Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/118kkXgW1bRueOgAl9KLFFXWLTw.roa
File:                     118kkXgW1bRueOgAl9KLFFXWLTw.roa (raw, json)
Hash identifier:          uoAzjiSu2b9UdLI63K7yfJUf8tQLf8cpgvT+qjgknXo=
Subject key identifier:   D7:5F:24:91:78:16:D5:B4:6E:78:E8:00:97:D2:8B:14:55:D6:2D:3C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DA3E759C538DDD24994D0F45D242F149B
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/118kkXgW1bRueOgAl9KLFFXWLTw.roa
Signing time:             Sun 19 Apr 2026 04:02:21 +0000
ROA not before:           Sun 19 Apr 2026 04:02:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210718
IP address blocks:        2.26.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 Apr 2026 07:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a3:e7:59:c5:38:dd:d2:49:94:d0:f4:5d:24:2f:14:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 19 04:02:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d75f24917816d5b46e78e80097d28b1455d62d3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:d0:7e:b3:47:5b:2f:ca:ac:4a:7a:56:d4:f6:
                    cb:6b:2e:bf:ea:09:7a:9e:62:41:76:af:67:4d:79:
                    7b:8e:3e:e7:74:2a:82:3a:41:43:c1:93:82:bc:3b:
                    e7:43:5a:7e:02:c7:2f:94:0f:33:8f:0e:7e:8a:9d:
                    54:50:be:ca:ba:fd:ca:cc:f0:66:df:a2:e2:63:13:
                    04:65:b0:b0:41:0c:cb:3b:dc:67:6c:ba:cb:7a:9a:
                    e7:b7:db:44:68:51:1b:35:3f:f8:32:a0:15:7f:13:
                    30:ee:80:47:5f:ef:c0:11:8d:b7:f1:2a:fd:81:11:
                    3c:a7:bd:b4:b2:78:3c:1d:c9:78:14:91:b7:cc:5b:
                    ec:79:06:5d:77:00:75:34:38:8c:9a:15:58:15:32:
                    9e:a4:c3:78:83:a7:dc:0b:ee:58:78:6d:cf:c9:2e:
                    02:cf:1e:af:b5:2f:ee:53:55:bf:1d:0a:28:1a:d1:
                    96:43:23:49:21:03:2c:bb:bd:82:f4:7f:4e:e5:b8:
                    7c:f9:34:34:ca:5f:98:58:a7:38:5c:be:5c:19:90:
                    f9:f4:71:22:a1:aa:c9:95:b3:86:0b:d0:8d:79:0c:
                    96:8d:5b:7b:a1:f9:fc:ec:df:5a:2f:08:75:ca:19:
                    48:dd:7c:67:92:91:d7:8a:19:fb:ac:fe:90:8c:35:
                    f1:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:5F:24:91:78:16:D5:B4:6E:78:E8:00:97:D2:8B:14:55:D6:2D:3C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/118kkXgW1bRueOgAl9KLFFXWLTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:79:58:15:36:aa:1d:35:83:d9:05:e0:33:35:cf:8f:40:bd:
         65:f2:ad:74:d2:a0:b6:8b:8a:29:f2:1c:1e:c2:a8:34:59:c7:
         f7:3e:5e:4e:b1:95:05:5b:a3:9b:29:83:2a:11:52:89:b9:57:
         5d:20:4d:cc:c3:3d:02:d5:5d:8c:3b:cb:55:31:36:33:5e:56:
         46:3e:6b:28:06:fc:8e:26:30:26:6f:6c:43:64:86:b5:c4:10:
         8c:dd:60:f5:52:6c:4a:6e:85:5c:2b:d4:74:b4:56:71:c5:a3:
         a9:04:33:3a:c8:b5:7e:08:31:c8:69:b1:31:5e:2a:5c:b4:5b:
         c5:15:1e:b5:b3:91:96:28:8e:48:a0:b7:91:f7:f6:bd:75:28:
         67:bb:45:be:bd:da:c5:cd:74:6e:a8:7a:ab:9a:9f:5b:09:a7:
         fe:db:74:f1:a3:61:a1:fd:97:34:ef:4a:63:e6:2e:19:dd:b0:
         fb:ca:89:0e:05:91:85:39:27:96:45:a4:df:66:8d:a6:77:d3:
         83:94:26:88:a9:bf:bc:7f:0b:6c:86:27:bd:26:51:26:73:d2:
         08:67:79:de:b6:be:6d:bf:3b:49:ee:c6:3b:2a:3c:bb:60:78:
         77:b4:89:4f:bf:1f:5c:fc:a7:61:53:80:4b:49:54:80:d0:9e:
         d3:2b:74:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2j51nFON3SSZTQ9F0kLxSbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE5MDQwMjIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzVmMjQ5MTc4MTZkNWI0NmU3OGU4MDA5N2QyOGIxNDU1ZDYyZDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiNB+s0dbL8qsSnpW1PbLay6/6gl6
nmJBdq9nTXl7jj7ndCqCOkFDwZOCvDvnQ1p+AscvlA8zjw5+ip1UUL7Kuv3KzPBm
36LiYxMEZbCwQQzLO9xnbLrLeprnt9tEaFEbNT/4MqAVfxMw7oBHX+/AEY238Sr9
gRE8p720sng8Hcl4FJG3zFvseQZddwB1NDiMmhVYFTKepMN4g6fcC+5YeG3PyS4C
zx6vtS/uU1W/HQooGtGWQyNJIQMsu72C9H9O5bh8+TQ0yl+YWKc4XL5cGZD59HEi
oarJlbOGC9CNeQyWjVt7ofn87N9aLwh1yhlI3XxnkpHXihn7rP6QjDXxAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNdfJJF4FtW0bnjoAJfSixRV1i08MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMTE4a2tYZ1cxYlJ1ZU9nQWw5S0xGRlhXTFR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhraMA0G
CSqGSIb3DQEBCwUAA4IBAQBLeVgVNqodNYPZBeAzNc+PQL1l8q100qC2i4op8hwe
wqg0Wcf3Pl5OsZUFW6ObKYMqEVKJuVddIE3Mwz0C1V2MO8tVMTYzXlZGPmsoBvyO
JjAmb2xDZIa1xBCM3WD1UmxKboVcK9R0tFZxxaOpBDM6yLV+CDHIabExXipctFvF
FR61s5GWKI5IoLeR9/a9dShnu0W+vdrFzXRuqHqrmp9bCaf+23Txo2Gh/Zc070pj
5i4Z3bD7yokOBZGFOSeWRaTfZo2md9ODlCaIqb+8fwtshie9JlEmc9IIZ3netr5t
vztJ7sY7Kjy7YHh3tIlPvx9c/KdhU4BLSVSA0J7TK3Sv
-----END CERTIFICATE-----