Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-R8fFer5wbn0sx9UjXZev9bditA.roa
File:                     1-R8fFer5wbn0sx9UjXZev9bditA.roa (raw, json)
Hash identifier:          x8FYmIUHNSu7xBTkHGVRNYDMlJiKcXyisdvG5ORA9W0=
Subject key identifier:   F9:1F:1F:15:EA:F9:C1:B9:F4:B3:1F:54:8D:76:5E:BF:D6:DD:8A:D0
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DDA2DD6D726F4355D9A99A8548251D59B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-R8fFer5wbn0sx9UjXZev9bditA.roa
Signing time:             Wed 29 Apr 2026 16:58:50 +0000
ROA not before:           Wed 29 Apr 2026 16:58:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207083
IP address blocks:        2.27.170.0/24 maxlen: 24
                          31.77.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:da:2d:d6:d7:26:f4:35:5d:9a:99:a8:54:82:51:d5:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 29 16:58:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f91f1f15eaf9c1b9f4b31f548d765ebfd6dd8ad0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:b5:62:ab:aa:14:bb:5c:a3:74:c1:8b:69:e1:
                    81:c7:21:6a:5e:7c:17:1e:98:84:f4:c8:4c:4c:65:
                    0c:58:5f:3a:91:9a:67:40:de:5c:34:fe:f9:4b:a1:
                    b2:e5:90:a0:0a:cb:97:18:68:6d:3e:d2:ce:4d:1f:
                    3c:fb:79:41:10:75:ce:c5:8f:74:cd:9a:11:1d:11:
                    16:a0:36:5b:4c:1c:e1:ac:98:1c:78:75:9b:5d:d7:
                    59:90:2d:f4:1f:6d:fd:5a:ff:61:e5:3a:b2:ab:a5:
                    49:aa:ac:7b:89:1c:12:a2:92:84:e4:0a:f9:22:51:
                    a5:09:18:4b:ab:9d:cb:cb:a0:52:d4:44:a6:7e:9b:
                    ec:25:f8:f0:6e:0c:01:58:4c:91:d1:6e:97:e5:6a:
                    95:35:9d:a5:e0:d6:9c:b2:b4:55:b6:86:21:39:8d:
                    f5:9f:bd:f4:5b:89:fd:8b:99:e0:52:b6:8f:a5:33:
                    6b:30:42:d6:72:21:4e:c6:90:be:c9:93:15:b6:40:
                    ef:4b:35:7b:14:a2:96:9b:ae:8a:5e:22:2a:75:48:
                    56:14:af:66:35:2d:14:a3:67:00:92:b1:07:a4:f4:
                    c4:26:a2:97:6c:cf:ad:58:f8:18:2e:67:fc:00:2e:
                    06:39:57:15:e1:38:5c:4a:96:e8:33:ce:7c:ea:73:
                    38:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:1F:1F:15:EA:F9:C1:B9:F4:B3:1F:54:8D:76:5E:BF:D6:DD:8A:D0
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-R8fFer5wbn0sx9UjXZev9bditA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.170.0/24
                  31.77.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:ea:f3:a2:d4:39:0e:fe:7a:78:f0:b2:bf:2b:d1:cd:ee:51:
         8b:c0:ad:54:b7:b8:28:fb:d4:71:56:50:34:5d:49:5c:7c:43:
         07:8f:d6:cf:a2:07:87:84:eb:68:f6:65:97:78:14:23:78:e4:
         e7:69:c5:0d:82:ae:f8:7e:8a:cd:8c:cf:9b:ae:83:32:f2:5a:
         27:dc:e9:69:23:4e:92:d6:cd:61:19:c8:6b:06:98:43:72:5d:
         17:99:51:38:ef:09:61:31:cd:b6:ee:72:23:27:48:99:e2:98:
         0e:3e:56:ee:19:ba:25:43:c3:85:e9:c7:c3:b6:47:50:e0:c6:
         f7:fb:7e:2f:46:4d:dc:8e:ca:ae:3c:9c:e4:83:b8:91:ef:08:
         d7:70:16:df:4a:35:6e:f9:b5:b9:b1:94:4c:0b:77:b8:55:a1:
         13:73:41:2a:87:ee:b8:3c:ce:73:2b:c1:96:44:04:c9:32:05:
         c7:2e:63:6c:85:d6:b3:42:1a:ec:d9:f0:24:50:14:cc:6a:c3:
         34:9b:36:a4:6d:66:af:ee:fd:0f:f8:9c:ba:60:bd:85:69:5f:
         80:4f:d9:d6:d7:a9:fb:82:21:01:35:a7:3f:1a:94:b7:e7:62:
         98:14:93:37:1a:f1:4b:92:14:4f:17:59:c4:fc:a3:f4:94:e5:
         6c:e9:68:4c
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZ3aLdbXJvQ1XZqZqFSCUdWbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI5MTY1ODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTFmMWYxNWVhZjljMWI5ZjRiMzFmNTQ4ZDc2NWViZmQ2ZGQ4YWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLViq6oUu1yjdMGLaeGBxyFqXnwX
HpiE9MhMTGUMWF86kZpnQN5cNP75S6Gy5ZCgCsuXGGhtPtLOTR88+3lBEHXOxY90
zZoRHREWoDZbTBzhrJgceHWbXddZkC30H239Wv9h5Tqyq6VJqqx7iRwSopKE5Ar5
IlGlCRhLq53Ly6BS1ESmfpvsJfjwbgwBWEyR0W6X5WqVNZ2l4NacsrRVtoYhOY31
n730W4n9i5ngUraPpTNrMELWciFOxpC+yZMVtkDvSzV7FKKWm66KXiIqdUhWFK9m
NS0Uo2cAkrEHpPTEJqKXbM+tWPgYLmf8AC4GOVcV4ThcSpboM8586nM4zwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPkfHxXq+cG59LMfVI12Xr/W3YrQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMS1SOGZGZXI1d2JuMHN4OVVqWFpldjliZGl0QS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvMzhmMTI4LWVhODItNDU1NS1iNTE0LTE0Mzk2N2E4ZmUw
OC8xL0hKWS1QU0tFZlVac0ppd2doNHduZ05pRUFBTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAAIbqgME
AB9N/jANBgkqhkiG9w0BAQsFAAOCAQEATerzotQ5Dv56ePCyvyvRze5Ri8CtVLe4
KPvUcVZQNF1JXHxDB4/Wz6IHh4TraPZll3gUI3jk52nFDYKu+H6KzYzPm66DMvJa
J9zpaSNOktbNYRnIawaYQ3JdF5lROO8JYTHNtu5yIydImeKYDj5W7hm6JUPDhenH
w7ZHUODG9/t+L0ZN3I7Krjyc5IO4ke8I13AW30o1bvm1ubGUTAt3uFWhE3NBKofu
uDzOcyvBlkQEyTIFxy5jbIXWs0Ia7NnwJFAUzGrDNJs2pG1mr+79D/icumC9hWlf
gE/Z1tep+4IhATWnPxqUt+dimBSTNxrxS5IUTxdZxPyj9JTlbOloTA==
-----END CERTIFICATE-----