Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BemR9VhgQ7uiukcjXRCJfPiWk5A.roa
File:                     BemR9VhgQ7uiukcjXRCJfPiWk5A.roa (raw, json)
Hash identifier:          IxPf+owlEicvyF8Hby9878F6EyTqI6KFtfRWLtJ4904=
Subject key identifier:   05:E9:91:F5:58:60:43:BB:A2:BA:47:23:5D:10:89:7C:F8:96:93:90
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EB853FCD4F011ACF167E4FD6A4B20374E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BemR9VhgQ7uiukcjXRCJfPiWk5A.roa
Signing time:             Thu 11 Jun 2026 20:16:12 +0000
ROA not before:           Thu 11 Jun 2026 20:16:12 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215287
IP address blocks:        2.27.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 12 Jun 2026 20:20:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:b8:53:fc:d4:f0:11:ac:f1:67:e4:fd:6a:4b:20:37:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 11 20:16:12 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=05e991f5586043bba2ba47235d10897cf8969390
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:60:53:8a:24:ef:6d:19:fb:2b:fa:9a:36:b6:
                    16:e9:72:e7:a9:21:04:81:e0:b4:48:e5:2b:9a:58:
                    9c:cb:db:5a:e0:76:b2:2d:29:25:93:0e:a4:0b:7a:
                    a4:1a:67:91:6d:25:3a:b1:78:86:6f:26:3f:54:5a:
                    7c:43:1d:2a:f3:4c:3a:bc:74:d3:30:32:0e:19:7c:
                    2e:fb:bd:8d:17:c9:67:3c:8e:2d:9d:1a:5e:70:06:
                    c5:9e:c1:6b:9c:69:61:69:2b:44:4f:c1:a9:1d:ee:
                    47:ab:5e:b2:b0:dc:89:aa:dc:24:f6:c1:46:d6:03:
                    ab:0e:88:3e:1a:52:af:a9:a9:c4:35:19:a4:e0:12:
                    3b:88:69:15:c1:bc:d5:1a:6f:94:55:cb:50:bc:7d:
                    c7:16:16:bf:06:5b:06:c6:ce:94:eb:1d:5e:13:ef:
                    91:0b:a8:74:e3:70:e5:d7:43:4b:e3:06:fd:55:73:
                    e6:db:d7:7a:f9:fb:08:36:fe:4a:06:9d:86:2f:32:
                    af:5c:71:61:18:e2:37:31:f3:e2:83:ce:81:36:60:
                    e7:34:10:e4:9f:12:30:e6:cf:67:66:aa:41:e2:f8:
                    48:f7:13:70:58:6d:91:97:77:4b:03:8b:1a:ec:28:
                    f3:14:a1:be:f5:4e:2d:42:da:58:44:60:e3:d7:ad:
                    40:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:E9:91:F5:58:60:43:BB:A2:BA:47:23:5D:10:89:7C:F8:96:93:90
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/BemR9VhgQ7uiukcjXRCJfPiWk5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:05:5b:fa:bc:77:c8:8a:e8:28:93:0e:22:50:dd:22:ba:2a:
         53:01:3d:ec:5d:20:70:09:6a:31:73:50:03:19:a1:ac:16:f0:
         99:9c:58:90:09:71:e7:75:6c:7f:a5:be:56:45:f4:b1:9a:2a:
         1a:de:39:68:0b:4c:ac:ee:a1:dd:52:07:14:7f:4f:62:c8:bf:
         e8:db:7e:25:ec:3b:92:d4:1e:4d:9e:e1:8e:65:35:7b:42:dc:
         97:45:ed:96:0b:d7:91:65:b8:69:41:47:70:c1:f0:9c:dc:db:
         aa:e7:ff:2c:bc:98:07:d1:c0:5d:4d:81:20:d7:43:cb:92:56:
         36:f4:fd:4a:cd:01:fa:d7:ae:2f:77:87:ce:85:ba:73:2f:d0:
         e0:49:57:da:b4:4c:da:81:3a:50:af:f3:56:17:7d:fe:ea:82:
         21:b1:28:51:57:a2:6e:12:2f:e8:ac:35:27:f3:61:18:30:05:
         8f:81:c6:2c:d2:76:2b:87:aa:ef:f3:2d:e5:61:11:ec:e2:b5:
         4b:c9:21:d6:df:db:b9:4f:03:27:fe:e4:da:34:b3:ae:b9:14:
         f5:0e:88:da:ac:0e:e9:6b:8e:a9:c8:0f:6d:ab:be:f8:7b:8b:
         e5:37:c0:7b:dd:48:43:05:4d:a5:6f:d1:33:b7:2e:86:d3:fa:
         c7:67:56:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ64U/zU8BGs8Wfk/WpLIDdOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjExMjAxNjEyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWU5OTFmNTU4NjA0M2JiYTJiYTQ3MjM1ZDEwODk3Y2Y4OTY5MzkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2BTiiTvbRn7K/qaNrYW6XLnqSEE
geC0SOUrmlicy9ta4HayLSklkw6kC3qkGmeRbSU6sXiGbyY/VFp8Qx0q80w6vHTT
MDIOGXwu+72NF8lnPI4tnRpecAbFnsFrnGlhaStET8GpHe5Hq16ysNyJqtwk9sFG
1gOrDog+GlKvqanENRmk4BI7iGkVwbzVGm+UVctQvH3HFha/BlsGxs6U6x1eE++R
C6h043Dl10NL4wb9VXPm29d6+fsINv5KBp2GLzKvXHFhGOI3MfPig86BNmDnNBDk
nxIw5s9nZqpB4vhI9xNwWG2Rl3dLA4sa7CjzFKG+9U4tQtpYRGDj161AZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAXpkfVYYEO7orpHI10QiXz4lpOQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQmVtUjlWaGdRN3VpdWtjalhSQ0pmUGlXazVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhv/MA0G
CSqGSIb3DQEBCwUAA4IBAQAMBVv6vHfIiugokw4iUN0iuipTAT3sXSBwCWoxc1AD
GaGsFvCZnFiQCXHndWx/pb5WRfSxmioa3jloC0ys7qHdUgcUf09iyL/o234l7DuS
1B5NnuGOZTV7QtyXRe2WC9eRZbhpQUdwwfCc3Nuq5/8svJgH0cBdTYEg10PLklY2
9P1KzQH6164vd4fOhbpzL9DgSVfatEzagTpQr/NWF33+6oIhsShRV6JuEi/orDUn
82EYMAWPgcYs0nYrh6rv8y3lYRHs4rVLySHW39u5TwMn/uTaNLOuuRT1DojarA7p
a46pyA9tq774e4vlN8B73UhDBU2lb9Ezty6G0/rHZ1YV
-----END CERTIFICATE-----