Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1uXNwoNuULzs-KlwQmvf2ItzPs4.roa
File:                     1uXNwoNuULzs-KlwQmvf2ItzPs4.roa (raw, json)
Hash identifier:          0gYFca72qraD2dkvUMFq8MgEZFJO+A5k+rHL92MQ0WY=
Subject key identifier:   D6:E5:CD:C2:83:6E:50:BC:EC:F8:A9:70:42:6B:DF:D8:8B:73:3E:CE
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D06E5180F4F7447914BC0484CCAE97D9E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1uXNwoNuULzs-KlwQmvf2ItzPs4.roa
Signing time:             Thu 19 Mar 2026 16:19:30 +0000
ROA not before:           Thu 19 Mar 2026 16:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206822
IP address blocks:        2.27.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:e5:18:0f:4f:74:47:91:4b:c0:48:4c:ca:e9:7d:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 19 16:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=d6e5cdc2836e50bcecf8a970426bdfd88b733ece
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:55:a1:af:b7:a2:be:85:70:d5:7f:d1:47:8c:
                    5b:9e:d6:f9:da:08:16:c2:be:10:f7:8d:1c:e6:3e:
                    69:6d:70:50:a7:84:7f:c9:79:ca:6f:43:81:b3:3d:
                    23:21:66:f6:3f:48:e4:27:8b:ce:65:ce:e2:5c:4b:
                    8d:04:9a:18:6e:db:f0:f0:c4:39:12:56:b5:86:57:
                    92:6d:99:ea:bb:bf:25:90:bc:d8:64:4c:cb:72:7c:
                    7b:de:68:70:43:77:16:ec:b4:22:de:c1:82:01:0c:
                    98:ed:48:8f:fb:7a:1a:7e:03:e8:a2:1f:44:0d:ef:
                    da:28:d5:54:f4:6a:a4:74:a3:84:aa:08:e8:7b:97:
                    59:04:8f:3a:77:ed:2b:6b:74:d2:af:b6:84:0d:a7:
                    9e:9b:a5:38:20:95:c9:e9:13:fd:e6:46:b4:ed:5d:
                    14:52:12:f8:f9:78:92:29:b1:b0:68:6c:af:b1:38:
                    8c:bb:2b:6c:1c:b0:b7:cb:e7:0d:24:d2:b6:66:0b:
                    6d:6f:7e:e1:11:b3:66:83:9d:f7:13:2c:c2:92:b9:
                    07:bd:27:cf:da:c5:9c:70:52:57:08:e1:51:76:68:
                    55:73:77:74:39:cf:4e:66:f7:d4:0d:97:b2:bd:f7:
                    18:25:2f:66:fa:e5:78:7f:08:64:16:07:88:08:c3:
                    13:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:E5:CD:C2:83:6E:50:BC:EC:F8:A9:70:42:6B:DF:D8:8B:73:3E:CE
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/1uXNwoNuULzs-KlwQmvf2ItzPs4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         07:31:cb:24:00:57:a7:6d:84:5f:78:80:26:b6:27:b2:e2:97:
         ba:85:ec:5e:32:76:0f:9e:ef:46:6c:0b:4a:37:ee:c8:de:90:
         d6:ce:c1:bf:57:b6:08:72:24:da:58:cc:43:68:79:a6:d6:04:
         46:ba:ff:54:d0:0e:3c:d4:69:37:98:ec:94:9e:82:ec:7b:86:
         de:44:a4:a6:74:d1:15:a0:b9:04:4b:1d:89:76:68:ab:b4:82:
         be:8d:6c:7f:8e:7d:fc:32:29:b5:e3:12:f4:5e:c4:ea:5b:a7:
         f8:ba:ff:48:c5:94:ee:dd:b8:e0:7b:5e:b1:50:04:28:c1:00:
         47:70:70:b0:25:3c:f4:bf:4e:de:dc:59:2e:71:9e:28:10:73:
         eb:13:b1:83:a8:6b:b2:53:cc:b9:e8:a5:54:ae:2a:70:bb:36:
         af:5f:91:97:56:ed:ac:08:14:bf:12:61:f6:92:7f:9a:58:0e:
         b7:ee:fd:d6:36:a9:d2:1b:c3:d1:d1:65:39:99:67:33:2c:50:
         71:a0:5d:d1:10:00:f8:9d:d8:c7:22:10:a3:f2:a4:62:5b:c4:
         9d:59:99:3d:00:5a:59:b9:80:61:d7:0a:96:13:f8:84:d5:66:
         6a:de:f8:8e:00:cd:40:bb:f0:12:bb:96:47:6b:b6:b8:b4:8e:
         fa:93:7e:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0G5RgPT3RHkUvASEzK6X2eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE5MTYxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmU1Y2RjMjgzNmU1MGJjZWNmOGE5NzA0MjZiZGZkODhiNzMzZWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVWhr7eivoVw1X/RR4xbntb52ggW
wr4Q940c5j5pbXBQp4R/yXnKb0OBsz0jIWb2P0jkJ4vOZc7iXEuNBJoYbtvw8MQ5
Ela1hleSbZnqu78lkLzYZEzLcnx73mhwQ3cW7LQi3sGCAQyY7UiP+3oafgPooh9E
De/aKNVU9GqkdKOEqgjoe5dZBI86d+0ra3TSr7aEDaeem6U4IJXJ6RP95ka07V0U
UhL4+XiSKbGwaGyvsTiMuytsHLC3y+cNJNK2Zgttb37hEbNmg533EyzCkrkHvSfP
2sWccFJXCOFRdmhVc3d0Oc9OZvfUDZeyvfcYJS9m+uV4fwhkFgeICMMTUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNblzcKDblC87PipcEJr39iLcz7OMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvMXVYTndvTnVVTHpzLUtsd1FtdmYySXR6UHM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtlMA0G
CSqGSIb3DQEBCwUAA4IBAQAHMcskAFenbYRfeIAmtiey4pe6hexeMnYPnu9GbAtK
N+7I3pDWzsG/V7YIciTaWMxDaHmm1gRGuv9U0A481Gk3mOyUnoLse4beRKSmdNEV
oLkESx2JdmirtIK+jWx/jn38Mim14xL0XsTqW6f4uv9IxZTu3bjge16xUAQowQBH
cHCwJTz0v07e3FkucZ4oEHPrE7GDqGuyU8y56KVUripwuzavX5GXVu2sCBS/EmH2
kn+aWA637v3WNqnSG8PR0WU5mWczLFBxoF3READ4ndjHIhCj8qRiW8SdWZk9AFpZ
uYBh1wqWE/iE1WZq3viOAM1Au/ASu5ZHa7a4tI76k353
-----END CERTIFICATE-----