Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/LyH072gfUMGAgt_4wmd5jVPgEkk.roa
File:                     LyH072gfUMGAgt_4wmd5jVPgEkk.roa (raw, json)
Hash identifier:          hULmRNFiKgC2IUf4UTD/aN/EAbJh9VEEauv42jZuyn0=
Subject key identifier:   2F:21:F4:EF:68:1F:50:C1:80:82:DF:F8:C2:67:79:8D:53:E0:12:49
Certificate issuer:       /CN=b2df1c137d7894ccdba768ceb971c4d3df59fe96
Certificate serial:       019B7DCB573FE54D9AC9ECEBE4CF9416C722
Authority key identifier: B2:DF:1C:13:7D:78:94:CC:DB:A7:68:CE:B9:71:C4:D3:DF:59:FE:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/st8cE314lMzbp2jOuXHE099Z_pY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/LyH072gfUMGAgt_4wmd5jVPgEkk.roa
Signing time:             Fri 02 Jan 2026 08:20:36 +0000
ROA not before:           Fri 02 Jan 2026 08:20:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6766
IP address blocks:        2001:67c:2ed8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/st8cE314lMzbp2jOuXHE099Z_pY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/st8cE314lMzbp2jOuXHE099Z_pY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/st8cE314lMzbp2jOuXHE099Z_pY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 03 Mar 2026 14:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7d:cb:57:3f:e5:4d:9a:c9:ec:eb:e4:cf:94:16:c7:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2df1c137d7894ccdba768ceb971c4d3df59fe96
        Validity
            Not Before: Jan  2 08:20:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2f21f4ef681f50c18082dff8c267798d53e01249
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2d:7e:50:68:58:ae:43:87:59:6e:97:67:37:
                    19:31:70:6b:74:05:8e:c6:14:57:e8:27:18:ee:ae:
                    de:35:7e:ca:81:e7:d7:58:5e:a5:48:9a:5c:29:45:
                    38:27:5c:0d:b0:ca:6e:7e:c9:ff:98:20:c6:fd:7f:
                    6a:15:e5:ca:1c:41:7a:ba:81:3c:10:c3:99:4e:ed:
                    a0:37:43:90:40:7f:4a:ad:ac:d5:29:76:7f:53:1e:
                    a2:44:77:3e:51:b0:eb:1f:a9:76:e4:5c:3f:fd:51:
                    26:29:32:9f:40:0f:6c:c2:48:f3:50:83:cd:3e:7a:
                    49:2b:5f:31:ca:dd:3f:93:c0:80:bb:8f:37:4c:c2:
                    f8:d7:19:7f:9b:8c:90:19:87:66:d3:1d:a5:0f:2e:
                    69:99:9d:ec:1a:bc:ff:ed:2f:12:dc:6f:6e:ce:33:
                    76:5b:4e:b9:44:4c:ea:df:ee:74:c2:3c:84:14:f4:
                    69:81:82:36:9f:af:1a:aa:34:a4:96:ae:98:56:87:
                    ad:82:c6:9c:6b:4c:09:20:84:96:f7:b5:e8:64:e6:
                    25:d0:45:22:1f:51:51:fe:bd:9f:b8:d2:0d:8d:9c:
                    b4:ef:6d:48:29:3f:20:8e:70:2b:1a:6d:3b:72:a5:
                    e9:f4:a1:be:cd:ee:29:f6:4c:23:4d:9a:71:de:9c:
                    12:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:21:F4:EF:68:1F:50:C1:80:82:DF:F8:C2:67:79:8D:53:E0:12:49
            X509v3 Authority Key Identifier:
