MXzNLaDNVc19KNVBJTTVJUC0yTUIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9kMTI0NWMtMDJjZi00OGI1LTllNDItODk3NTNmMmI0N2Rj
LzEvTzhvMG93TkJkOUNFTTQwenNJbTM0RHpLT29vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQFUtTAMA4E
AgACMAgDBgYqAAywADANBgkqhkiG9w0BAQsFAAOCAQEAcrJLAA07ASdwTS+KyzU0
ZUXN9i+0BzNCIkAblh7wyYVpzPfhycQYTSzURGDcEBPsIlDGKyu7qGwYeDgREK5p
aL0MgQqKKMp0ceq95/wwb7zHiNcNrhl2xhumSn44ez5uMrJmMBwqfOdJW3NilFBg
Wv83hat8t4K8dr+xCeNWbSmXjxd1HgTRrOyoq/9+dOmFrDgOeGoM58AcGvPbVHAz
Vdy0d81mg1lJKAyuhaa2EQqRleTMVDHtdLKJ52hdYCqtXM1PTRaldl9vmwhLRHi2
ZMHCPAnKGKGTT4RRIYjY5M35TQd7b50wY7dXDVsLcc+eLgKhgTR95czJ7ro4mcqx
mA==
-----END CERTIFICATE-----