Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5WuZMb23RsbKVo4o3DpoYC4oVhA.roa
File:                     5WuZMb23RsbKVo4o3DpoYC4oVhA.roa (raw, json)
Hash identifier:          s6NBMcxZD5IvnTmwgoMuTc1wm+X6/RhvPmOqBr4roog=
Subject key identifier:   E5:6B:99:31:BD:B7:46:C6:CA:56:8E:28:DC:3A:68:60:2E:28:56:10
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DCCF95CA202462140C56AE7CF05C9D0D6
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5WuZMb23RsbKVo4o3DpoYC4oVhA.roa
Signing time:             Mon 27 Apr 2026 03:26:27 +0000
ROA not before:           Mon 27 Apr 2026 03:26:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     5065
IP address blocks:        2.27.115.0/24 maxlen: 24
                          31.77.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cc:f9:5c:a2:02:46:21:40:c5:6a:e7:cf:05:c9:d0:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 27 03:26:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e56b9931bdb746c6ca568e28dc3a68602e285610
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ea:ab:25:ad:40:1b:0b:30:c1:85:8a:76:db:
                    02:e3:ee:ef:3c:63:85:64:d3:86:ec:ec:c5:fe:5f:
                    8e:c0:27:1f:5d:bc:b6:31:4b:7f:0f:a1:4e:62:78:
                    23:0c:77:7a:6d:79:f0:51:f7:34:f1:81:d0:e1:e8:
                    22:fc:0b:c2:aa:ce:96:af:f4:af:4c:7d:26:fc:c3:
                    d3:87:be:46:28:07:99:a1:7f:0a:4e:5f:a7:b5:8c:
                    7d:50:a4:7b:0a:e0:9a:d7:a3:45:4b:47:cc:62:19:
                    f4:e4:0e:76:99:bd:12:c8:e8:a4:2d:fb:e5:a8:30:
                    12:78:3a:50:f2:f2:43:f2:fa:25:06:1f:57:14:3c:
                    64:b9:96:a1:7e:70:94:be:f9:58:58:93:da:b8:17:
                    d6:7f:a6:16:33:87:6c:10:dd:c0:5e:8b:17:c7:60:
                    3d:3a:e8:9c:cd:f1:6f:a1:8d:93:02:d6:b3:24:9a:
                    10:ab:39:ac:30:58:ca:2c:91:ea:d2:3e:22:21:86:
                    ca:a4:98:ef:6c:8b:9c:72:67:3f:f5:01:96:5e:fa:
                    75:a4:60:99:66:cf:79:33:78:f9:b2:20:fe:24:68:
                    db:35:2e:62:59:ca:8e:d5:15:0c:59:92:d6:25:7c:
                    fa:7b:c5:65:9c:1f:29:07:43:5d:f3:2e:27:48:4b:
                    57:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:6B:99:31:BD:B7:46:C6:CA:56:8E:28:DC:3A:68:60:2E:28:56:10
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5WuZMb23RsbKVo4o3DpoYC4oVhA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.115.0/24
                  31.77.253.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:7b:2a:d1:de:de:6d:e1:28:33:5c:e1:79:8b:42:eb:cd:49:
         a6:a2:df:3a:24:0b:b0:59:85:a4:66:b8:a3:f4:ae:88:db:87:
         c8:2f:f7:09:1f:3f:2c:c0:94:69:2f:94:d3:d6:d4:ea:8a:eb:
         55:83:35:24:6e:07:15:42:59:a4:05:68:55:41:35:9d:50:10:
         9a:67:36:78:98:e8:82:90:27:09:56:b1:0c:33:0d:2d:4b:17:
         fe:f4:2a:be:7f:68:ca:db:2a:42:8f:3c:cf:a4:25:32:88:9a:
         99:23:44:a8:e0:22:7f:98:e5:1d:a6:73:e4:fd:7c:68:46:f2:
         75:c7:db:3c:bf:f8:56:65:8b:52:9b:68:a6:df:27:97:a7:1a:
         40:b1:57:fb:86:27:44:6b:36:bb:e3:10:3b:b9:26:00:c2:e6:
         d9:bb:54:ff:c9:aa:57:20:e4:2b:b5:d2:40:75:ae:e2:08:6d:
         de:aa:b2:04:65:81:2d:71:47:b9:85:d1:57:cb:20:dd:1f:32:
         82:5e:d7:51:09:68:59:c0:48:2b:88:6c:92:46:c4:c9:47:40:
         a1:b4:46:53:10:c8:45:5e:5b:25:e1:03:3c:f2:ac:3a:21:7f:
         e9:32:07:49:5d:74:ca:57:f2:e1:74:49:8a:f9:70:20:86:f0:
         77:e9:7e:a4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3M+VyiAkYhQMVq588FydDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI3MDMyNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTZiOTkzMWJkYjc0NmM2Y2E1NjhlMjhkYzNhNjg2MDJlMjg1NjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseqrJa1AGwswwYWKdtsC4+7vPGOF
ZNOG7OzF/l+OwCcfXby2MUt/D6FOYngjDHd6bXnwUfc08YHQ4egi/AvCqs6Wr/Sv
TH0m/MPTh75GKAeZoX8KTl+ntYx9UKR7CuCa16NFS0fMYhn05A52mb0SyOikLfvl
qDASeDpQ8vJD8volBh9XFDxkuZahfnCUvvlYWJPauBfWf6YWM4dsEN3AXosXx2A9
OuiczfFvoY2TAtazJJoQqzmsMFjKLJHq0j4iIYbKpJjvbIuccmc/9QGWXvp1pGCZ
Zs95M3j5siD+JGjbNS5iWcqO1RUMWZLWJXz6e8VlnB8pB0Nd8y4nSEtXHQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOVrmTG9t0bGylaOKNw6aGAuKFYQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNVd1Wk1iMjNSc2JLVm80bzNEcG9ZQzRvVmhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtzAwQA
H039MA0GCSqGSIb3DQEBCwUAA4IBAQA8eyrR3t5t4SgzXOF5i0LrzUmmot86JAuw
WYWkZrij9K6I24fIL/cJHz8swJRpL5TT1tTqiutVgzUkbgcVQlmkBWhVQTWdUBCa
ZzZ4mOiCkCcJVrEMMw0tSxf+9Cq+f2jK2ypCjzzPpCUyiJqZI0So4CJ/mOUdpnPk
/XxoRvJ1x9s8v/hWZYtSm2im3yeXpxpAsVf7hidEaza74xA7uSYAwubZu1T/yapX
IOQrtdJAda7iCG3eqrIEZYEtcUe5hdFXyyDdHzKCXtdRCWhZwEgriGySRsTJR0Ch
tEZTEMhFXlsl4QM88qw6IX/pMgdJXXTKV/LhdEmK+XAghvB36X6k
-----END CERTIFICATE-----