Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/LrcbVo71YyrQCC8jxOvbkP8UOjk.roa
File:                     LrcbVo71YyrQCC8jxOvbkP8UOjk.roa (raw, json)
Hash identifier:          F+TSYhcW05rJokBrE9N3pQGL1hIp19xpgRk/atbwlDo=
Subject key identifier:   2E:B7:1B:56:8E:F5:63:2A:D0:08:2F:23:C4:EB:DB:90:FF:14:3A:39
Certificate issuer:       /CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
Certificate serial:       019D9017519BB61A071C93C2AB4B17B4EE7A
Authority key identifier: CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/LrcbVo71YyrQCC8jxOvbkP8UOjk.roa
Signing time:             Wed 15 Apr 2026 07:42:20 +0000
ROA not before:           Wed 15 Apr 2026 07:42:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201194
IP address blocks:        85.133.245.0/24 maxlen: 24
                          85.133.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 09:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:17:51:9b:b6:1a:07:1c:93:c2:ab:4b:17:b4:ee:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd5e39658a3ef6f13ca21cc11a4e33ebcd946702
        Validity
            Not Before: Apr 15 07:42:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2eb71b568ef5632ad0082f23c4ebdb90ff143a39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ae:89:c7:36:da:85:46:ba:b1:90:45:4f:46:
                    ce:49:20:2a:01:13:bd:26:96:de:93:7d:0a:68:9f:
                    e7:b6:a8:40:a1:fa:be:8c:68:2c:c6:58:70:92:f9:
                    aa:df:c5:e2:2a:1b:63:2f:68:d3:8a:f9:32:74:c7:
                    8f:0c:91:fe:f4:cf:8d:f3:bb:9b:bf:6e:97:00:9b:
                    4f:ce:87:1b:ca:90:00:27:6a:4e:bf:8e:64:2a:fb:
                    bc:56:99:8e:74:2c:d5:81:b7:c1:17:24:fb:26:25:
                    01:de:be:da:cf:75:fb:d7:a9:f5:73:76:d9:02:6d:
                    ec:e0:f0:5a:51:23:6a:bd:fb:57:95:ac:5c:3e:9b:
                    f0:85:ec:41:ee:11:29:3f:98:d1:f9:63:30:ef:ba:
                    27:eb:9c:7e:18:b8:56:70:be:5f:58:e6:e4:dc:db:
                    a0:14:b4:cd:9b:a2:db:90:28:5c:05:58:7a:b3:4a:
                    66:1d:9d:6f:2b:9d:2e:75:c3:52:6b:99:42:f4:02:
                    ea:ee:45:ee:33:71:88:62:41:90:f7:67:87:cd:27:
                    fc:ac:5e:c5:41:93:84:28:3e:e4:e1:74:14:df:0d:
                    e3:ce:59:5c:c9:3c:86:ed:9b:92:f5:d6:26:22:66:
                    3c:b5:69:65:e4:c2:0a:d5:ee:1c:da:a7:6f:4a:78:
                    c1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B7:1B:56:8E:F5:63:2A:D0:08:2F:23:C4:EB:DB:90:FF:14:3A:39
            X509v3 Authority Key Identifier:
