Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/LKPNjW0FwzxJuXJJO8QeVx8xVKA.roa
File:                     LKPNjW0FwzxJuXJJO8QeVx8xVKA.roa (raw, json)
Hash identifier:          7aAIkZ00eO3qTrf1/VDBo5PmzNCovWfeD3QFFzPD2+k=
Subject key identifier:   2C:A3:CD:8D:6D:05:C3:3C:49:B9:72:49:3B:C4:1E:57:1F:31:54:A0
Certificate issuer:       /CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
Certificate serial:       019D96036F5A3B9CDFA247281A063AC27CFE
Authority key identifier: F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/LKPNjW0FwzxJuXJJO8QeVx8xVKA.roa
Signing time:             Thu 16 Apr 2026 11:18:20 +0000
ROA not before:           Thu 16 Apr 2026 11:18:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     9000
IP address blocks:        84.17.85.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 05:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:96:03:6f:5a:3b:9c:df:a2:47:28:1a:06:3a:c2:7c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f4b762950eb7916668bbfa8d1b870560b1ca7739
        Validity
            Not Before: Apr 16 11:18:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2ca3cd8d6d05c33c49b972493bc41e571f3154a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:67:c8:0d:c2:95:d0:59:6c:10:3d:66:93:7c:
                    7a:2a:f9:b3:a6:56:23:fb:7a:fe:03:af:b8:a5:0f:
                    69:4b:d5:e5:c7:a5:71:51:8a:e1:fd:46:86:4d:1d:
                    70:cc:ce:1c:f1:28:fc:81:f7:4e:86:84:47:d8:9c:
                    5b:5e:95:39:41:5b:53:c0:c4:05:38:19:91:44:bf:
                    2a:17:49:c8:55:48:b3:04:9a:f4:3b:c9:d5:2f:a5:
                    b6:3a:85:80:94:fe:14:3b:82:11:1c:a8:72:da:8b:
                    5e:5b:51:69:01:52:94:9e:fd:ad:d1:a7:bb:ad:d7:
                    64:08:e9:cd:d9:2f:0a:3a:6b:02:02:52:19:8b:7c:
                    77:41:d5:9a:53:3c:e4:0b:71:b6:8f:0c:b0:04:54:
                    ad:53:73:a5:71:fb:c6:7c:20:0f:e4:c5:8e:b1:79:
                    1a:b3:a8:ab:72:fa:07:f0:e4:79:38:b5:c6:0d:80:
                    a5:de:c5:7b:ed:58:66:ea:46:22:f6:04:40:0f:56:
                    d7:cf:bb:ef:88:63:7c:c8:fe:08:14:15:14:a8:5d:
                    09:0a:b9:1b:86:73:90:f5:75:c2:b6:11:7d:cf:ee:
                    dc:e7:98:f4:f8:42:9c:60:89:57:8e:3c:dd:bb:0b:
                    28:00:6a:84:4b:d2:69:4d:86:9e:42:72:1b:6f:bd:
                    8d:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:A3:CD:8D:6D:05:C3:3C:49:B9:72:49:3B:C4:1E:57:1F:31:54:A0
            X509v3 Authority Key Identifier:
