Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/65c660-25af-4fb3-af7c-e741999a4d62/1/LcI_BXMvY5aSE3vIzLyzwrL0zuw.roa
File:                     LcI_BXMvY5aSE3vIzLyzwrL0zuw.roa (raw, json)
Hash identifier:          slELEFAipdts8+oeGkNV3YMhCrDdwvjfJkdcNFFBnug=
Subject key identifier:   2D:C2:3F:05:73:2F:63:96:92:13:7B:C8:CC:BC:B3:C2:B2:F4:CE:EC
Certificate issuer:       /CN=3b0764713e5c8b1d7d2ece048e4ebc139428edc3
Certificate serial:       019C47112248AE460A8CF856101E6F4918C8
Authority key identifier: 3B:07:64:71:3E:5C:8B:1D:7D:2E:CE:04:8E:4E:BC:13:94:28:ED:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwdkcT5cix19Ls4Ejk68E5Qo7cM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/65c660-25af-4fb3-af7c-e741999a4d62/1/LcI_BXMvY5aSE3vIzLyzwrL0zuw.roa
Signing time:             Tue 10 Feb 2026 10:20:31 +0000
ROA not before:           Tue 10 Feb 2026 10:20:31 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     58138
IP address blocks:        193.26.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/65c660-25af-4fb3-af7c-e741999a4d62/1/OwdkcT5cix19Ls4Ejk68E5Qo7cM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/65c660-25af-4fb3-af7c-e741999a4d62/1/OwdkcT5cix19Ls4Ejk68E5Qo7cM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwdkcT5cix19Ls4Ejk68E5Qo7cM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 16:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:47:11:22:48:ae:46:0a:8c:f8:56:10:1e:6f:49:18:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b0764713e5c8b1d7d2ece048e4ebc139428edc3
        Validity
            Not Before: Feb 10 10:20:31 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2dc23f05732f639692137bc8ccbcb3c2b2f4ceec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:3c:23:7c:78:b0:fb:e2:e5:e3:b0:28:03:e4:
                    6c:35:87:76:60:68:51:85:a8:7e:dd:96:df:d9:06:
                    9e:2d:d0:8f:40:67:5a:d4:ac:ca:58:a3:bd:0f:d8:
                    bb:d2:47:94:47:ea:9e:f4:52:d7:fe:7b:8d:7e:2f:
                    5b:60:f7:40:05:88:7c:c3:24:95:0b:1d:86:13:85:
                    de:75:60:57:db:cf:09:84:26:98:24:db:6d:6a:a3:
                    bd:3f:92:8c:8b:41:7b:7e:45:2c:5a:5e:12:48:b9:
                    12:d6:a7:dd:ec:f2:0f:3e:59:c6:a6:e7:b5:73:66:
                    60:8d:56:06:26:e9:31:da:b2:e6:64:3b:64:05:dd:
                    ee:5c:29:ca:fe:fd:a6:78:d1:ff:6d:78:af:3d:28:
                    85:84:13:42:3c:6c:45:ac:c2:3a:00:42:c8:0a:87:
                    57:d2:ba:52:ab:63:ee:c6:1a:2f:c0:29:16:6e:8d:
                    42:73:f9:df:62:58:e8:58:b4:46:1b:56:ce:15:1b:
                    84:d6:d4:6f:25:79:5d:4c:9e:81:66:0e:fe:43:2b:
                    8c:8c:74:61:b5:0d:a4:08:9b:75:32:13:fd:6e:fd:
                    1a:67:b5:ce:c1:a9:ef:9c:6d:be:10:fb:b6:82:e4:
                    38:8e:eb:5d:ae:41:1a:55:da:24:8f:6c:d7:f0:48:
                    c4:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:C2:3F:05:73:2F:63:96:92:13:7B:C8:CC:BC:B3:C2:B2:F4:CE:EC
            X509v3 Authority Key Identifier:
                keyid:3B:07:64:71:3E:5C:8B:1D:7D:2E:CE:04:8E:4E:BC:13:94:28:ED:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwdkcT5cix19Ls4Ejk68E5Qo7cM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/65c660-25af-4fb3-af7c-e741999a4d62/1/LcI_BXMvY5aSE3vIzLyzwrL0zuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/65c660-25af-4fb3-af7c-e741999a4d62/1/OwdkcT5cix19Ls4Ejk68E5Qo7cM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:05:ac:f7:68:9e:3e:04:c5:6d:83:dd:3c:d7:9d:f9:d8:c5:
         ff:43:d6:58:2f:4c:e9:6e:68:38:e7:bf:26:f4:48:9c:53:d0:
         57:09:c1:ea:87:5d:27:30:10:66:56:0f:d7:8b:9f:88:68:50:
         fa:18:9f:cd:5d:7b:0c:52:85:62:5b:e2:b8:c5:57:70:72:b4:
         c5:bf:1b:12:ce:41:06:7f:6b:f5:84:c7:89:17:27:52:6c:41:
         61:2a:e0:3f:6e:97:2d:2f:0e:8d:c6:c2:f3:b2:f5:c7:c3:72:
         50:85:e8:6d:bf:83:66:ca:68:56:30:cb:44:bd:be:11:b2:c2:
         01:4e:44:f9:5f:c0:05:cb:d8:dc:33:63:83:1f:30:a0:98:e5:
         0a:e2:73:bc:7e:f4:13:d4:7c:01:ee:57:90:cb:83:6c:ce:96:
         3c:22:20:b2:f6:79:29:7a:5b:44:d9:f4:a8:84:62:9b:dc:53:
         25:21:1a:f1:1f:b7:87:57:e9:76:49:3e:69:9f:67:51:b4:ab:
         8c:5b:84:42:14:2b:5e:82:ac:f4:7b:a8:ab:a2:6a:4e:18:f8:
         23:68:c9:f1:1b:a4:48:83:81:4f:39:54:7d:75:6d:af:a1:53:
         d1:09:78:e4:3d:02:8c:41:fa:54:9b:d2:cb:84:ef:2e:7b:eb:
         07:43:c1:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZxHESJIrkYKjPhWEB5vSRjIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDc2NDcxM2U1YzhiMWQ3ZDJlY2UwNDhlNGViYzEzOTQy
OGVkYzMwHhcNMjYwMjEwMTAyMDMxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGMyM2YwNTczMmY2Mzk2OTIxMzdiYzhjY2JjYjNjMmIyZjRjZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzwjfHiw++Ll47AoA+RsNYd2YGhR
hah+3Zbf2QaeLdCPQGda1KzKWKO9D9i70keUR+qe9FLX/nuNfi9bYPdABYh8wySV
Cx2GE4XedWBX288JhCaYJNttaqO9P5KMi0F7fkUsWl4SSLkS1qfd7PIPPlnGpue1
c2ZgjVYGJukx2rLmZDtkBd3uXCnK/v2meNH/bXivPSiFhBNCPGxFrMI6AELICodX
0rpSq2PuxhovwCkWbo1Cc/nfYljoWLRGG1bOFRuE1tRvJXldTJ6BZg7+QyuMjHRh
tQ2kCJt1MhP9bv0aZ7XOwanvnG2+EPu2guQ4jutdrkEaVdokj2zX8EjEeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC3CPwVzL2OWkhN7yMy8s8Ky9M7sMB8GA1UdIwQY
MBaAFDsHZHE+XIsdfS7OBI5OvBOUKO3DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dka2NUNWNpeDE5THM0RWprNjhFNVFvN2NNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC82NWM2NjAtMjVhZi00ZmIzLWFmN2Mt
ZTc0MTk5OWE0ZDYyLzEvTGNJX0JYTXZZNWFTRTN2SXpMeXp3ckwwenV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC82NWM2NjAtMjVhZi00ZmIzLWFmN2MtZTc0MTk5OWE0ZDYy
LzEvT3dka2NUNWNpeDE5THM0RWprNjhFNVFvN2NNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwRoBMA0G
CSqGSIb3DQEBCwUAA4IBAQBkBaz3aJ4+BMVtg90815352MX/Q9ZYL0zpbmg4578m
9EicU9BXCcHqh10nMBBmVg/Xi5+IaFD6GJ/NXXsMUoViW+K4xVdwcrTFvxsSzkEG
f2v1hMeJFydSbEFhKuA/bpctLw6NxsLzsvXHw3JQhehtv4NmymhWMMtEvb4RssIB
TkT5X8AFy9jcM2ODHzCgmOUK4nO8fvQT1HwB7leQy4NszpY8IiCy9nkpeltE2fSo
hGKb3FMlIRrxH7eHV+l2ST5pn2dRtKuMW4RCFCtegqz0e6irompOGPgjaMnxG6RI
g4FPOVR9dW2voVPRCXjkPQKMQfpUm9LLhO8ue+sHQ8FC
-----END CERTIFICATE-----