                keyid:B2:DF:1C:13:7D:78:94:CC:DB:A7:68:CE:B9:71:C4:D3:DF:59:FE:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/st8cE314lMzbp2jOuXHE099Z_pY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/LyH072gfUMGAgt_4wmd5jVPgEkk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/b06956-e733-4564-9781-d0c4c86bb5fe/1/st8cE314lMzbp2jOuXHE099Z_pY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:2ed8::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:76:e5:6b:4d:cd:2c:c1:6c:36:00:9e:27:ee:a1:bc:f6:d9:
         73:3f:e7:d5:f8:a9:8f:ef:44:32:1a:94:04:f3:64:67:70:e1:
         6b:3d:9f:de:b8:2f:6f:01:fc:f3:1c:15:22:42:1b:7e:64:c6:
         c1:f9:cb:28:3c:40:42:4d:56:69:d6:58:63:50:44:3f:c4:a8:
         aa:2d:ea:00:20:56:61:15:22:13:68:03:6b:3a:95:91:34:fb:
         d8:cb:95:c8:08:ab:a5:9a:f0:3b:31:44:22:98:d2:69:b3:4f:
         ce:a2:17:30:93:4b:9f:d9:9f:b9:a9:29:d6:fa:71:8b:2b:2e:
         ca:1f:86:90:20:8c:23:06:96:6b:b9:84:da:4a:f1:de:f2:91:
         69:78:3d:d5:b4:ab:b9:c2:3f:fb:98:d8:67:0b:26:e6:31:70:
         6a:e7:ec:36:9a:07:5e:e7:33:c5:bb:46:bb:e8:da:3e:0e:c2:
         ac:e9:40:a4:0c:3c:0a:1b:a4:26:d2:21:68:cb:05:d3:dc:52:
         27:f3:0d:04:57:82:99:ac:13:67:71:12:93:75:77:aa:f7:75:
         71:f5:37:46:5b:fa:1c:68:1d:a3:de:9e:7b:07:e9:22:76:b3:
         f9:37:a9:ec:29:26:1e:eb:2f:ba:b2:b1:d1:e7:e7:07:b9:42:
         88:e6:91:99
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZt9y1c/5U2ayezr5M+UFsciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZGYxYzEzN2Q3ODk0Y2NkYmE3NjhjZWI5NzFjNGQzZGY1
OWZlOTYwHhcNMjYwMTAyMDgyMDM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZjIxZjRlZjY4MWY1MGMxODA4MmRmZjhjMjY3Nzk4ZDUzZTAxMjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtS1+UGhYrkOHWW6XZzcZMXBrdAWO
xhRX6CcY7q7eNX7KgefXWF6lSJpcKUU4J1wNsMpufsn/mCDG/X9qFeXKHEF6uoE8
EMOZTu2gN0OQQH9KrazVKXZ/Ux6iRHc+UbDrH6l25Fw//VEmKTKfQA9swkjzUIPN
PnpJK18xyt0/k8CAu483TML41xl/m4yQGYdm0x2lDy5pmZ3sGrz/7S8S3G9uzjN2
W065REzq3+50wjyEFPRpgYI2n68aqjSklq6YVoetgsaca0wJIISW97XoZOYl0EUi
H1FR/r2fuNINjZy0721IKT8gjnArGm07cqXp9KG+ze4p9kwjTZpx3pwSNwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFC8h9O9oH1DBgILf+MJneY1T4BJJMB8GA1UdIwQY
MBaAFLLfHBN9eJTM26dozrlxxNPfWf6WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3Q4Y0UzMTRsTXpicDJqT3VYSEUwOTlaX3BZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9iMDY5NTYtZTczMy00NTY0LTk3ODEt
ZDBjNGM4NmJiNWZlLzEvTHlIMDcyZ2ZVTUdBZ3RfNHdtZDVqVlBnRWtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9iMDY5NTYtZTczMy00NTY0LTk3ODEtZDBjNGM4NmJiNWZl
LzEvc3Q4Y0UzMTRsTXpicDJqT3VYSEUwOTlaX3BZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfC7Y
MA0GCSqGSIb3DQEBCwUAA4IBAQBTduVrTc0swWw2AJ4n7qG89tlzP+fV+KmP70Qy
GpQE82RncOFrPZ/euC9vAfzzHBUiQht+ZMbB+csoPEBCTVZp1lhjUEQ/xKiqLeoA
IFZhFSITaANrOpWRNPvYy5XICKulmvA7MUQimNJps0/Oohcwk0uf2Z+5qSnW+nGL
Ky7KH4aQIIwjBpZruYTaSvHe8pFpeD3VtKu5wj/7mNhnCybmMXBq5+w2mgde5zPF
u0a76No+DsKs6UCkDDwKG6Qm0iFoywXT3FIn8w0EV4KZrBNncRKTdXeq93Vx9TdG
W/ocaB2j3p57B+kidrP5N6nsKSYe6y+6srHR5+cHuUKI5pGZ
-----END CERTIFICATE-----