                keyid:F4:B7:62:95:0E:B7:91:66:68:BB:FA:8D:1B:87:05:60:B1:CA:77:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9LdilQ63kWZou_qNG4cFYLHKdzk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/LKPNjW0FwzxJuXJJO8QeVx8xVKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/0b23c5-21b5-4ab3-97a0-2f8df187f98b/1/9LdilQ63kWZou_qNG4cFYLHKdzk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.17.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:bf:1f:cc:81:54:2f:5e:33:af:a3:db:29:e5:af:14:04:a0:
         d4:0e:4e:7e:55:ef:6e:a0:93:82:0a:a2:11:b3:38:02:fc:a6:
         ea:ef:12:fd:70:e3:1f:34:a8:d2:b8:15:b6:05:66:59:cc:54:
         19:01:fc:a6:d0:df:aa:de:48:15:8f:ec:7c:fa:28:79:97:a2:
         3a:82:ec:9e:ac:19:63:3e:35:41:08:87:d1:0a:9f:e1:43:0e:
         78:4d:06:44:68:ea:d8:99:f8:a3:d7:27:b6:c8:69:2a:bb:6e:
         cb:48:ef:b4:68:2f:e9:65:68:62:2e:49:b7:6c:cd:1f:85:ca:
         17:26:51:e6:f3:c5:79:fd:dd:fc:f4:82:92:d5:d5:f4:b0:a9:
         2c:53:2d:3c:f4:18:71:3e:74:0c:94:26:48:28:4d:d5:63:fd:
         c2:40:c5:73:fc:b7:ff:e0:ec:8a:55:5d:6b:e1:d3:59:22:3e:
         07:b0:41:bf:52:98:b6:bd:1f:10:64:3b:5e:87:bc:6f:70:36:
         f7:8a:65:11:cf:c7:66:da:19:ad:ce:a3:04:06:78:42:ba:ef:
         4d:7f:84:5b:78:78:01:e1:79:5e:3e:7a:09:b3:b0:1b:0e:e4:
         99:ed:1b:01:e4:a5:97:b0:20:ae:a1:fa:d0:32:25:48:29:e9:
         18:d3:21:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2WA29aO5zfokcoGgY6wnz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0Yjc2Mjk1MGViNzkxNjY2OGJiZmE4ZDFiODcwNTYwYjFj
YTc3MzkwHhcNMjYwNDE2MTExODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyY2EzY2Q4ZDZkMDVjMzNjNDliOTcyNDkzYmM0MWU1NzFmMzE1NGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+WfIDcKV0FlsED1mk3x6KvmzplYj
+3r+A6+4pQ9pS9Xlx6VxUYrh/UaGTR1wzM4c8Sj8gfdOhoRH2JxbXpU5QVtTwMQF
OBmRRL8qF0nIVUizBJr0O8nVL6W2OoWAlP4UO4IRHKhy2oteW1FpAVKUnv2t0ae7
rddkCOnN2S8KOmsCAlIZi3x3QdWaUzzkC3G2jwywBFStU3OlcfvGfCAP5MWOsXka
s6ircvoH8OR5OLXGDYCl3sV77Vhm6kYi9gRAD1bXz7vviGN8yP4IFBUUqF0JCrkb
hnOQ9XXCthF9z+7c55j0+EKcYIlXjjzduwsoAGqES9JpTYaeQnIbb72N9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCyjzY1tBcM8SblySTvEHlcfMVSgMB8GA1UdIwQY
MBaAFPS3YpUOt5FmaLv6jRuHBWCxync5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAt
MmY4ZGYxODdmOThiLzEvTEtQTmpXMEZ3enhKdVhKSk84UWVWeDh4VktBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8wYjIzYzUtMjFiNS00YWIzLTk3YTAtMmY4ZGYxODdmOThi
LzEvOUxkaWxRNjNrV1pvdV9xTkc0Y0ZZTEhLZHprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVBFVMA0G
CSqGSIb3DQEBCwUAA4IBAQAPvx/MgVQvXjOvo9sp5a8UBKDUDk5+Ve9uoJOCCqIR
szgC/Kbq7xL9cOMfNKjSuBW2BWZZzFQZAfym0N+q3kgVj+x8+ih5l6I6guyerBlj
PjVBCIfRCp/hQw54TQZEaOrYmfij1ye2yGkqu27LSO+0aC/pZWhiLkm3bM0fhcoX
JlHm88V5/d389IKS1dX0sKksUy089BhxPnQMlCZIKE3VY/3CQMVz/Lf/4OyKVV1r
4dNZIj4HsEG/Upi2vR8QZDteh7xvcDb3imURz8dm2hmtzqMEBnhCuu9Nf4RbeHgB
4XlePnoJs7AbDuSZ7RsB5KWXsCCuofrQMiVIKekY0yEy
-----END CERTIFICATE-----