Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/EbXIqW39zmn1UFsl-Alxo0oH1_o.roa
File:                     EbXIqW39zmn1UFsl-Alxo0oH1_o.roa (raw, json)
Hash identifier:          QadMzbF0QsShkK0soGlX3o0ZSCFwNX2MzZN77Y4G56Q=
Subject key identifier:   11:B5:C8:A9:6D:FD:CE:69:F5:50:5B:25:F8:09:71:A3:4A:07:D7:FA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DDF693F150866D7E133BE43F704CDE560
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/EbXIqW39zmn1UFsl-Alxo0oH1_o.roa
Signing time:             Thu 30 Apr 2026 17:21:49 +0000
ROA not before:           Thu 30 Apr 2026 17:21:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     6939
IP address blocks:        2.26.32.0/22 maxlen: 24
                          64.188.108.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 03 May 2026 17:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:df:69:3f:15:08:66:d7:e1:33:be:43:f7:04:cd:e5:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 30 17:21:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=11b5c8a96dfdce69f5505b25f80971a34a07d7fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:95:26:13:e3:7a:3e:36:fe:1c:7f:f7:78:f8:
                    97:a3:cd:46:f9:54:3c:b4:05:db:b5:24:01:6a:22:
                    e5:70:10:e4:2f:6d:8b:df:8d:b0:0a:94:b5:1f:eb:
                    fa:a6:6c:ec:22:95:d7:1c:2e:52:4a:3a:85:68:0d:
                    76:1b:96:e8:dc:48:9b:b8:64:78:3b:9f:51:b2:eb:
                    9d:dc:f9:93:4d:7f:22:bd:ec:25:2d:c5:33:b6:9c:
                    f7:29:5a:1f:fd:3e:d8:47:c7:87:9c:f3:24:ac:83:
                    89:7f:6b:2d:8f:20:7a:76:1b:21:e0:01:8e:b0:34:
                    4e:f7:61:71:9c:4e:da:47:f3:bb:ca:ea:6e:09:30:
                    78:e4:a5:65:89:40:67:a2:67:3e:88:42:2c:1a:24:
                    8d:a9:f6:57:9d:7e:ef:19:af:e4:86:ba:18:0d:0b:
                    00:de:2c:ed:e6:5a:d6:24:4c:e8:6b:b2:d0:88:e1:
                    bd:af:c0:5a:7e:5e:a2:7d:b2:4a:b8:45:40:a9:68:
                    2a:f7:62:1a:9d:e0:16:d9:7c:12:e8:b0:40:43:00:
                    94:dd:9c:73:eb:f4:64:c7:87:51:27:86:6a:de:89:
                    57:d5:cf:80:e5:a3:e6:a0:02:8a:48:be:d1:d8:81:
                    57:79:38:9f:44:a5:2e:fc:d7:ec:1a:03:5c:86:60:
                    c3:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B5:C8:A9:6D:FD:CE:69:F5:50:5B:25:F8:09:71:A3:4A:07:D7:FA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/EbXIqW39zmn1UFsl-Alxo0oH1_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.32.0/22
                  64.188.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4d:e2:1b:f0:bc:7f:85:ac:22:74:ab:c3:91:13:88:ca:be:4e:
         88:81:92:27:c6:de:0e:28:01:be:be:ae:dc:3c:92:b3:81:08:
         16:72:2d:d0:eb:aa:bc:f7:20:cd:c1:59:4d:2c:39:a4:f7:ad:
         18:5f:12:86:ba:1a:cd:e3:d9:4a:e6:e0:d2:96:2d:c2:31:ea:
         40:83:33:13:06:27:13:88:69:ca:70:c8:07:98:9c:2e:29:13:
         4b:48:36:82:51:9c:3d:a1:50:36:5c:4a:f1:52:d9:04:57:73:
         dd:d7:a7:d2:92:14:da:92:1c:d0:6b:10:9b:5b:0d:47:88:11:
         24:e5:f9:16:17:57:d8:50:f1:c0:1f:1f:db:e4:ea:5a:a2:9e:
         40:a1:7b:05:ce:77:e1:2d:27:42:45:ee:5d:67:fc:df:33:b6:
         36:5b:32:56:f5:f9:3c:cb:f0:fd:d9:55:43:bf:de:26:a4:2f:
         b3:05:3b:dc:8a:02:fc:73:69:6e:b4:44:6d:27:41:52:40:87:
         7f:0f:a8:d8:df:30:d4:9d:e3:73:46:ab:78:1b:3c:9f:e1:53:
         0e:fd:cc:fc:06:c6:8c:d3:26:31:12:65:b2:fa:bf:67:dc:19:
         5e:ad:4b:1e:39:db:04:07:87:d2:35:69:2b:58:4e:5b:56:ca:
         70:36:c8:47
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3faT8VCGbX4TO+Q/cEzeVgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDMwMTcyMTQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI1YzhhOTZkZmRjZTY5ZjU1MDViMjVmODA5NzFhMzRhMDdkN2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo5UmE+N6Pjb+HH/3ePiXo81G+VQ8
tAXbtSQBaiLlcBDkL22L342wCpS1H+v6pmzsIpXXHC5SSjqFaA12G5bo3EibuGR4
O59Rsuud3PmTTX8ivewlLcUztpz3KVof/T7YR8eHnPMkrIOJf2stjyB6dhsh4AGO
sDRO92FxnE7aR/O7yupuCTB45KVliUBnomc+iEIsGiSNqfZXnX7vGa/khroYDQsA
3izt5lrWJEzoa7LQiOG9r8Bafl6ifbJKuEVAqWgq92IaneAW2XwS6LBAQwCU3Zxz
6/Rkx4dRJ4Zq3olX1c+A5aPmoAKKSL7R2IFXeTifRKUu/NfsGgNchmDDAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBG1yKlt/c5p9VBbJfgJcaNKB9f6MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRWJYSXFXMzl6bW4xVUZzbC1BbHhvMG9IMV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAhogAwQC
QLxsMA0GCSqGSIb3DQEBCwUAA4IBAQBN4hvwvH+FrCJ0q8ORE4jKvk6IgZInxt4O
KAG+vq7cPJKzgQgWci3Q66q89yDNwVlNLDmk960YXxKGuhrN49lK5uDSli3CMepA
gzMTBicTiGnKcMgHmJwuKRNLSDaCUZw9oVA2XErxUtkEV3Pd16fSkhTakhzQaxCb
Ww1HiBEk5fkWF1fYUPHAHx/b5Opaop5AoXsFznfhLSdCRe5dZ/zfM7Y2WzJW9fk8
y/D92VVDv94mpC+zBTvcigL8c2lutERtJ0FSQId/D6jY3zDUneNzRqt4Gzyf4VMO
/cz8BsaM0yYxEmWy+r9n3BlerUseOdsEB4fSNWkrWE5bVspwNshH
-----END CERTIFICATE-----