Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8EMMbJUL9BAum0YgBUPfaGqfNF8.roa
File:                     8EMMbJUL9BAum0YgBUPfaGqfNF8.roa (raw, json)
Hash identifier:          MTqB0d0Y7mnmGMrueKXLeFxcyiGTuM6WNgnl5yAsITs=
Subject key identifier:   F0:43:0C:6C:95:0B:F4:10:2E:9B:46:20:05:43:DF:68:6A:9F:34:5F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DCCF95DA0F0F2BF5CE1D9DC705F62025A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8EMMbJUL9BAum0YgBUPfaGqfNF8.roa
Signing time:             Mon 27 Apr 2026 03:26:27 +0000
ROA not before:           Mon 27 Apr 2026 03:26:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     198586
IP address blocks:        2.27.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:cc:f9:5d:a0:f0:f2:bf:5c:e1:d9:dc:70:5f:62:02:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 27 03:26:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f0430c6c950bf4102e9b46200543df686a9f345f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:37:86:39:82:c0:e5:87:b3:99:e3:0c:4e:cd:
                    a2:cf:be:51:44:81:2c:95:54:ff:88:5d:80:17:0c:
                    c3:45:cd:d5:46:1f:65:da:8d:dd:4e:42:d0:02:81:
                    63:75:80:1f:5e:c7:42:cd:11:99:c7:52:b1:78:8c:
                    e5:9d:9d:66:91:67:5f:02:65:dc:30:87:d0:f4:41:
                    2f:f8:f2:df:ed:ce:83:f6:ce:e1:7f:e8:c0:fb:e7:
                    20:93:bb:80:a4:75:80:9c:65:8e:ec:8d:e1:bb:8d:
                    e6:96:9f:c1:9e:71:ae:30:e9:f4:67:cf:73:b3:ff:
                    ea:02:4d:a1:e0:91:7f:e7:3f:d8:67:fc:62:1b:ad:
                    53:c6:8b:39:9f:6f:ef:ef:70:51:a8:c5:2c:a5:db:
                    1f:1d:c0:4c:bb:7b:63:fd:82:7f:82:f8:27:ae:37:
                    e8:80:58:cc:ca:de:2c:90:1c:e2:10:0c:7a:21:55:
                    12:4d:b3:14:f6:10:fa:f6:47:18:69:0a:3c:2a:47:
                    8f:20:20:cf:88:54:60:bb:6d:70:48:89:fb:47:ec:
                    a4:40:58:b7:59:54:c7:62:cb:f8:5a:97:66:13:3a:
                    c6:96:81:f6:df:8e:85:9d:eb:3c:5a:71:9e:f7:37:
                    73:09:37:00:6d:10:1e:8f:6c:34:08:79:e8:80:fa:
                    0c:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:43:0C:6C:95:0B:F4:10:2E:9B:46:20:05:43:DF:68:6A:9F:34:5F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/8EMMbJUL9BAum0YgBUPfaGqfNF8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:45:1e:e8:07:6d:75:a4:4e:98:dc:ae:5c:3a:df:83:de:23:
         ad:eb:54:88:75:ea:7f:b5:49:f7:57:65:9a:b7:c8:44:dd:4b:
         a9:c7:d4:81:35:05:f9:2e:b0:32:f9:ed:ad:7b:8e:d2:b7:26:
         dd:13:e9:9f:76:f7:f9:37:32:70:4a:9f:54:f3:07:d7:72:bb:
         83:44:0f:e6:ac:9f:09:66:83:64:7f:68:82:d5:56:1b:43:22:
         8d:4a:9a:27:35:69:76:a6:b4:d5:f2:d8:52:04:e8:cb:7c:99:
         b1:39:04:a0:6f:b2:c1:fb:59:c9:a4:76:ae:36:49:5d:62:14:
         72:a2:19:cc:0a:5f:e2:2f:32:a2:94:41:81:24:14:65:fb:4f:
         62:df:a7:db:c2:13:41:33:3a:ab:00:53:ee:22:48:5c:f3:09:
         a4:10:2d:f7:cd:f0:78:64:87:fd:f4:33:9f:b2:22:3c:fa:67:
         fb:e0:7a:05:b4:51:9a:b6:6f:47:69:08:4b:3e:8c:7d:09:08:
         4b:1f:5f:69:98:5b:39:19:d3:91:d8:0b:8e:7e:6f:48:d1:55:
         62:75:8f:33:5f:0a:10:ac:e7:5a:ba:ce:af:74:38:a7:10:90:
         58:18:fb:19:52:79:f0:b0:e7:bc:11:1c:dd:19:10:d8:07:98:
         3a:c3:10:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3M+V2g8PK/XOHZ3HBfYgJaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI3MDMyNjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQzMGM2Yzk1MGJmNDEwMmU5YjQ2MjAwNTQzZGY2ODZhOWYzNDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjeGOYLA5YezmeMMTs2iz75RRIEs
lVT/iF2AFwzDRc3VRh9l2o3dTkLQAoFjdYAfXsdCzRGZx1KxeIzlnZ1mkWdfAmXc
MIfQ9EEv+PLf7c6D9s7hf+jA++cgk7uApHWAnGWO7I3hu43mlp/BnnGuMOn0Z89z
s//qAk2h4JF/5z/YZ/xiG61Txos5n2/v73BRqMUspdsfHcBMu3tj/YJ/gvgnrjfo
gFjMyt4skBziEAx6IVUSTbMU9hD69kcYaQo8KkePICDPiFRgu21wSIn7R+ykQFi3
WVTHYsv4WpdmEzrGloH2346Fnes8WnGe9zdzCTcAbRAej2w0CHnogPoMOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBDDGyVC/QQLptGIAVD32hqnzRfMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOEVNTWJKVUw5QkF1bTBZZ0JVUGZhR3FmTkY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtqMA0G
CSqGSIb3DQEBCwUAA4IBAQB7RR7oB211pE6Y3K5cOt+D3iOt61SIdep/tUn3V2Wa
t8hE3Uupx9SBNQX5LrAy+e2te47StybdE+mfdvf5NzJwSp9U8wfXcruDRA/mrJ8J
ZoNkf2iC1VYbQyKNSponNWl2prTV8thSBOjLfJmxOQSgb7LB+1nJpHauNkldYhRy
ohnMCl/iLzKilEGBJBRl+09i36fbwhNBMzqrAFPuIkhc8wmkEC33zfB4ZIf99DOf
siI8+mf74HoFtFGatm9HaQhLPox9CQhLH19pmFs5GdOR2AuOfm9I0VVidY8zXwoQ
rOdaus6vdDinEJBYGPsZUnnwsOe8ERzdGRDYB5g6wxAf
-----END CERTIFICATE-----