Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9ubfj0QfIfmpqk_G2WJdw36yt34.roa
File:                     9ubfj0QfIfmpqk_G2WJdw36yt34.roa (raw, json)
Hash identifier:          ExGsBSPZDgeqPMeT9Y2zS2Q4fYMc6OARMPH7dOZnQW8=
Subject key identifier:   F6:E6:DF:8F:44:1F:21:F9:A9:AA:4F:C6:D9:62:5D:C3:7E:B2:B7:7E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E472D16100D7FAC8179BAB3FFFB8208E2
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9ubfj0QfIfmpqk_G2WJdw36yt34.roa
Signing time:             Wed 20 May 2026 20:56:37 +0000
ROA not before:           Wed 20 May 2026 20:56:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     211826
IP address blocks:        2.27.102.0/24 maxlen: 24
                          2.27.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 May 2026 05:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:47:2d:16:10:0d:7f:ac:81:79:ba:b3:ff:fb:82:08:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 20 20:56:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=f6e6df8f441f21f9a9aa4fc6d9625dc37eb2b77e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b4:a6:57:d8:8a:7a:31:39:a7:8a:43:69:f6:
                    ba:e2:3e:d5:29:f1:71:19:45:b6:e2:35:29:ec:d5:
                    10:fe:5c:e2:5c:ad:ba:bc:0e:44:08:7c:cd:da:07:
                    85:7f:cb:1b:9d:37:15:01:88:09:2c:f3:c4:11:d6:
                    39:8a:8d:7a:93:06:4a:25:25:84:83:ae:96:16:f9:
                    2b:b6:f9:bc:37:68:f9:8c:fd:a4:95:3b:a0:b0:69:
                    3f:f2:3b:9e:4a:34:93:40:70:44:c4:e2:9f:af:00:
                    f8:d6:8a:13:d0:83:46:0e:d9:c5:23:5a:99:26:da:
                    83:93:6f:d2:98:d7:5b:32:ad:84:86:34:e2:14:1e:
                    87:71:95:61:ec:6b:b7:87:7d:fb:d2:ca:67:9f:a4:
                    ec:13:bb:4f:bd:4c:41:e5:98:12:30:19:12:30:11:
                    c4:74:97:a5:45:40:cb:f2:ec:3c:13:5d:78:f2:08:
                    2a:42:5e:54:dc:fb:80:2d:98:31:44:b1:4d:dc:ec:
                    64:7c:42:fd:15:e1:2d:c4:4b:c4:8d:cf:75:3d:69:
                    f7:3c:2d:28:04:31:1a:8c:85:b5:31:26:95:3d:22:
                    d1:50:d0:69:c1:1e:b1:e7:9e:a2:b9:50:3b:0f:c4:
                    00:72:66:e1:0f:60:7c:39:6e:10:13:48:c4:98:b9:
                    8d:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E6:DF:8F:44:1F:21:F9:A9:AA:4F:C6:D9:62:5D:C3:7E:B2:B7:7E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/9ubfj0QfIfmpqk_G2WJdw36yt34.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.102.0/24
                  2.27.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:4f:da:83:e3:ed:0c:16:e0:35:e9:35:38:c0:18:d6:9c:6a:
         fd:6d:ab:be:0a:8c:e7:68:2f:e9:ce:15:51:ef:a2:91:d7:3f:
         5d:04:2d:34:8e:1b:d2:83:ef:ce:5f:0f:54:9d:eb:a5:f7:4d:
         43:a3:96:44:5d:b3:22:c1:96:b2:d9:41:53:ca:c3:81:fa:b5:
         30:82:6a:fd:fb:78:76:18:cc:28:ed:0a:cc:5e:2d:8d:d4:33:
         01:a2:b0:b9:4c:98:bb:8e:27:b3:c5:55:52:fb:c5:b5:7e:b3:
         f0:a5:b8:a2:f0:9a:b8:a5:26:21:a7:40:e8:b2:08:85:6f:91:
         19:33:c9:fa:8e:62:40:03:57:19:5d:34:62:4f:9c:4f:9b:20:
         5a:03:c2:7c:33:a2:af:3e:b1:d0:bd:5e:c5:21:6e:25:7b:75:
         84:2f:39:63:29:0a:37:c8:a3:83:4f:df:d4:43:1b:d0:00:36:
         06:56:c4:09:61:82:54:d6:61:84:e3:04:3a:23:00:90:30:75:
         c1:32:0f:c6:b8:f9:f8:fe:0f:34:52:f8:55:4b:4b:4a:74:6d:
         a1:e3:dd:39:bd:83:f4:a8:8d:cc:44:55:7f:32:9a:c6:16:92:
         21:df:e5:a1:81:3d:18:56:8d:a2:aa:b6:0a:d9:23:36:e2:1e:
         c5:3f:cc:e3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5HLRYQDX+sgXm6s//7ggjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTIwMjA1NjM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmU2ZGY4ZjQ0MWYyMWY5YTlhYTRmYzZkOTYyNWRjMzdlYjJiNzdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbSmV9iKejE5p4pDafa64j7VKfFx
GUW24jUp7NUQ/lziXK26vA5ECHzN2geFf8sbnTcVAYgJLPPEEdY5io16kwZKJSWE
g66WFvkrtvm8N2j5jP2klTugsGk/8jueSjSTQHBExOKfrwD41ooT0INGDtnFI1qZ
JtqDk2/SmNdbMq2EhjTiFB6HcZVh7Gu3h3370spnn6TsE7tPvUxB5ZgSMBkSMBHE
dJelRUDL8uw8E1148ggqQl5U3PuALZgxRLFN3OxkfEL9FeEtxEvEjc91PWn3PC0o
BDEajIW1MSaVPSLRUNBpwR6x556iuVA7D8QAcmbhD2B8OW4QE0jEmLmNjwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPbm349EHyH5qapPxtliXcN+srd+MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvOXViZmowUWZJZm1wcWtfRzJXSmR3MzZ5dDM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtmAwQA
Aht+MA0GCSqGSIb3DQEBCwUAA4IBAQBxT9qD4+0MFuA16TU4wBjWnGr9bau+Cozn
aC/pzhVR76KR1z9dBC00jhvSg+/OXw9Uneul901Do5ZEXbMiwZay2UFTysOB+rUw
gmr9+3h2GMwo7QrMXi2N1DMBorC5TJi7jiezxVVS+8W1frPwpbii8Jq4pSYhp0Do
sgiFb5EZM8n6jmJAA1cZXTRiT5xPmyBaA8J8M6KvPrHQvV7FIW4le3WELzljKQo3
yKODT9/UQxvQADYGVsQJYYJU1mGE4wQ6IwCQMHXBMg/GuPn4/g80UvhVS0tKdG2h
4905vYP0qI3MRFV/MprGFpIh3+WhgT0YVo2iqrYK2SM24h7FP8zj
-----END CERTIFICATE-----