                keyid:CD:5E:39:65:8A:3E:F6:F1:3C:A2:1C:C1:1A:4E:33:EB:CD:94:67:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zV45ZYo-9vE8ohzBGk4z682UZwI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/LrcbVo71YyrQCC8jxOvbkP8UOjk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/ef536c-03d3-4ac5-b125-5d1fa66c363b/1/zV45ZYo-9vE8ohzBGk4z682UZwI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.133.245.0/24
                  85.133.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:30:ae:0e:92:49:51:0d:50:fa:6e:95:6d:79:f4:1c:49:9c:
         42:b2:a5:75:c8:12:83:2a:ca:8b:d2:e9:07:3b:21:06:59:d3:
         60:79:66:92:f5:29:4a:90:dc:2e:6f:88:09:8c:2e:6b:fa:9b:
         ea:1d:36:bd:74:67:42:08:ab:d9:f5:71:fe:22:bb:8f:ac:86:
         65:46:9e:b7:b8:c1:cd:93:2e:bc:03:c1:9e:11:b3:e2:09:95:
         4a:73:a5:ad:0b:43:26:f0:f7:60:7a:59:20:ad:ad:e4:11:e1:
         13:69:78:06:7b:bf:f5:40:c4:64:a6:e2:a2:3b:ad:f5:ca:79:
         5b:f0:35:65:d2:65:bc:92:3b:bf:00:31:2e:cc:d7:93:d0:60:
         c5:46:63:5d:a6:96:cf:a9:d2:30:55:4c:00:41:47:3c:e4:49:
         39:2b:71:e6:b6:be:70:c4:fc:05:cb:62:d7:3b:c2:4f:8c:28:
         46:f4:c3:2e:c7:45:1a:e7:30:5e:45:cd:0b:d5:82:63:44:58:
         d3:c4:f1:3a:3c:48:7e:5f:96:83:fa:1a:f2:83:24:9f:c2:c2:
         2d:b1:69:42:11:e8:28:3e:ac:03:0b:41:c8:75:cd:f6:b0:f9:
         56:82:20:27:82:8d:76:cb:66:c1:3e:e3:7d:ee:0e:47:44:d6:
         39:35:aa:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2QF1GbthoHHJPCq0sXtO56MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkNWUzOTY1OGEzZWY2ZjEzY2EyMWNjMTFhNGUzM2ViY2Q5
NDY3MDIwHhcNMjYwNDE1MDc0MjIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZWI3MWI1NjhlZjU2MzJhZDAwODJmMjNjNGViZGI5MGZmMTQzYTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsa6JxzbahUa6sZBFT0bOSSAqARO9
Jpbek30KaJ/ntqhAofq+jGgsxlhwkvmq38XiKhtjL2jTivkydMePDJH+9M+N87ub
v26XAJtPzocbypAAJ2pOv45kKvu8VpmOdCzVgbfBFyT7JiUB3r7az3X716n1c3bZ
Am3s4PBaUSNqvftXlaxcPpvwhexB7hEpP5jR+WMw77on65x+GLhWcL5fWObk3Nug
FLTNm6LbkChcBVh6s0pmHZ1vK50udcNSa5lC9ALq7kXuM3GIYkGQ92eHzSf8rF7F
QZOEKD7k4XQU3w3jzllcyTyG7ZuS9dYmImY8tWll5MIK1e4c2qdvSnjBBwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC63G1aO9WMq0AgvI8Tr25D/FDo5MB8GA1UdIwQY
MBaAFM1eOWWKPvbxPKIcwRpOM+vNlGcCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUt
NWQxZmE2NmMzNjNiLzEvTHJjYlZvNzFZeXJRQ0M4anhPdmJrUDhVT2prLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9lZjUzNmMtMDNkMy00YWM1LWIxMjUtNWQxZmE2NmMzNjNi
LzEvelY0NVpZby05dkU4b2h6QkdrNHo2ODJVWndJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVYX1AwQA
VYX+MA0GCSqGSIb3DQEBCwUAA4IBAQBFMK4OkklRDVD6bpVtefQcSZxCsqV1yBKD
KsqL0ukHOyEGWdNgeWaS9SlKkNwub4gJjC5r+pvqHTa9dGdCCKvZ9XH+IruPrIZl
Rp63uMHNky68A8GeEbPiCZVKc6WtC0Mm8Pdgelkgra3kEeETaXgGe7/1QMRkpuKi
O631ynlb8DVl0mW8kju/ADEuzNeT0GDFRmNdppbPqdIwVUwAQUc85Ek5K3Hmtr5w
xPwFy2LXO8JPjChG9MMux0Ua5zBeRc0L1YJjRFjTxPE6PEh+X5aD+hrygySfwsIt
sWlCEegoPqwDC0HIdc32sPlWgiAngo12y2bBPuN97g5HRNY5NaoG
-----END CERTIFICATE-----