Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/lb_7krkD_79mMTpANXkkm_K7ZTQ.roa
File:                     lb_7krkD_79mMTpANXkkm_K7ZTQ.roa (raw, json)
Hash identifier:          xkUhgkfDHxEVRJZCN3Fz90NoSxJUNyIebRhDkhjmiCM=
Subject key identifier:   95:BF:FB:92:B9:03:FF:BF:66:31:3A:40:35:79:24:9B:F2:BB:65:34
Certificate issuer:       /CN=86170339c2bc664d600fa98b8061269d48e4f2c6
Certificate serial:       019EA8BB5D57C2DC358AE9AEC3BEADCE7866
Authority key identifier: 86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/lb_7krkD_79mMTpANXkkm_K7ZTQ.roa
Signing time:             Mon 08 Jun 2026 19:35:11 +0000
ROA not before:           Mon 08 Jun 2026 19:35:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211665
IP address blocks:        31.13.212.0/24 maxlen: 24
                          193.0.232.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 22:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:a8:bb:5d:57:c2:dc:35:8a:e9:ae:c3:be:ad:ce:78:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86170339c2bc664d600fa98b8061269d48e4f2c6
        Validity
            Not Before: Jun  8 19:35:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95bffb92b903ffbf66313a403579249bf2bb6534
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:89:18:c3:34:b7:70:f4:6e:55:2d:cc:b6:9e:
                    f6:8a:69:a6:67:8b:06:d9:17:da:df:4c:29:66:f5:
                    3b:00:33:9f:98:86:4f:2d:ee:d8:e5:3c:18:b3:58:
                    b6:6d:ac:a7:04:98:20:a1:48:51:73:67:09:91:04:
                    01:e9:03:d9:86:2a:c1:8b:aa:d8:2c:a8:4b:c0:8a:
                    df:d9:6d:c9:af:96:89:15:ed:3a:02:d8:23:53:e0:
                    89:d9:4c:c7:9a:39:37:18:95:19:33:14:43:a0:a1:
                    75:16:69:14:f3:1d:f5:b9:29:13:79:57:bc:94:91:
                    a8:02:06:31:c9:b9:2e:12:68:94:e2:d7:87:e1:7f:
                    5f:9f:77:60:41:85:fa:57:7d:14:4c:5f:48:4c:5e:
                    b2:08:6d:2a:25:30:56:84:db:d7:8f:6f:47:b9:b0:
                    11:61:a0:b0:18:24:eb:d9:68:8a:8e:01:46:d6:d7:
                    f0:78:0b:69:3f:20:2a:9e:bb:f7:1c:b4:2b:96:3a:
                    e6:91:79:be:e9:e6:a4:fc:6a:aa:e2:01:18:f2:17:
                    cc:07:10:08:4b:6a:72:ab:5d:8c:dd:f8:84:bf:bc:
                    43:82:aa:1c:a5:5a:2b:21:32:cf:d6:03:1b:4c:63:
                    72:51:ad:8f:89:3d:49:cd:7b:dd:78:21:bb:c3:15:
                    7b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:BF:FB:92:B9:03:FF:BF:66:31:3A:40:35:79:24:9B:F2:BB:65:34
            X509v3 Authority Key Identifier:
