Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-rRxgNbBmauqP56pC0J0hJZAtIQ.roa
File:                     1-rRxgNbBmauqP56pC0J0hJZAtIQ.roa (raw, json)
Hash identifier:          vjYmshnZVPBaPPEWH8C5vWm8rep5Uf4TZGXJZRoO+hI=
Subject key identifier:   FA:B4:71:80:D6:C1:99:AB:AA:3F:9E:A9:0B:42:74:84:96:40:B4:84
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DD0C4BC052A08097B22D91BD0B4247EEE
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-rRxgNbBmauqP56pC0J0hJZAtIQ.roa
Signing time:             Mon 27 Apr 2026 21:07:27 +0000
ROA not before:           Mon 27 Apr 2026 21:07:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     3257
IP address blocks:        2.27.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:d0:c4:bc:05:2a:08:09:7b:22:d9:1b:d0:b4:24:7e:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 27 21:07:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=fab47180d6c199abaa3f9ea90b4274849640b484
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:db:2e:1e:6e:4a:8c:8b:07:e7:11:0a:0a:4f:
                    0f:75:ab:8f:df:27:66:4b:83:a3:70:85:12:a3:4a:
                    99:45:33:10:ef:47:18:b5:95:b1:97:d8:62:65:8a:
                    b5:6b:a6:48:9a:ce:b1:4b:71:87:94:56:a4:ff:92:
                    52:bd:79:43:07:3b:cd:3d:56:8c:76:4a:e1:9b:64:
                    5c:f4:5a:03:1c:15:08:68:ce:dd:3e:92:22:26:36:
                    1d:2a:d1:71:76:c5:ba:95:73:1f:81:15:be:01:cd:
                    a6:3d:8f:33:62:71:0e:1d:1e:57:35:9f:f7:64:71:
                    02:0a:e5:fa:6f:33:a3:08:77:04:63:bd:c4:9e:27:
                    03:d6:c5:13:31:94:a6:02:37:67:a8:a8:a6:bd:5e:
                    8c:61:b7:72:d7:6d:6f:0d:f5:16:5d:f2:94:95:65:
                    4e:6b:c8:f1:dd:1b:6f:52:0b:8b:a6:b1:3a:1e:4f:
                    52:66:79:18:d6:27:6a:10:14:79:60:13:07:a8:8c:
                    ea:fe:0e:8e:53:1a:ed:20:49:2b:65:ad:7d:8b:31:
                    58:9b:ba:d9:0b:d3:34:72:fe:3a:48:d3:9b:31:98:
                    a0:ef:44:02:c5:c7:69:53:9b:23:14:f4:04:ca:46:
                    0f:c7:bb:81:d5:fa:a8:f1:0e:9c:c8:9f:10:46:0a:
                    a2:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:B4:71:80:D6:C1:99:AB:AA:3F:9E:A9:0B:42:74:84:96:40:B4:84
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1-rRxgNbBmauqP56pC0J0hJZAtIQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         03:13:49:87:2a:80:2b:11:c6:4d:f5:f6:48:38:df:08:5c:88:
         6b:0f:65:bf:a2:a4:eb:bd:f3:64:8a:f1:96:5d:6e:27:7b:03:
         fc:47:b4:54:65:88:4b:9d:bb:be:cd:56:f8:0c:03:87:e3:d5:
         81:3c:4a:af:41:b7:2c:1f:4b:9c:8d:a9:fb:cc:85:f8:b9:86:
         1c:e3:80:c9:15:47:67:36:8a:24:4e:8c:54:79:c3:3a:8a:76:
         81:fb:a6:b1:16:03:bd:17:f4:16:d7:81:38:3c:9d:6b:59:d8:
         aa:48:43:ae:da:8f:2d:eb:af:9d:f7:5a:00:fa:c8:16:7e:3f:
         08:b2:a3:54:42:07:82:a4:40:4c:3c:72:59:23:04:c6:3f:b2:
         5f:a0:d5:88:11:a4:3e:fa:68:c6:57:bf:f8:88:35:90:96:4a:
         52:fa:92:47:ed:2d:ab:dd:3c:2a:ca:62:bf:05:b1:4e:a2:d4:
         a0:83:3c:e0:6c:25:a8:52:64:d0:16:60:2f:6b:5f:5f:9f:95:
         84:d8:c4:a8:a0:56:ea:a5:3a:35:ca:ba:8e:41:2b:a9:41:82:
         1e:bf:c4:a2:d9:a7:21:69:e0:99:ca:c3:5e:1e:72:4c:5a:4b:
         82:a3:63:31:66:09:93:40:30:b7:bf:be:83:65:4b:d1:f6:44:
         ac:77:bf:08
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZ3QxLwFKggJeyLZG9C0JH7uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI3MjEwNzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYWI0NzE4MGQ2YzE5OWFiYWEzZjllYTkwYjQyNzQ4NDk2NDBiNDg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqtsuHm5KjIsH5xEKCk8PdauP3ydm
S4OjcIUSo0qZRTMQ70cYtZWxl9hiZYq1a6ZIms6xS3GHlFak/5JSvXlDBzvNPVaM
dkrhm2Rc9FoDHBUIaM7dPpIiJjYdKtFxdsW6lXMfgRW+Ac2mPY8zYnEOHR5XNZ/3
ZHECCuX6bzOjCHcEY73EnicD1sUTMZSmAjdnqKimvV6MYbdy121vDfUWXfKUlWVO
a8jx3RtvUguLprE6Hk9SZnkY1idqEBR5YBMHqIzq/g6OUxrtIEkrZa19izFYm7rZ
C9M0cv46SNObMZig70QCxcdpU5sjFPQEykYPx7uB1fqo8Q6cyJ8QRgqibQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPq0cYDWwZmrqj+eqQtCdISWQLSEMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMS1yUnhnTmJCbWF1cVA1NnBDMEowaEpaQXRJUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvMzhmMTI4LWVhODItNDU1NS1iNTE0LTE0Mzk2N2E4ZmUw
OC8xL0hKWS1QU0tFZlVac0ppd2doNHduZ05pRUFBTS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAgIbxDAN
BgkqhkiG9w0BAQsFAAOCAQEAAxNJhyqAKxHGTfX2SDjfCFyIaw9lv6Kk673zZIrx
ll1uJ3sD/Ee0VGWIS527vs1W+AwDh+PVgTxKr0G3LB9LnI2p+8yF+LmGHOOAyRVH
ZzaKJE6MVHnDOop2gfumsRYDvRf0FteBODyda1nYqkhDrtqPLeuvnfdaAPrIFn4/
CLKjVEIHgqRATDxyWSMExj+yX6DViBGkPvpoxle/+Ig1kJZKUvqSR+0tq908Kspi
vwWxTqLUoIM84GwlqFJk0BZgL2tfX5+VhNjEqKBW6qU6Ncq6jkErqUGCHr/Eotmn
IWngmcrDXh5yTFpLgqNjMWYJk0Awt7++g2VL0fZErHe/CA==
-----END CERTIFICATE-----