Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/A9bPbndHfq6NQXb2G1lojSdUPso.roa
File:                     A9bPbndHfq6NQXb2G1lojSdUPso.roa (raw, json)
Hash identifier:          fRYUhf/5XhN1VzlnQD+wyM2Fn6gGivcHwXHX9SRK3vA=
Subject key identifier:   03:D6:CF:6E:77:47:7E:AE:8D:41:76:F6:1B:59:68:8D:27:54:3E:CA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DB612525EEDC5E4F8D0D093F0D7A843C5
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/A9bPbndHfq6NQXb2G1lojSdUPso.roa
Signing time:             Wed 22 Apr 2026 16:42:27 +0000
ROA not before:           Wed 22 Apr 2026 16:42:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     214668
IP address blocks:        2.26.185.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:12:52:5e:ed:c5:e4:f8:d0:d0:93:f0:d7:a8:43:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 22 16:42:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=03d6cf6e77477eae8d4176f61b59688d27543eca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:e2:3c:c5:25:f8:64:14:bb:41:cb:4f:5a:23:
                    07:e1:2e:27:4a:05:04:c0:e1:2a:b3:c3:e4:65:8f:
                    14:ca:41:37:16:37:84:0f:c2:06:a9:4f:87:27:24:
                    79:8c:48:ee:6b:24:82:c1:a5:0e:eb:9c:d9:51:42:
                    87:b7:58:68:92:bb:2b:e9:84:1f:7c:48:31:00:29:
                    05:ba:01:1f:d9:f8:e9:45:ed:b5:3c:ee:1c:15:e3:
                    14:4c:99:74:de:78:cc:f4:a1:e2:f8:b0:5d:5f:1f:
                    50:7f:d6:e7:48:fc:fa:e5:7a:aa:b7:db:7c:58:b6:
                    24:06:ed:ed:66:53:1f:6b:5d:06:a5:70:7a:b6:0c:
                    39:ad:ab:06:8c:0d:b7:95:47:f9:64:32:fd:d8:43:
                    a7:f2:02:0a:f7:5f:62:f8:ab:f5:3c:1f:1b:e1:3b:
                    59:9e:f3:90:89:39:48:a1:d3:e0:86:da:47:1d:50:
                    7f:37:4f:db:69:50:5c:8b:13:e1:00:5d:49:ef:18:
                    fa:34:93:95:4d:b5:bd:5c:1a:57:5c:e0:bd:85:9d:
                    ef:38:c5:81:57:30:96:5a:8d:cc:3e:e5:fc:6b:8f:
                    13:36:46:51:4a:5c:dc:89:55:56:0b:63:10:50:7a:
                    b8:02:59:78:20:a8:06:48:f5:8b:af:ae:1d:49:53:
                    da:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D6:CF:6E:77:47:7E:AE:8D:41:76:F6:1B:59:68:8D:27:54:3E:CA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/A9bPbndHfq6NQXb2G1lojSdUPso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:9b:57:2a:f7:50:ec:1d:b5:58:9c:b2:9d:b1:db:ce:ae:31:
         9b:d3:9c:36:52:89:ff:73:c0:f2:ab:7e:cf:2c:f5:f6:64:47:
         7d:97:df:f9:07:ee:0e:95:53:4c:af:8a:56:85:b4:47:44:4f:
         d2:6c:80:d0:95:bb:40:18:f4:e2:1b:ac:27:3a:9d:23:22:78:
         9b:1a:a0:85:33:fb:cf:ab:5a:5e:90:2e:6b:f9:3c:d5:88:65:
         ba:7f:11:56:d1:81:2c:c9:b3:9f:a5:3d:67:d9:0b:d3:6c:22:
         b7:a6:7f:fd:8c:fe:ae:35:0d:6c:38:6b:c5:a8:1a:3b:c4:7f:
         9d:50:da:b2:a4:99:fd:7f:42:0e:ef:24:1d:a8:01:1d:85:39:
         c0:72:1c:ba:71:26:cc:51:55:6f:18:45:84:09:32:f8:be:c3:
         e1:64:5d:11:6d:7c:0b:45:8f:7a:a9:84:67:58:cf:8c:76:df:
         59:56:f4:f4:91:7b:be:6a:49:54:f8:45:85:95:da:da:28:64:
         26:e9:bd:6e:ed:92:f0:d7:71:e2:9a:63:3f:9b:70:e3:21:85:
         3b:84:33:5d:08:31:36:6c:c5:56:34:ad:d8:95:58:d9:cc:51:
         bc:4e:5d:8d:ce:b7:ad:68:b4:80:5f:9c:af:fd:0b:63:72:ed:
         8c:47:f3:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ22ElJe7cXk+NDQk/DXqEPFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIyMTY0MjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2Q2Y2Y2ZTc3NDc3ZWFlOGQ0MTc2ZjYxYjU5Njg4ZDI3NTQzZWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi+I8xSX4ZBS7QctPWiMH4S4nSgUE
wOEqs8PkZY8UykE3FjeED8IGqU+HJyR5jEjuaySCwaUO65zZUUKHt1hokrsr6YQf
fEgxACkFugEf2fjpRe21PO4cFeMUTJl03njM9KHi+LBdXx9Qf9bnSPz65Xqqt9t8
WLYkBu3tZlMfa10GpXB6tgw5rasGjA23lUf5ZDL92EOn8gIK919i+Kv1PB8b4TtZ
nvOQiTlIodPghtpHHVB/N0/baVBcixPhAF1J7xj6NJOVTbW9XBpXXOC9hZ3vOMWB
VzCWWo3MPuX8a48TNkZRSlzciVVWC2MQUHq4All4IKgGSPWLr64dSVPaKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPWz253R36ujUF29htZaI0nVD7KMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQTliUGJuZEhmcTZOUVhiMkcxbG9qU2RVUHNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhq5MA0G
CSqGSIb3DQEBCwUAA4IBAQAGm1cq91DsHbVYnLKdsdvOrjGb05w2Uon/c8Dyq37P
LPX2ZEd9l9/5B+4OlVNMr4pWhbRHRE/SbIDQlbtAGPTiG6wnOp0jInibGqCFM/vP
q1pekC5r+TzViGW6fxFW0YEsybOfpT1n2QvTbCK3pn/9jP6uNQ1sOGvFqBo7xH+d
UNqypJn9f0IO7yQdqAEdhTnAchy6cSbMUVVvGEWECTL4vsPhZF0RbXwLRY96qYRn
WM+Mdt9ZVvT0kXu+aklU+EWFldraKGQm6b1u7ZLw13HimmM/m3DjIYU7hDNdCDE2
bMVWNK3YlVjZzFG8Tl2NzretaLSAX5yv/Qtjcu2MR/M1
-----END CERTIFICATE-----