Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/CQwaUq5egB-cDqjuteA43yBeh_s.roa
File:                     CQwaUq5egB-cDqjuteA43yBeh_s.roa (raw, json)
Hash identifier:          61BPKgrAs6ydXUzlDASloQn5hDyEX9tbNGbVSv32hao=
Subject key identifier:   09:0C:1A:52:AE:5E:80:1F:9C:0E:A8:EE:B5:E0:38:DF:20:5E:87:FB
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D9D349200DC0A1281BD031A39898746D9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/CQwaUq5egB-cDqjuteA43yBeh_s.roa
Signing time:             Fri 17 Apr 2026 20:49:21 +0000
ROA not before:           Fri 17 Apr 2026 20:49:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     208328
IP address blocks:        2.26.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9d:34:92:00:dc:0a:12:81:bd:03:1a:39:89:87:46:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 17 20:49:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=090c1a52ae5e801f9c0ea8eeb5e038df205e87fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:e0:8a:1e:c5:9d:f1:11:b2:e3:f4:2e:22:8d:
                    1c:e8:89:65:7e:8e:b8:b3:9a:3e:bb:b5:fd:6b:a6:
                    6e:99:ed:e7:f2:ab:96:79:9d:b5:22:f6:81:64:3a:
                    fb:88:9f:6b:08:02:72:ef:f7:42:37:dc:8d:21:32:
                    ab:77:02:63:e8:b1:c6:fb:34:21:1f:8a:59:7f:79:
                    f2:72:1c:23:d3:b4:cf:63:46:71:b8:bc:0d:d8:66:
                    62:db:04:53:0e:8b:1a:5a:5c:8d:14:39:cd:bf:00:
                    58:f2:21:5e:5f:27:64:d3:2e:94:49:0f:09:69:ea:
                    44:4c:6b:9c:73:64:00:ae:f4:26:3f:4d:b6:9d:1f:
                    a0:59:a8:89:43:c2:24:6b:15:58:d4:6a:e8:c3:25:
                    aa:ae:7f:ad:19:30:9d:24:b6:3e:57:85:9c:ce:d8:
                    42:93:ec:a3:aa:1e:9c:c1:3a:16:78:f5:09:c5:c2:
                    94:ad:2b:a5:d8:b4:2d:bd:cf:8d:34:e9:72:24:5d:
                    45:41:f3:97:04:da:12:aa:41:9a:d2:c9:0e:c1:f4:
                    28:00:9a:0c:aa:7a:34:cf:57:b8:24:46:28:2a:3f:
                    5e:5f:c7:e9:13:2e:57:fd:71:2e:c3:46:9f:f0:e5:
                    36:56:11:19:da:43:b2:02:46:b9:ce:a7:fa:71:f5:
                    48:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:0C:1A:52:AE:5E:80:1F:9C:0E:A8:EE:B5:E0:38:DF:20:5E:87:FB
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/CQwaUq5egB-cDqjuteA43yBeh_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:f3:19:6a:0a:19:c8:33:da:0e:00:57:75:bb:b0:df:ec:e8:
         55:b6:14:ca:8e:bb:48:7a:25:0a:aa:30:6b:5d:e4:8f:ed:d9:
         cb:04:93:6a:c2:3f:a9:e0:ad:ca:df:8a:1c:02:09:68:7a:8e:
         86:cf:9f:2b:ea:8d:f4:07:e0:58:fe:6a:c9:b4:e1:db:e4:52:
         96:71:88:52:be:3c:1a:87:be:8a:40:74:66:9a:4d:a2:da:16:
         40:10:71:b0:6f:64:ec:94:e0:e8:e2:f4:96:26:4a:0d:ad:7e:
         fe:2c:1c:64:b6:b4:c2:db:96:45:65:1f:88:79:4a:dd:e1:66:
         f9:ef:10:08:22:45:e7:7e:ed:33:6a:4f:3e:c1:0e:6a:31:16:
         f0:4c:4f:90:6a:82:88:fd:bd:75:0d:d5:a1:5b:17:11:70:9f:
         de:8b:1b:08:d0:a4:dd:df:29:9c:d4:a9:d9:c1:46:87:2b:bd:
         a3:33:bd:1c:62:04:84:90:42:fd:1d:45:68:b4:21:fd:1f:8a:
         8e:b4:79:8d:18:ab:3f:3e:e5:c4:4f:22:f2:63:cd:e1:2c:d5:
         36:b2:37:73:ba:47:ef:c8:3b:bc:ef:fc:73:5b:38:4b:58:76:
         2f:6b:35:7a:da:1b:91:97:55:61:06:85:49:65:20:f0:9d:7b:
         65:d5:c2:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2dNJIA3AoSgb0DGjmJh0bZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE3MjA0OTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTBjMWE1MmFlNWU4MDFmOWMwZWE4ZWViNWUwMzhkZjIwNWU4N2ZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzuCKHsWd8RGy4/QuIo0c6Illfo64
s5o+u7X9a6Zume3n8quWeZ21IvaBZDr7iJ9rCAJy7/dCN9yNITKrdwJj6LHG+zQh
H4pZf3nychwj07TPY0ZxuLwN2GZi2wRTDosaWlyNFDnNvwBY8iFeXydk0y6USQ8J
aepETGucc2QArvQmP022nR+gWaiJQ8IkaxVY1GrowyWqrn+tGTCdJLY+V4WczthC
k+yjqh6cwToWePUJxcKUrSul2LQtvc+NNOlyJF1FQfOXBNoSqkGa0skOwfQoAJoM
qno0z1e4JEYoKj9eX8fpEy5X/XEuw0af8OU2VhEZ2kOyAka5zqf6cfVIzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAkMGlKuXoAfnA6o7rXgON8gXof7MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvQ1F3YVVxNWVnQi1jRHFqdXRlQTQzeUJlaF9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhreMA0G
CSqGSIb3DQEBCwUAA4IBAQBc8xlqChnIM9oOAFd1u7Df7OhVthTKjrtIeiUKqjBr
XeSP7dnLBJNqwj+p4K3K34ocAgloeo6Gz58r6o30B+BY/mrJtOHb5FKWcYhSvjwa
h76KQHRmmk2i2hZAEHGwb2TslODo4vSWJkoNrX7+LBxktrTC25ZFZR+IeUrd4Wb5
7xAIIkXnfu0zak8+wQ5qMRbwTE+QaoKI/b11DdWhWxcRcJ/eixsI0KTd3ymc1KnZ
wUaHK72jM70cYgSEkEL9HUVotCH9H4qOtHmNGKs/PuXETyLyY83hLNU2sjdzukfv
yDu87/xzWzhLWHYvazV62huRl1VhBoVJZSDwnXtl1cIf
-----END CERTIFICATE-----