Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5iGB9CynUQqMJKrrYceWSyDKT1w.roa
File:                     5iGB9CynUQqMJKrrYceWSyDKT1w.roa (raw, json)
Hash identifier:          cx7yrmzQN7Pb0Zb3MxuWKRy+M5vhgyo/2+MmM1ZpyhA=
Subject key identifier:   E6:21:81:F4:2C:A7:51:0A:8C:24:AA:EB:61:C7:96:4B:20:CA:4F:5C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D11F5BC4011C0C5FB7163EB4387FBF647
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5iGB9CynUQqMJKrrYceWSyDKT1w.roa
Signing time:             Sat 21 Mar 2026 19:53:30 +0000
ROA not before:           Sat 21 Mar 2026 19:53:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198087
IP address blocks:        2.27.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 14:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:11:f5:bc:40:11:c0:c5:fb:71:63:eb:43:87:fb:f6:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 21 19:53:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e62181f42ca7510a8c24aaeb61c7964b20ca4f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:2a:52:e9:db:04:e5:f2:ae:91:28:35:c4:3b:
                    dc:9f:74:6a:79:eb:b1:3d:6a:19:cd:a6:59:b7:91:
                    ac:80:5b:bd:ab:4c:f2:5b:a8:b3:58:f6:45:3c:10:
                    a4:94:73:99:fd:8b:e2:bf:6a:d5:7b:15:5d:88:70:
                    0c:8e:9d:5d:4d:00:05:50:37:1b:7e:f2:82:4a:0d:
                    82:61:19:f2:df:5b:ba:8d:06:69:98:3f:38:8e:e7:
                    b9:3f:a7:fd:c5:ca:c2:8f:7d:3c:3b:5c:70:a4:39:
                    a8:a6:d1:fd:8d:09:e7:2c:95:7d:7c:78:e2:8e:78:
                    79:75:76:71:6c:1c:80:f3:15:70:6a:27:54:a4:bc:
                    a4:b2:08:9f:26:f2:88:93:35:30:16:6e:f4:0e:5f:
                    8e:96:55:60:62:85:13:07:29:9f:2b:1e:3b:59:c1:
                    85:63:1e:a3:a5:8e:71:5e:bb:f1:fc:62:6d:ec:8c:
                    0d:b0:12:17:a5:84:17:c7:22:51:94:c0:eb:90:29:
                    df:d5:82:75:9a:04:5b:47:5c:cf:18:5b:31:64:d0:
                    60:32:64:41:81:8d:c6:8c:1c:45:96:4a:63:45:9d:
                    25:fb:0a:8c:c9:0e:8c:97:a9:43:8a:42:38:1c:8e:
                    d8:f9:b2:30:8a:e0:ef:88:ed:0d:70:d9:47:6c:0a:
                    d0:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:21:81:F4:2C:A7:51:0A:8C:24:AA:EB:61:C7:96:4B:20:CA:4F:5C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/5iGB9CynUQqMJKrrYceWSyDKT1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:36:fe:1c:45:4f:f3:c4:93:b1:2f:2e:0c:fc:02:b2:0d:bf:
         f2:e0:18:41:a5:31:39:01:a1:ab:45:29:5d:88:3c:ba:b5:1f:
         04:ba:0b:af:9c:c5:fd:dd:6c:00:f4:7a:3b:95:d4:3c:3c:6d:
         d9:a5:74:31:22:07:b8:77:85:5e:a7:95:e5:aa:90:02:6a:be:
         18:f5:7e:5a:23:67:c1:a1:45:6b:56:e5:b4:04:a9:6f:69:9a:
         00:3c:db:98:5d:ec:54:d6:05:3b:dd:3a:5e:47:2c:39:b5:fa:
         f5:f5:7b:b3:65:db:c3:59:61:50:18:15:c6:dc:ca:5f:9f:a4:
         78:3d:f3:a7:b1:ea:95:7d:b0:e6:d7:7d:1b:71:f6:7b:43:80:
         56:2d:1e:f2:5d:d5:8b:61:60:fb:77:5d:1b:9d:4e:e5:43:1b:
         a6:dd:0c:57:51:2e:41:6b:d3:49:d7:bc:a3:d0:bf:f8:2b:81:
         58:8d:1d:48:fa:31:3f:6b:e4:3a:c9:36:57:bc:5e:86:97:78:
         0a:c3:73:09:dc:bb:66:27:e2:da:fc:45:47:35:42:e9:d5:82:
         72:61:30:1f:95:e3:c5:65:a8:24:db:ea:e0:fd:c4:8b:10:bb:
         ae:d5:1c:dc:32:6b:f6:19:87:7d:6c:24:3e:4c:f4:56:53:47:
         23:ae:09:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0R9bxAEcDF+3Fj60OH+/ZHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIxMTk1MzMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjIxODFmNDJjYTc1MTBhOGMyNGFhZWI2MWM3OTY0YjIwY2E0ZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCpS6dsE5fKukSg1xDvcn3Rqeeux
PWoZzaZZt5GsgFu9q0zyW6izWPZFPBCklHOZ/Yviv2rVexVdiHAMjp1dTQAFUDcb
fvKCSg2CYRny31u6jQZpmD84jue5P6f9xcrCj308O1xwpDmoptH9jQnnLJV9fHji
jnh5dXZxbByA8xVwaidUpLyksgifJvKIkzUwFm70Dl+OllVgYoUTBymfKx47WcGF
Yx6jpY5xXrvx/GJt7IwNsBIXpYQXxyJRlMDrkCnf1YJ1mgRbR1zPGFsxZNBgMmRB
gY3GjBxFlkpjRZ0l+wqMyQ6Ml6lDikI4HI7Y+bIwiuDviO0NcNlHbArQqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOYhgfQsp1EKjCSq62HHlksgyk9cMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNWlHQjlDeW5VUXFNSktyclljZVdTeURLVDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtsMA0G
CSqGSIb3DQEBCwUAA4IBAQCSNv4cRU/zxJOxLy4M/AKyDb/y4BhBpTE5AaGrRSld
iDy6tR8EuguvnMX93WwA9Ho7ldQ8PG3ZpXQxIge4d4Vep5XlqpACar4Y9X5aI2fB
oUVrVuW0BKlvaZoAPNuYXexU1gU73TpeRyw5tfr19XuzZdvDWWFQGBXG3Mpfn6R4
PfOnseqVfbDm130bcfZ7Q4BWLR7yXdWLYWD7d10bnU7lQxum3QxXUS5Ba9NJ17yj
0L/4K4FYjR1I+jE/a+Q6yTZXvF6Gl3gKw3MJ3LtmJ+La/EVHNULp1YJyYTAflePF
Zagk2+rg/cSLELuu1RzcMmv2GYd9bCQ+TPRWU0cjrgnc
-----END CERTIFICATE-----