Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6KOSxLLvfsetMoU6JLntEGNFXJ8.roa
File:                     6KOSxLLvfsetMoU6JLntEGNFXJ8.roa (raw, json)
Hash identifier:          4+8u1CPbozv/orWI7dXAa7WeEORoxh6CilVvDe+wPio=
Subject key identifier:   E8:A3:92:C4:B2:EF:7E:C7:AD:32:85:3A:24:B9:ED:10:63:45:5C:9F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CFCF87FBFBA2DAA06A828D98DE915A292
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6KOSxLLvfsetMoU6JLntEGNFXJ8.roa
Signing time:             Tue 17 Mar 2026 18:04:29 +0000
ROA not before:           Tue 17 Mar 2026 18:04:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215691
IP address blocks:        2.27.237.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:f8:7f:bf:ba:2d:aa:06:a8:28:d9:8d:e9:15:a2:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 17 18:04:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=e8a392c4b2ef7ec7ad32853a24b9ed1063455c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:43:ad:6a:22:30:32:06:84:b6:2a:53:89:3d:
                    42:18:d7:f1:cc:ef:c8:77:0e:85:5f:97:7d:ef:e5:
                    48:9b:76:fc:8a:84:22:68:ac:53:15:6d:c5:4d:16:
                    a4:f5:11:86:42:5b:a9:93:d2:8c:f5:81:f7:e5:13:
                    09:4f:95:6f:d8:af:8d:ca:9e:23:b8:69:d6:e5:af:
                    60:27:0e:22:66:9a:dd:15:c3:f6:7c:a7:d6:27:0d:
                    78:e6:fd:a7:f5:d2:bb:56:fa:f3:39:69:8a:b5:a8:
                    17:68:34:9e:a2:ea:3b:d0:69:5a:c2:55:3c:bb:0a:
                    85:72:a2:5b:70:23:66:0e:f0:f8:d4:c5:90:11:3f:
                    33:39:04:06:2a:45:07:dc:a4:5f:22:4a:13:46:9f:
                    1b:72:f7:ab:c1:97:a9:fa:10:8e:23:07:af:a9:96:
                    bc:65:74:51:c1:a1:d4:f8:9e:27:37:88:3e:77:62:
                    ee:1f:23:39:c6:b0:7d:6f:a6:ed:3d:81:42:ec:49:
                    5c:88:de:0b:2f:df:26:f9:ef:cb:eb:89:68:ee:bb:
                    4f:32:76:11:be:cb:45:76:bf:04:a8:d4:55:73:b0:
                    b9:66:5c:d7:bd:95:53:c0:f1:03:00:25:ca:1b:f6:
                    f2:f2:43:f4:30:b0:dd:14:8f:a0:02:96:f8:c4:35:
                    ff:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A3:92:C4:B2:EF:7E:C7:AD:32:85:3A:24:B9:ED:10:63:45:5C:9F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/6KOSxLLvfsetMoU6JLntEGNFXJ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:ba:8b:ff:bc:aa:0d:a2:e7:c1:7c:41:fc:2c:8a:bf:30:60:
         f8:09:c8:02:dd:19:4f:84:b2:29:df:f7:4a:bc:28:5d:21:00:
         0a:99:a4:29:78:00:a3:50:13:3f:d6:5f:6c:ad:33:f6:a7:6a:
         7a:09:56:98:b3:c5:aa:03:e3:8e:cd:f3:45:1a:f9:0b:84:ff:
         9e:9a:b0:37:c9:c9:69:a9:0a:24:ab:05:1c:73:f1:e2:5e:fa:
         a1:c2:a4:dc:74:cd:06:4b:c1:d3:b7:36:d9:14:2f:d7:9f:ed:
         85:42:07:a1:0a:24:ec:fb:01:46:8a:2a:1a:71:3f:7f:e3:78:
         99:63:00:54:34:a8:52:dc:f4:d2:ab:f5:ce:b9:56:90:57:eb:
         e6:23:64:2b:4c:48:6b:e1:5b:25:14:e4:8a:3d:62:41:0f:10:
         de:ee:2c:6d:3e:ea:d3:10:1b:43:a8:ac:7a:28:0b:9f:bd:0c:
         98:3d:64:58:1c:1d:ec:92:2b:fa:e9:fd:22:94:81:e6:8a:3f:
         db:2e:e4:19:d4:9f:8c:fe:03:d9:1e:77:0a:f5:9f:ba:41:35:
         e5:82:a1:f8:fb:7c:1b:13:00:d8:b3:b3:d7:ee:59:df:2d:0e:
         61:51:d8:7f:b7:dc:84:f7:dd:4b:38:5b:fa:eb:e2:04:6c:6c:
         c8:cd:f0:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz8+H+/ui2qBqgo2Y3pFaKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE3MTgwNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGEzOTJjNGIyZWY3ZWM3YWQzMjg1M2EyNGI5ZWQxMDYzNDU1YzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvUOtaiIwMgaEtipTiT1CGNfxzO/I
dw6FX5d97+VIm3b8ioQiaKxTFW3FTRak9RGGQlupk9KM9YH35RMJT5Vv2K+Nyp4j
uGnW5a9gJw4iZprdFcP2fKfWJw145v2n9dK7VvrzOWmKtagXaDSeouo70GlawlU8
uwqFcqJbcCNmDvD41MWQET8zOQQGKkUH3KRfIkoTRp8bcverwZep+hCOIwevqZa8
ZXRRwaHU+J4nN4g+d2LuHyM5xrB9b6btPYFC7ElciN4LL98m+e/L64lo7rtPMnYR
vstFdr8EqNRVc7C5ZlzXvZVTwPEDACXKG/by8kP0MLDdFI+gApb4xDX/GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOijksSy737HrTKFOiS57RBjRVyfMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNktPU3hMTHZmc2V0TW9VNkpMbnRFR05GWEo4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhvtMA0G
CSqGSIb3DQEBCwUAA4IBAQCzuov/vKoNoufBfEH8LIq/MGD4CcgC3RlPhLIp3/dK
vChdIQAKmaQpeACjUBM/1l9srTP2p2p6CVaYs8WqA+OOzfNFGvkLhP+emrA3yclp
qQokqwUcc/HiXvqhwqTcdM0GS8HTtzbZFC/Xn+2FQgehCiTs+wFGiioacT9/43iZ
YwBUNKhS3PTSq/XOuVaQV+vmI2QrTEhr4VslFOSKPWJBDxDe7ixtPurTEBtDqKx6
KAufvQyYPWRYHB3skiv66f0ilIHmij/bLuQZ1J+M/gPZHncK9Z+6QTXlgqH4+3wb
EwDYs7PX7lnfLQ5hUdh/t9yE991LOFv66+IEbGzIzfCS
-----END CERTIFICATE-----