Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/B4Gge_Qlw4M-5FzwSV0JxVNZ3Ik.roa
File:                     B4Gge_Qlw4M-5FzwSV0JxVNZ3Ik.roa (raw, json)
Hash identifier:          4m/jVPzF0qHumzSW2vNtdf6enAlpwPf2EY4HAxge6fI=
Subject key identifier:   07:81:A0:7B:F4:25:C3:83:3E:E4:5C:F0:49:5D:09:C5:53:59:DC:89
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D06E5184E9CB214E2B02114E3E2474112
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/B4Gge_Qlw4M-5FzwSV0JxVNZ3Ik.roa
Signing time:             Thu 19 Mar 2026 16:19:30 +0000
ROA not before:           Thu 19 Mar 2026 16:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     216455
IP address blocks:        2.27.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:e5:18:4e:9c:b2:14:e2:b0:21:14:e3:e2:47:41:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 19 16:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=0781a07bf425c3833ee45cf0495d09c55359dc89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:64:e5:a5:60:b9:92:4e:db:08:e2:b8:2f:d1:
                    6a:17:02:4a:86:bd:ad:28:b7:77:a5:dc:a7:da:0c:
                    00:12:b6:34:3e:63:62:69:a1:a0:49:74:a8:29:0b:
                    1f:43:26:45:4d:f8:04:b3:1d:ce:d7:c7:6c:1d:8e:
                    0d:a2:9d:7c:dd:19:5a:f7:30:5c:f7:50:92:fd:40:
                    17:19:89:4a:96:6f:8c:c1:f3:67:d1:19:1c:89:05:
                    c1:59:17:1d:10:60:fd:06:06:d3:cb:1f:c4:4f:ec:
                    cd:5f:15:fe:ee:43:bd:71:bc:22:d8:55:8c:94:16:
                    0c:f3:ae:92:e2:fe:a0:a7:d1:26:b5:f9:a4:41:81:
                    88:6f:85:c2:e5:5f:4b:a0:0e:80:3f:79:72:4c:51:
                    99:af:1b:8a:dd:ef:94:a7:6d:60:fc:21:51:c4:41:
                    db:8b:2f:d7:d3:d9:3e:d2:7a:c7:90:a7:b0:f0:24:
                    75:72:54:5e:da:ab:42:ca:d2:a9:ac:4e:4c:66:b1:
                    28:4b:27:51:2d:fa:ee:7d:e7:bf:2f:a6:8c:a2:cd:
                    fe:b2:ef:43:ae:14:a8:40:53:02:36:28:8e:31:39:
                    cb:f6:b0:cd:c7:5c:ba:fe:ae:e7:43:16:bd:f2:c0:
                    42:a3:0b:4e:49:6d:41:46:f6:2b:8a:b9:1c:5f:9a:
                    8b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:81:A0:7B:F4:25:C3:83:3E:E4:5C:F0:49:5D:09:C5:53:59:DC:89
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/B4Gge_Qlw4M-5FzwSV0JxVNZ3Ik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:00:03:92:db:2e:cf:41:2e:11:f5:9e:61:b7:65:f8:9b:ff:
         92:1a:44:97:01:f5:9c:02:50:3d:38:24:b9:56:e2:3e:13:4c:
         b8:73:23:ab:93:4c:65:c9:d6:61:74:0a:d4:b6:80:75:b7:18:
         3a:9e:e6:ad:56:8a:d7:a0:81:0d:88:e1:0f:48:4f:5c:22:2b:
         6d:9b:c9:6d:78:7d:ff:3f:d1:5b:63:4c:48:17:54:22:65:3e:
         8c:8a:e2:2a:f5:52:c9:eb:be:98:5d:b8:89:2d:e3:59:94:45:
         cd:82:eb:e2:5e:77:17:23:21:15:c9:6d:25:c5:a3:2e:4c:e9:
         db:86:81:32:4c:10:16:4e:f1:e7:27:3d:cf:ee:e0:ff:1e:07:
         6f:4d:ec:0b:aa:10:13:d1:34:f5:e3:a0:07:3a:35:be:3c:54:
         24:2d:f7:bb:1e:3b:f6:d3:84:60:e0:b1:1b:ce:17:c8:2a:a5:
         a3:00:1c:f6:d6:cd:b8:4e:03:fb:d8:b4:bd:5e:cb:db:78:f8:
         9f:e0:5b:88:e8:37:4b:91:d2:c7:93:80:81:6e:14:74:55:a9:
         1a:07:b2:c4:3c:df:8d:96:3e:0c:db:9b:94:d6:67:b4:9c:16:
         61:91:f1:7d:25:e1:ec:e2:92:6f:a7:93:be:c3:f3:2b:68:91:
         cb:80:a1:9d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0G5RhOnLIU4rAhFOPiR0ESMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE5MTYxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzgxYTA3YmY0MjVjMzgzM2VlNDVjZjA0OTVkMDljNTUzNTlkYzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxmTlpWC5kk7bCOK4L9FqFwJKhr2t
KLd3pdyn2gwAErY0PmNiaaGgSXSoKQsfQyZFTfgEsx3O18dsHY4Nop183Rla9zBc
91CS/UAXGYlKlm+MwfNn0RkciQXBWRcdEGD9BgbTyx/ET+zNXxX+7kO9cbwi2FWM
lBYM866S4v6gp9EmtfmkQYGIb4XC5V9LoA6AP3lyTFGZrxuK3e+Up21g/CFRxEHb
iy/X09k+0nrHkKew8CR1clRe2qtCytKprE5MZrEoSydRLfrufee/L6aMos3+su9D
rhSoQFMCNiiOMTnL9rDNx1y6/q7nQxa98sBCowtOSW1BRvYrirkcX5qL/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAeBoHv0JcODPuRc8EldCcVTWdyJMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQjRHZ2VfUWx3NE0tNUZ6d1NWMEp4Vk5aM0lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtkMA0G
CSqGSIb3DQEBCwUAA4IBAQCzAAOS2y7PQS4R9Z5ht2X4m/+SGkSXAfWcAlA9OCS5
VuI+E0y4cyOrk0xlydZhdArUtoB1txg6nuatVorXoIENiOEPSE9cIittm8lteH3/
P9FbY0xIF1QiZT6MiuIq9VLJ676YXbiJLeNZlEXNguviXncXIyEVyW0lxaMuTOnb
hoEyTBAWTvHnJz3P7uD/HgdvTewLqhAT0TT146AHOjW+PFQkLfe7Hjv204Rg4LEb
zhfIKqWjABz21s24TgP72LS9XsvbePif4FuI6DdLkdLHk4CBbhR0VakaB7LEPN+N
lj4M25uU1me0nBZhkfF9JeHs4pJvp5O+w/MraJHLgKGd
-----END CERTIFICATE-----