Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/78SsnBtImtyvJsumSwlRXjowfOU.roa
File:                     78SsnBtImtyvJsumSwlRXjowfOU.roa (raw, json)
Hash identifier:          yeAFAKflCNh9JXqQDAK/RKDiN0whQjVc5hdV744iO38=
Subject key identifier:   EF:C4:AC:9C:1B:48:9A:DC:AF:26:CB:A6:4B:09:51:5E:3A:30:7C:E5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E5E36000A772825CB7E657CF093A77CB7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/78SsnBtImtyvJsumSwlRXjowfOU.roa
Signing time:             Mon 25 May 2026 08:17:37 +0000
ROA not before:           Mon 25 May 2026 08:17:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402279
IP address blocks:        2.27.109.0/24 maxlen: 24
                          2.27.132.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 13:19:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:36:00:0a:77:28:25:cb:7e:65:7c:f0:93:a7:7c:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 25 08:17:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=efc4ac9c1b489adcaf26cba64b09515e3a307ce5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c6:fa:18:2d:be:7b:7f:97:80:84:a6:e1:d9:
                    08:a8:d0:20:b1:98:f1:5f:8b:fb:ec:3d:33:02:73:
                    2d:81:9f:9c:cf:56:c2:62:e5:17:86:c9:37:78:5a:
                    a9:5c:dd:0a:46:f4:b6:0b:f3:8f:a4:6c:76:e2:9a:
                    a8:ea:2f:eb:7c:cf:6c:f2:e1:f4:a4:c3:8b:09:4e:
                    7f:5a:d8:3d:c8:57:ce:b9:a3:a5:6a:56:4c:3f:d0:
                    ed:bf:ff:7c:76:f2:d3:54:e2:b8:6f:5d:ee:d8:9d:
                    ed:65:7c:53:59:20:4f:8c:9a:24:e9:a5:9c:c6:9b:
                    23:e4:30:63:34:1a:5d:69:e5:11:fc:04:a5:7f:02:
                    aa:46:fb:da:df:30:85:d3:c8:67:59:e0:39:41:13:
                    30:c1:61:84:b1:0b:20:76:bc:c6:d6:5b:ca:b1:0e:
                    2b:50:9f:c8:66:90:2d:e0:c9:51:fe:2d:f3:06:06:
                    0b:46:53:ca:8f:58:6c:e9:27:81:20:da:8b:2d:bc:
                    bd:ca:46:1d:77:fd:d1:1d:0f:ac:ea:ea:62:38:9a:
                    e9:eb:6d:81:27:28:84:e6:df:a9:89:89:8f:78:53:
                    39:00:f5:f7:73:7c:56:08:c0:58:73:4f:6a:ba:85:
                    ef:63:31:90:27:94:3b:db:2e:c6:a6:f6:79:fb:cf:
                    08:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:C4:AC:9C:1B:48:9A:DC:AF:26:CB:A6:4B:09:51:5E:3A:30:7C:E5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/78SsnBtImtyvJsumSwlRXjowfOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.109.0/24
                  2.27.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:bb:94:49:fa:fd:41:2d:f4:ab:1f:84:1c:f1:5f:84:1b:82:
         c2:9b:cf:34:4b:6d:f0:c3:fa:93:90:ff:a6:61:61:c1:ce:b4:
         4f:fa:f9:53:60:8c:88:63:83:09:0f:e7:d9:fd:86:c3:60:6b:
         ce:65:5b:02:3e:68:51:d0:09:d5:01:56:81:a5:b4:9b:05:55:
         e7:bf:af:61:87:2c:0f:58:19:18:ad:31:97:5c:36:d5:bb:6b:
         bb:b3:c4:af:a5:b1:0b:97:43:8b:ea:a6:e3:a9:41:e2:47:b9:
         03:d3:c1:52:0e:b8:28:1b:2e:c0:36:3f:3b:59:ca:cc:cb:fb:
         d6:9a:11:74:5c:8d:8b:c4:ea:3d:2b:61:e5:b8:bb:73:bc:46:
         bb:25:05:a9:5c:28:1e:de:4b:80:92:72:7e:d2:6e:30:64:8e:
         84:34:ba:be:ee:3e:dc:8c:90:28:b9:44:23:ee:fa:0b:90:b3:
         62:85:e6:5e:62:6a:44:da:c7:c2:b9:e2:75:c7:1e:80:25:06:
         b9:de:95:f6:0a:42:6b:29:6b:b2:72:51:cc:93:99:92:9b:35:
         de:a3:fa:18:1c:0e:59:13:14:fb:6b:7d:3d:0e:2b:47:f0:33:
         76:83:54:ad:ba:71:3a:71:ed:d0:9e:e6:a3:0e:50:ba:4e:3a:
         3f:e7:d1:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5eNgAKdygly35lfPCTp3y3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI1MDgxNzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmM0YWM5YzFiNDg5YWRjYWYyNmNiYTY0YjA5NTE1ZTNhMzA3Y2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8b6GC2+e3+XgISm4dkIqNAgsZjx
X4v77D0zAnMtgZ+cz1bCYuUXhsk3eFqpXN0KRvS2C/OPpGx24pqo6i/rfM9s8uH0
pMOLCU5/Wtg9yFfOuaOlalZMP9Dtv/98dvLTVOK4b13u2J3tZXxTWSBPjJok6aWc
xpsj5DBjNBpdaeUR/ASlfwKqRvva3zCF08hnWeA5QRMwwWGEsQsgdrzG1lvKsQ4r
UJ/IZpAt4MlR/i3zBgYLRlPKj1hs6SeBINqLLby9ykYdd/3RHQ+s6upiOJrp622B
JyiE5t+piYmPeFM5APX3c3xWCMBYc09quoXvYzGQJ5Q72y7GpvZ5+88I8QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO/ErJwbSJrcrybLpksJUV46MHzlMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvNzhTc25CdEltdHl2SnN1bVN3bFJYam93Zk9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhttAwQB
AhuEMA0GCSqGSIb3DQEBCwUAA4IBAQB0u5RJ+v1BLfSrH4Qc8V+EG4LCm880S23w
w/qTkP+mYWHBzrRP+vlTYIyIY4MJD+fZ/YbDYGvOZVsCPmhR0AnVAVaBpbSbBVXn
v69hhywPWBkYrTGXXDbVu2u7s8SvpbELl0OL6qbjqUHiR7kD08FSDrgoGy7ANj87
WcrMy/vWmhF0XI2LxOo9K2HluLtzvEa7JQWpXCge3kuAknJ+0m4wZI6ENLq+7j7c
jJAouUQj7voLkLNiheZeYmpE2sfCueJ1xx6AJQa53pX2CkJrKWuyclHMk5mSmzXe
o/oYHA5ZExT7a309DitH8DN2g1StunE6ce3QnuajDlC6Tjo/59F7
-----END CERTIFICATE-----