                keyid:86:17:03:39:C2:BC:66:4D:60:0F:A9:8B:80:61:26:9D:48:E4:F2:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/lb_7krkD_79mMTpANXkkm_K7ZTQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/c98aa3-0e0c-4d97-9bc3-74d91cdbe195/1/hhcDOcK8Zk1gD6mLgGEmnUjk8sY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.13.212.0/24
                  193.0.232.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:00:f2:ed:8a:27:f1:15:d6:d0:03:3c:67:b1:c2:de:4d:28:
         c3:18:e0:ff:7f:a2:2e:b3:35:64:62:ea:e3:86:af:44:d9:1a:
         e0:e5:43:3a:41:a0:db:83:c7:18:93:08:9e:68:33:30:42:11:
         9e:e3:0a:7d:fc:84:9b:e4:74:7a:c0:27:84:e9:d8:20:70:67:
         e2:65:13:79:eb:46:71:55:03:b9:e3:a2:40:38:16:0f:83:e5:
         a4:19:6c:16:8e:c2:9f:73:35:89:67:60:48:8d:9e:a9:5c:bf:
         1b:42:d8:6d:ae:5f:41:7b:28:6c:0c:46:0f:b4:3a:3f:77:c2:
         20:11:ab:c8:b5:f8:cb:19:76:34:1b:39:d1:96:7d:05:fa:0c:
         18:54:98:bd:71:2e:28:b5:d6:42:c4:96:8b:48:1f:c9:a8:be:
         97:15:64:bb:f8:0e:39:07:f0:06:0f:8b:9f:f0:05:03:59:10:
         10:a3:a8:b0:58:06:2c:c9:9d:ac:38:cc:3f:68:e1:1b:58:9b:
         01:61:29:d2:9a:e5:f5:84:be:72:d8:75:66:74:fa:e7:d9:2e:
         ee:97:b6:82:39:01:8e:f4:57:d9:05:0f:69:32:9a:42:3f:d7:
         29:f3:94:51:4b:1b:d2:16:a8:cd:fa:1d:50:51:17:1d:c7:e0:
         9b:67:40:89
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6ou11Xwtw1iumuw76tznhmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2MTcwMzM5YzJiYzY2NGQ2MDBmYTk4YjgwNjEyNjlkNDhl
NGYyYzYwHhcNMjYwNjA4MTkzNTExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NWJmZmI5MmI5MDNmZmJmNjYzMTNhNDAzNTc5MjQ5YmYyYmI2NTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmYkYwzS3cPRuVS3Mtp72immmZ4sG
2Rfa30wpZvU7ADOfmIZPLe7Y5TwYs1i2baynBJggoUhRc2cJkQQB6QPZhirBi6rY
LKhLwIrf2W3Jr5aJFe06AtgjU+CJ2UzHmjk3GJUZMxRDoKF1FmkU8x31uSkTeVe8
lJGoAgYxybkuEmiU4teH4X9fn3dgQYX6V30UTF9ITF6yCG0qJTBWhNvXj29HubAR
YaCwGCTr2WiKjgFG1tfweAtpPyAqnrv3HLQrljrmkXm+6eak/Gqq4gEY8hfMBxAI
S2pyq12M3fiEv7xDgqocpVorITLP1gMbTGNyUa2PiT1JzXvdeCG7wxV7ywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJW/+5K5A/+/ZjE6QDV5JJvyu2U0MB8GA1UdIwQY
MBaAFIYXAznCvGZNYA+pi4BhJp1I5PLGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMt
NzRkOTFjZGJlMTk1LzEvbGJfN2tya0RfNzltTVRwQU5Ya2ttX0s3WlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy9jOThhYTMtMGUwYy00ZDk3LTliYzMtNzRkOTFjZGJlMTk1
LzEvaGhjRE9jSzhaazFnRDZtTGdHRW1uVWprOHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAHw3UAwQA
wQDoMA0GCSqGSIb3DQEBCwUAA4IBAQA8APLtiifxFdbQAzxnscLeTSjDGOD/f6Iu
szVkYurjhq9E2Rrg5UM6QaDbg8cYkwieaDMwQhGe4wp9/ISb5HR6wCeE6dggcGfi
ZRN560ZxVQO546JAOBYPg+WkGWwWjsKfczWJZ2BIjZ6pXL8bQthtrl9BeyhsDEYP
tDo/d8IgEavItfjLGXY0GznRln0F+gwYVJi9cS4otdZCxJaLSB/JqL6XFWS7+A45
B/AGD4uf8AUDWRAQo6iwWAYsyZ2sOMw/aOEbWJsBYSnSmuX1hL5y2HVmdPrn2S7u
l7aCOQGO9FfZBQ9pMppCP9cp85RRSxvSFqjN+h1QURcdx+CbZ0CJ
-----END CERTIFICATE-----