Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3_9IuoLz8oFfUcle05IYZmCaL6s.roa
File:                     3_9IuoLz8oFfUcle05IYZmCaL6s.roa (raw, json)
Hash identifier:          pS1z+RZ8n8AkuSwaxpWFgY1KRhPiF73RiIVzVKfjSQg=
Subject key identifier:   DF:FF:48:BA:82:F3:F2:81:5F:51:C9:5E:D3:92:18:66:60:9A:2F:AB
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DA3ECD7E73050937FA873171BE0C2F082
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3_9IuoLz8oFfUcle05IYZmCaL6s.roa
Signing time:             Sun 19 Apr 2026 04:08:21 +0000
ROA not before:           Sun 19 Apr 2026 04:08:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199524
IP address blocks:        2.26.217.0/24 maxlen: 24
                          2.27.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:a3:ec:d7:e7:30:50:93:7f:a8:73:17:1b:e0:c2:f0:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 19 04:08:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=dfff48ba82f3f2815f51c95ed3921866609a2fab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:2b:ba:b6:fa:ff:d6:c3:b2:20:25:cb:64:4a:
                    06:17:bf:4e:82:74:4f:2f:12:2c:86:22:f6:af:eb:
                    d2:04:a4:51:6b:21:1a:e8:74:82:8c:38:27:ad:a6:
                    4d:86:ec:bf:23:13:80:73:e7:8c:c8:c9:cd:1e:b7:
                    af:ef:b0:d5:31:82:fd:9a:4a:69:e6:5a:9e:7c:be:
                    4c:bd:9e:a3:48:59:95:2c:a3:72:1f:03:78:67:05:
                    e6:e3:94:d1:d6:f2:9d:7e:c4:4c:d9:a1:73:49:d2:
                    31:10:af:b5:67:a1:d4:5e:d9:de:76:80:86:7e:ed:
                    f5:03:15:64:17:4f:d3:94:7c:65:8e:97:6d:87:bf:
                    c5:d2:1f:b2:8a:67:0e:5c:e6:38:b5:99:11:bb:bd:
                    2a:eb:39:b7:4d:b8:3f:56:ba:14:6e:09:df:30:ef:
                    9d:b5:cd:d3:80:b4:f0:38:e9:d2:ef:37:d9:24:ad:
                    59:7b:b2:ea:0f:89:2d:81:02:45:e6:48:6c:30:c7:
                    a2:f0:bb:23:a3:52:5c:ed:82:e0:35:62:ae:e6:6e:
                    58:a0:45:6d:f8:02:37:cf:1a:5a:62:ef:05:b6:5c:
                    f2:7f:3d:2f:dc:95:98:3a:ac:97:83:40:a3:f7:9e:
                    26:42:88:48:6c:46:af:14:22:01:60:0e:94:8c:74:
                    58:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:FF:48:BA:82:F3:F2:81:5F:51:C9:5E:D3:92:18:66:60:9A:2F:AB
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/3_9IuoLz8oFfUcle05IYZmCaL6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.217.0/24
                  2.27.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:af:3e:f6:45:43:35:20:39:0c:9d:0e:e6:9f:11:d7:ff:5d:
         c6:82:e7:06:11:21:bc:e5:3c:67:ea:d0:0b:d4:a0:81:02:4b:
         e7:5b:82:f0:56:6e:57:f2:86:5d:67:fe:60:03:0d:87:2c:5e:
         48:6e:2e:42:b6:d9:67:dc:48:9f:80:db:6e:46:5d:90:39:4c:
         27:ab:fb:a1:cc:b7:01:8e:f9:c6:06:19:65:7c:94:a0:c3:36:
         1f:b4:98:06:44:e6:90:1c:8c:59:34:50:ac:a5:d6:02:1a:01:
         ef:16:43:c0:c9:62:4b:1c:75:6d:1e:e0:5c:52:0a:0a:11:9f:
         d7:a9:38:da:3e:0a:2c:00:34:ba:0b:96:3b:ca:97:a1:db:98:
         7b:67:a9:69:48:30:b6:71:52:6d:37:2e:2a:31:9d:17:63:3d:
         a2:a2:70:46:93:08:23:88:26:0f:fd:d5:5a:0a:c5:73:71:5b:
         f8:94:23:f9:7e:78:f6:4e:0e:8c:df:4b:2a:9c:09:22:1b:df:
         37:28:8e:cd:39:1e:b4:90:3e:2f:51:c6:f9:a6:6f:2d:37:12:
         e0:ec:89:f6:9e:99:68:a5:33:19:2f:55:2d:b8:4b:dc:aa:69:
         bf:8b:9c:ac:f7:cc:aa:30:cf:ab:5d:00:49:9a:d9:c2:63:36:
         55:03:36:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2j7NfnMFCTf6hzFxvgwvCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE5MDQwODIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmZmNDhiYTgyZjNmMjgxNWY1MWM5NWVkMzkyMTg2NjYwOWEyZmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8iu6tvr/1sOyICXLZEoGF79OgnRP
LxIshiL2r+vSBKRRayEa6HSCjDgnraZNhuy/IxOAc+eMyMnNHrev77DVMYL9mkpp
5lqefL5MvZ6jSFmVLKNyHwN4ZwXm45TR1vKdfsRM2aFzSdIxEK+1Z6HUXtnedoCG
fu31AxVkF0/TlHxljpdth7/F0h+yimcOXOY4tZkRu70q6zm3Tbg/VroUbgnfMO+d
tc3TgLTwOOnS7zfZJK1Ze7LqD4ktgQJF5khsMMei8Lsjo1Jc7YLgNWKu5m5YoEVt
+AI3zxpaYu8Ftlzyfz0v3JWYOqyXg0Cj954mQohIbEavFCIBYA6UjHRYIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFN//SLqC8/KBX1HJXtOSGGZgmi+rMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvM185SXVvTHo4b0ZmVWNsZTA1SVlabUNhTDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhrZAwQA
AhvuMA0GCSqGSIb3DQEBCwUAA4IBAQCcrz72RUM1IDkMnQ7mnxHX/13GgucGESG8
5Txn6tAL1KCBAkvnW4LwVm5X8oZdZ/5gAw2HLF5Ibi5Cttln3EifgNtuRl2QOUwn
q/uhzLcBjvnGBhllfJSgwzYftJgGROaQHIxZNFCspdYCGgHvFkPAyWJLHHVtHuBc
UgoKEZ/XqTjaPgosADS6C5Y7ypeh25h7Z6lpSDC2cVJtNy4qMZ0XYz2ionBGkwgj
iCYP/dVaCsVzcVv4lCP5fnj2Tg6M30sqnAkiG983KI7NOR60kD4vUcb5pm8tNxLg
7In2nplopTMZL1UtuEvcqmm/i5ys98yqMM+rXQBJmtnCYzZVAzYt
-----END CERTIFICATE-----