Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-10Qgb6AkrF5IHcwOPr72XhESp0.roa
File:                     1-10Qgb6AkrF5IHcwOPr72XhESp0.roa (raw, json)
Hash identifier:          xnll7us1aB36Wua9SExFEKHAKAhZ0lfuLwXSBCNJoBU=
Subject key identifier:   FB:5D:10:81:BE:80:92:B1:79:20:77:30:38:FA:FB:D9:78:44:4A:9D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF0165CDE53A1E690B7B03277D8CB87BD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-10Qgb6AkrF5IHcwOPr72XhESp0.roa
Signing time:             Sun 03 May 2026 23:04:50 +0000
ROA not before:           Sun 03 May 2026 23:04:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402215
IP address blocks:        2.26.172.0/24 maxlen: 24
                          2.27.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f0:16:5c:de:53:a1:e6:90:b7:b0:32:77:d8:cb:87:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  3 23:04:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fb5d1081be8092b17920773038fafbd978444a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:25:30:bc:d2:17:2f:bc:89:4f:da:7a:b4:4a:
                    32:b8:41:8e:19:69:0b:b1:28:95:42:a9:fc:43:16:
                    00:27:15:17:77:79:21:90:14:e2:62:cd:4c:82:e6:
                    cc:f0:b8:35:5c:bc:6d:b2:7f:7e:dc:e7:02:42:de:
                    56:db:6a:f6:94:dc:73:e3:1f:43:31:c2:54:da:a1:
                    9d:23:9d:51:6a:f3:65:73:60:49:01:b6:3c:15:aa:
                    80:87:af:35:12:88:83:b0:3f:a8:3e:0b:c6:62:e1:
                    57:6a:6e:4a:de:b0:5b:6e:76:65:1e:a1:87:5c:5f:
                    51:cc:2e:1d:30:9f:0d:c3:2f:4f:3a:04:1a:50:b5:
                    be:30:e6:62:19:04:5a:a7:c8:14:71:10:2f:4e:2a:
                    14:5f:c5:82:75:d0:e9:72:c0:84:d1:91:28:df:2e:
                    21:16:c1:11:66:29:b8:9e:9b:17:cf:31:4e:c8:a5:
                    be:7a:d8:fa:44:7b:fb:28:e6:be:c8:01:d5:0c:ea:
                    fb:14:55:a1:b2:36:7c:b5:f6:27:58:2a:31:12:e8:
                    9e:09:ff:e7:6c:b4:47:80:04:9b:fb:63:99:4b:27:
                    02:db:d2:a7:d7:83:13:13:47:5a:5a:18:50:c5:ee:
                    79:16:61:59:f5:85:44:bd:bd:98:b8:88:07:6a:dd:
                    40:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:5D:10:81:BE:80:92:B1:79:20:77:30:38:FA:FB:D9:78:44:4A:9D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-10Qgb6AkrF5IHcwOPr72XhESp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.172.0/24
                  2.27.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:6a:f2:e0:18:db:ca:ae:bc:02:7c:e7:f6:de:f4:f7:d8:24:
         20:f2:a0:5d:05:32:79:bb:d9:7f:6b:ec:72:e6:5f:7c:9c:25:
         9e:3f:6c:14:e8:37:d2:8d:f6:a1:f0:e0:d0:07:5e:4d:1f:f5:
         7f:99:4e:d9:e1:85:2e:c0:b9:4b:39:fe:ff:e3:40:03:fa:12:
         61:fe:d4:39:eb:43:88:ec:68:59:e8:67:4a:49:6f:29:3e:23:
         39:98:76:30:82:65:a1:0f:0a:51:a6:9f:89:74:02:16:57:ec:
         fe:c6:7f:e2:d9:63:86:2e:5b:fb:6a:41:52:11:1d:ac:e1:81:
         d6:fb:65:b9:3f:93:26:40:21:04:32:09:26:c3:6e:7a:ae:eb:
         66:a5:1c:06:dc:2c:4a:3d:1d:92:85:41:bb:e9:d1:9b:46:1e:
         53:e4:30:73:2b:ee:4a:ef:08:5d:4a:c8:3d:9f:f6:fc:85:ff:
         fe:5e:d8:40:9e:11:a2:14:ff:83:44:57:f7:da:a7:da:3b:3c:
         05:c4:c0:02:df:c9:f7:d8:64:ef:77:f7:73:1a:d7:d2:f6:bc:
         c6:cc:9c:74:b9:46:ae:4d:70:37:41:d8:0d:fa:86:a1:32:d9:
         8a:12:f3:84:23:eb:56:c0:24:48:42:22:3e:a1:71:91:b7:12:
         89:96:f2:95
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ3wFlzeU6HmkLewMnfYy4e9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAzMjMwNDUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjVkMTA4MWJlODA5MmIxNzkyMDc3MzAzOGZhZmJkOTc4NDQ0YTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CUwvNIXL7yJT9p6tEoyuEGOGWkL
sSiVQqn8QxYAJxUXd3khkBTiYs1MgubM8Lg1XLxtsn9+3OcCQt5W22r2lNxz4x9D
McJU2qGdI51RavNlc2BJAbY8FaqAh681EoiDsD+oPgvGYuFXam5K3rBbbnZlHqGH
XF9RzC4dMJ8Nwy9POgQaULW+MOZiGQRap8gUcRAvTioUX8WCddDpcsCE0ZEo3y4h
FsERZim4npsXzzFOyKW+etj6RHv7KOa+yAHVDOr7FFWhsjZ8tfYnWCoxEuieCf/n
bLRHgASb+2OZSycC29Kn14MTE0daWhhQxe55FmFZ9YVEvb2YuIgHat1ASQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPtdEIG+gJKxeSB3MDj6+9l4REqdMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMS0xMFFnYjZBa3JGNUlIY3dPUHI3MlhoRVNwMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvMzhmMTI4LWVhODItNDU1NS1iNTE0LTE0Mzk2N2E4ZmUw
OC8xL0hKWS1QU0tFZlVac0ppd2doNHduZ05pRUFBTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAAIarAME
AAIbdTANBgkqhkiG9w0BAQsFAAOCAQEAq2ry4Bjbyq68Anzn9t7099gkIPKgXQUy
ebvZf2vscuZffJwlnj9sFOg30o32ofDg0AdeTR/1f5lO2eGFLsC5Szn+/+NAA/oS
Yf7UOetDiOxoWehnSklvKT4jOZh2MIJloQ8KUaafiXQCFlfs/sZ/4tljhi5b+2pB
UhEdrOGB1vtluT+TJkAhBDIJJsNueq7rZqUcBtwsSj0dkoVBu+nRm0YeU+Qwcyvu
Su8IXUrIPZ/2/IX//l7YQJ4RohT/g0RX99qn2js8BcTAAt/J99hk73f3cxrX0va8
xsycdLlGrk1wN0HYDfqGoTLZihLzhCPrVsAkSEIiPqFxkbcSiZbylQ==
-----END CERTIFICATE-----