Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LjwLBkukbLxUFkuTIfR9w1snMls.roa
File:                     LjwLBkukbLxUFkuTIfR9w1snMls.roa (raw, json)
Hash identifier:          4nFYoBbwhfsOo2OK62wk4BJ40HPGWDvHaokQJOEAsAE=
Subject key identifier:   2E:3C:0B:06:4B:A4:6C:BC:54:16:4B:93:21:F4:7D:C3:5B:27:32:5B
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019C09AF03B7D5992F81BF9EE596A70B06D4
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LjwLBkukbLxUFkuTIfR9w1snMls.roa
Signing time:             Thu 29 Jan 2026 12:16:30 +0000
ROA not before:           Thu 29 Jan 2026 12:16:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     39238
IP address blocks:        45.151.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 02 Mar 2026 09:38:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:09:af:03:b7:d5:99:2f:81:bf:9e:e5:96:a7:0b:06:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan 29 12:16:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2e3c0b064ba46cbc54164b9321f47dc35b27325b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0c:10:98:c3:5a:2b:c5:16:5e:49:22:19:da:
                    32:e7:cc:1c:df:d5:7d:f7:a2:f0:0e:20:a5:6c:43:
                    d9:25:9a:2e:f9:72:5f:d3:8d:e2:02:70:5f:dd:6b:
                    7f:78:9d:73:e0:54:ad:47:1e:d2:98:e9:4d:a3:0f:
                    d4:aa:87:3e:06:71:f3:e9:45:63:30:86:59:90:16:
                    0e:45:1a:69:a7:5a:c8:a9:54:c3:cc:1a:c8:1f:b0:
                    e4:b7:61:40:f7:98:3a:da:0c:c6:d4:30:9c:d8:d0:
                    a1:fa:0d:ad:16:9b:d2:a1:ea:cf:c4:b4:14:4e:e3:
                    15:70:04:95:de:bb:b8:22:39:37:63:f0:02:30:57:
                    4f:16:39:4a:8a:01:71:89:1c:3b:5f:66:39:86:5e:
                    f7:33:72:30:71:97:99:1e:cb:2b:79:39:a2:82:0a:
                    a2:df:58:89:42:5d:d3:4d:fa:f0:5a:39:ca:51:d6:
                    db:56:5b:fb:d3:04:62:9b:65:7a:f9:42:4e:1b:f6:
                    42:aa:bb:4d:8a:92:9a:55:20:1b:eb:d5:7d:d4:fa:
                    45:fc:2c:fc:7c:ba:20:48:35:0e:fc:19:96:41:3c:
                    18:1f:3b:49:ac:d1:87:d5:3b:4d:9f:fb:4d:2f:0d:
                    6b:49:cf:c8:54:f4:5d:aa:8a:a2:b6:22:8c:8e:00:
                    50:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:3C:0B:06:4B:A4:6C:BC:54:16:4B:93:21:F4:7D:C3:5B:27:32:5B
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LjwLBkukbLxUFkuTIfR9w1snMls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f6:e8:28:fc:59:93:84:2f:35:fa:83:9a:4e:c5:2c:44:09:
         06:0f:e3:61:8a:36:8d:db:92:46:88:06:e4:f8:85:d0:ec:92:
         3b:ec:e8:ed:8a:fe:c8:63:43:c2:6b:7d:63:ed:ea:9e:1a:60:
         44:f0:5e:96:01:8c:ba:56:de:a6:96:dd:67:bb:21:f0:3f:78:
         c9:71:d2:83:c5:c2:9c:f2:c3:48:4a:6f:7e:73:a0:f5:ba:16:
         a5:5d:0c:c2:63:28:8c:0e:40:2d:bc:f2:82:08:a6:a9:a5:c1:
         fe:5f:2a:56:da:89:c9:8a:48:40:a3:55:50:a2:ee:1c:0b:6e:
         43:5c:0c:6c:85:43:ff:6f:fe:98:ce:c3:04:23:af:6e:e7:91:
         a5:89:88:69:49:ff:1c:1f:89:1a:95:a0:fc:52:b8:e5:38:80:
         88:2e:0d:2f:fd:80:a4:be:0c:29:06:b3:a4:ae:cb:e8:03:76:
         4f:5a:7b:ee:92:e5:a1:c6:cf:46:14:2b:b3:95:d3:57:96:57:
         e9:cd:46:d2:3a:56:11:23:02:52:00:e1:ec:f3:b3:81:bd:64:
         cc:13:e4:de:ab:5a:00:c5:cf:ac:09:27:34:fa:e0:3c:29:e6:
         ec:a4:6d:63:81:34:c7:69:c2:0b:d3:27:63:52:d5:4c:34:59:
         81:9e:f3:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZwJrwO31Zkvgb+e5ZanCwbUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjYwMTI5MTIxNjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZTNjMGIwNjRiYTQ2Y2JjNTQxNjRiOTMyMWY0N2RjMzViMjczMjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQwQmMNaK8UWXkkiGdoy58wc39V9
96LwDiClbEPZJZou+XJf043iAnBf3Wt/eJ1z4FStRx7SmOlNow/Uqoc+BnHz6UVj
MIZZkBYORRppp1rIqVTDzBrIH7Dkt2FA95g62gzG1DCc2NCh+g2tFpvSoerPxLQU
TuMVcASV3ru4Ijk3Y/ACMFdPFjlKigFxiRw7X2Y5hl73M3IwcZeZHssreTmiggqi
31iJQl3TTfrwWjnKUdbbVlv70wRim2V6+UJOG/ZCqrtNipKaVSAb69V91PpF/Cz8
fLogSDUO/BmWQTwYHztJrNGH1TtNn/tNLw1rSc/IVPRdqoqitiKMjgBQiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC48CwZLpGy8VBZLkyH0fcNbJzJbMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvTGp3TEJrdWtiTHhVRmt1VElmUjl3MXNuTWxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZc/MA0G
CSqGSIb3DQEBCwUAA4IBAQB99ugo/FmThC81+oOaTsUsRAkGD+NhijaN25JGiAbk
+IXQ7JI77Ojtiv7IY0PCa31j7eqeGmBE8F6WAYy6Vt6mlt1nuyHwP3jJcdKDxcKc
8sNISm9+c6D1uhalXQzCYyiMDkAtvPKCCKappcH+XypW2onJikhAo1VQou4cC25D
XAxshUP/b/6YzsMEI69u55GliYhpSf8cH4kalaD8UrjlOICILg0v/YCkvgwpBrOk
rsvoA3ZPWnvukuWhxs9GFCuzldNXllfpzUbSOlYRIwJSAOHs87OBvWTME+Teq1oA
xc+sCSc0+uA8KebspG1jgTTHacIL0ydjUtVMNFmBnvPQ
-----END CERTIFICATE-----