Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/LnMXIwMA4GyT9W25g6vlAmH5RVA.roa
File:                     LnMXIwMA4GyT9W25g6vlAmH5RVA.roa (raw, json)
Hash identifier:          dMM0G5yaZ5OJLvqzQdsXsSZhpUraOeB3HtKHktwhpKI=
Subject key identifier:   2E:73:17:23:03:00:E0:6C:93:F5:6D:B9:83:AB:E5:02:61:F9:45:50
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       019D9AB2C80D1607358CCCFD9D1D50347697
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/LnMXIwMA4GyT9W25g6vlAmH5RVA.roa
Signing time:             Fri 17 Apr 2026 09:08:20 +0000
ROA not before:           Fri 17 Apr 2026 09:08:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20326
IP address blocks:        85.237.92.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 09:08:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9a:b2:c8:0d:16:07:35:8c:cc:fd:9d:1d:50:34:76:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Apr 17 09:08:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e7317230300e06c93f56db983abe50261f94550
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0a:69:75:b9:a3:bf:c6:e8:8c:ce:01:1c:ec:
                    31:8c:07:ac:45:18:8b:51:c8:c8:0b:92:38:ef:64:
                    a9:1d:fe:62:72:07:0c:ab:d5:0b:dd:44:28:5e:6a:
                    03:be:2f:b7:d6:8f:6c:54:82:37:89:07:d4:bd:08:
                    08:3a:59:bb:a7:c1:8e:a4:96:e6:cd:b9:0d:03:ab:
                    35:08:19:d9:96:79:6b:e3:73:b1:5b:22:dc:71:c6:
                    0e:80:84:9d:f1:60:3e:13:2e:81:36:97:3d:8a:d4:
                    99:c5:43:05:b3:69:2d:85:0e:1a:0d:9a:1e:c9:45:
                    43:bf:c2:8b:15:09:24:18:5c:d9:eb:fa:03:44:a1:
                    e9:06:8b:af:9d:db:9f:2e:2a:13:60:41:a8:ad:91:
                    45:ff:44:2e:c2:20:6e:7a:bf:58:1e:fa:04:cb:3d:
                    d8:a6:0f:b1:8c:ba:41:eb:e3:84:1c:0d:e6:f8:5f:
                    05:b9:1f:6a:af:db:4c:79:f1:7b:89:0e:de:8e:89:
                    76:05:22:85:0e:69:0c:24:6f:3c:73:fd:e5:43:13:
                    3a:4e:c3:08:fa:4f:66:d7:8e:65:cc:d5:ec:8c:89:
                    10:0b:b6:f4:a1:49:3d:7b:fb:18:ea:a0:47:01:24:
                    ce:f3:e8:21:02:48:d1:93:db:63:96:a8:4e:7f:b2:
                    e6:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:73:17:23:03:00:E0:6C:93:F5:6D:B9:83:AB:E5:02:61:F9:45:50
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/LnMXIwMA4GyT9W25g6vlAmH5RVA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:0c:f7:d7:a7:96:eb:39:3d:c1:45:c6:bf:77:d3:49:1a:c7:
         5d:ed:50:09:aa:91:7a:9d:c7:6c:e6:43:1b:30:e3:ac:37:2e:
         ad:ab:0f:f5:c0:eb:da:30:f3:71:ee:c5:d6:3f:80:08:75:f7:
         52:95:7f:21:96:3f:ca:6c:db:ec:3f:0e:82:27:77:18:87:ca:
         03:cc:ae:c2:4d:16:4c:21:a8:9e:9a:6b:05:e2:df:a3:e5:5f:
         f3:f8:89:b8:7d:c6:5f:73:ae:43:bc:a5:54:71:21:52:27:b9:
         ed:a0:5b:2c:81:2c:ec:87:cd:32:1d:3a:ad:26:23:0f:b7:2b:
         d6:69:c3:94:52:f7:5a:47:ec:65:3b:ab:fb:2b:2d:13:58:02:
         d4:e8:da:be:13:fd:92:e5:a2:0d:a2:75:b5:52:ab:fc:0e:14:
         96:45:b2:3a:50:7d:54:9d:8f:36:12:ec:1d:64:90:62:db:7f:
         42:dd:38:82:e6:28:da:0b:be:a6:75:3a:e8:54:a2:a0:f1:9c:
         b9:a4:90:17:91:8d:0e:dd:04:0b:3b:c6:9e:c1:c8:e0:68:18:
         94:8f:ba:d6:3c:2a:ed:f2:db:a4:e4:8b:df:c2:3e:b8:29:42:
         aa:83:d6:17:30:4f:f7:35:2b:e2:5c:af:c2:52:6b:ef:e5:69:
         24:8e:d8:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2assgNFgc1jMz9nR1QNHaXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjYwNDE3MDkwODIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTczMTcyMzAzMDBlMDZjOTNmNTZkYjk4M2FiZTUwMjYxZjk0NTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwppdbmjv8bojM4BHOwxjAesRRiL
UcjIC5I472SpHf5icgcMq9UL3UQoXmoDvi+31o9sVII3iQfUvQgIOlm7p8GOpJbm
zbkNA6s1CBnZlnlr43OxWyLcccYOgISd8WA+Ey6BNpc9itSZxUMFs2kthQ4aDZoe
yUVDv8KLFQkkGFzZ6/oDRKHpBouvndufLioTYEGorZFF/0QuwiBuer9YHvoEyz3Y
pg+xjLpB6+OEHA3m+F8FuR9qr9tMefF7iQ7ejol2BSKFDmkMJG88c/3lQxM6TsMI
+k9m145lzNXsjIkQC7b0oUk9e/sY6qBHASTO8+ghAkjRk9tjlqhOf7LmxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC5zFyMDAOBsk/VtuYOr5QJh+UVQMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvTG5NWEl3TUE0R3lUOVcyNWc2dmxBbUg1UlZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe1cMA0G
CSqGSIb3DQEBCwUAA4IBAQB1DPfXp5brOT3BRca/d9NJGsdd7VAJqpF6ncds5kMb
MOOsNy6tqw/1wOvaMPNx7sXWP4AIdfdSlX8hlj/KbNvsPw6CJ3cYh8oDzK7CTRZM
IaiemmsF4t+j5V/z+Im4fcZfc65DvKVUcSFSJ7ntoFssgSzsh80yHTqtJiMPtyvW
acOUUvdaR+xlO6v7Ky0TWALU6Nq+E/2S5aINonW1Uqv8DhSWRbI6UH1UnY82Euwd
ZJBi239C3TiC5ijaC76mdTroVKKg8Zy5pJAXkY0O3QQLO8aewcjgaBiUj7rWPCrt
8tuk5Ivfwj64KUKqg9YXME/3NSviXK/CUmvv5Wkkjti3
-----END CERTIFICATE-----