Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/EXz9QAk0GDmN8ghiN0r0NxJgX3s.roa
File:                     EXz9QAk0GDmN8ghiN0r0NxJgX3s.roa (raw, json)
Hash identifier:          wEmZPUepDQvQFQuJyOovA/9YVk3xMGNPmgS3e3Ny9ZM=
Subject key identifier:   11:7C:FD:40:09:34:18:39:8D:F2:08:62:37:4A:F4:37:12:60:5F:7B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D49E0DC79F3FEF8B10823B3CE680420EA
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/EXz9QAk0GDmN8ghiN0r0NxJgX3s.roa
Signing time:             Wed 01 Apr 2026 16:29:26 +0000
ROA not before:           Wed 01 Apr 2026 16:29:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     21859
IP address blocks:        2.27.161.0/24 maxlen: 24
                          144.31.42.0/24 maxlen: 24
                          144.31.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 Apr 2026 19:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:49:e0:dc:79:f3:fe:f8:b1:08:23:b3:ce:68:04:20:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  1 16:29:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=117cfd40093418398df20862374af43712605f7b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:86:b4:03:13:81:e4:90:1a:48:cb:21:79:6e:
                    92:92:d4:fa:d1:05:e8:cc:20:16:60:2f:1a:1e:bc:
                    01:46:cf:da:93:83:fb:3c:03:17:9b:67:29:e5:45:
                    c0:f4:98:16:36:83:42:ef:e3:2b:ba:a9:66:fa:a1:
                    e4:3f:b9:0f:57:20:b6:1d:95:b0:6c:8f:45:c9:38:
                    5c:3a:d5:0e:14:f3:12:69:a2:62:d5:48:2f:80:e7:
                    eb:e5:fb:d3:19:84:ff:d7:cd:2c:63:40:ff:a1:37:
                    61:40:d9:7f:85:01:43:79:94:95:52:ea:38:6c:49:
                    28:10:c0:23:83:c4:f2:4d:b8:5c:78:14:c4:8b:1a:
                    b6:c1:50:8e:20:78:df:68:6d:53:dc:35:3f:43:db:
                    03:74:56:26:a8:88:ee:1f:16:97:ca:67:0d:a7:e0:
                    6c:0e:a9:08:a8:bd:f5:72:a7:74:b5:1f:f6:47:f5:
                    35:a3:c1:65:a2:b1:61:7c:70:0d:e4:fe:36:cf:27:
                    11:b2:a6:f8:21:56:2b:f5:ea:a2:e6:77:2b:49:7b:
                    4c:ce:94:2b:1b:09:94:6c:f9:20:5d:5d:99:7e:dc:
                    1d:0b:61:2f:31:0b:5e:3b:df:d8:59:72:36:55:16:
                    b4:c4:55:d8:fa:0e:1c:ba:55:2a:36:ff:9e:85:4c:
                    86:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7C:FD:40:09:34:18:39:8D:F2:08:62:37:4A:F4:37:12:60:5F:7B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/EXz9QAk0GDmN8ghiN0r0NxJgX3s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.161.0/24
                  144.31.42.0/24
                  144.31.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:25:07:88:b5:04:8d:9e:40:cf:19:ad:36:17:5f:14:21:ca:
         4f:56:ff:2e:e5:78:c9:e6:a7:0c:60:2d:6b:a9:b7:24:32:69:
         1a:4d:fd:20:59:26:16:dd:7d:f6:3d:95:4d:38:e2:79:bb:d6:
         02:8c:3c:38:65:3c:19:a3:c9:34:66:27:91:c6:be:67:9e:91:
         38:15:af:48:0b:86:0d:00:c1:6a:f8:25:fa:c6:5b:15:b7:2c:
         9a:52:e1:cf:9b:c1:0e:cd:fd:78:30:4d:60:a8:74:bb:76:4b:
         97:e8:01:5e:c8:47:dd:d2:21:bc:30:eb:a3:96:a6:af:2f:74:
         67:9f:60:15:33:4d:7a:b4:a3:4b:63:29:01:05:e0:2e:3e:bb:
         d9:92:2e:9d:78:6e:98:76:68:b6:63:07:b2:26:24:8a:70:ff:
         fb:bb:61:6f:a2:c4:bf:a9:43:84:e8:e9:24:c1:e2:89:ce:e5:
         dd:b8:47:38:44:bf:06:67:7e:5a:48:72:f7:2d:1b:69:e1:67:
         8c:64:28:d2:22:c4:11:c1:eb:b9:2a:64:fa:71:b1:1e:9e:5e:
         5d:d0:05:ac:88:18:49:ec:d4:e1:77:59:3e:c5:09:0a:1e:ff:
         4d:17:50:80:22:58:96:65:bb:6b:7c:88:6e:7c:e0:5e:08:ee:
         60:e4:45:01
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZ1J4Nx58/74sQgjs85oBCDqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDAxMTYyOTI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdjZmQ0MDA5MzQxODM5OGRmMjA4NjIzNzRhZjQzNzEyNjA1ZjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Ia0AxOB5JAaSMsheW6SktT60QXo
zCAWYC8aHrwBRs/ak4P7PAMXm2cp5UXA9JgWNoNC7+Mruqlm+qHkP7kPVyC2HZWw
bI9FyThcOtUOFPMSaaJi1UgvgOfr5fvTGYT/180sY0D/oTdhQNl/hQFDeZSVUuo4
bEkoEMAjg8TyTbhceBTEixq2wVCOIHjfaG1T3DU/Q9sDdFYmqIjuHxaXymcNp+Bs
DqkIqL31cqd0tR/2R/U1o8FlorFhfHAN5P42zycRsqb4IVYr9eqi5ncrSXtMzpQr
GwmUbPkgXV2ZftwdC2EvMQteO9/YWXI2VRa0xFXY+g4culUqNv+ehUyG7wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBF8/UAJNBg5jfIIYjdK9DcSYF97MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRVh6OVFBazBHRG1OOGdoaU4wcjBOeEpnWDNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAAhuhAwQA
kB8qAwQAkB8sMA0GCSqGSIb3DQEBCwUAA4IBAQCaJQeItQSNnkDPGa02F18UIcpP
Vv8u5XjJ5qcMYC1rqbckMmkaTf0gWSYW3X32PZVNOOJ5u9YCjDw4ZTwZo8k0ZieR
xr5nnpE4Fa9IC4YNAMFq+CX6xlsVtyyaUuHPm8EOzf14ME1gqHS7dkuX6AFeyEfd
0iG8MOujlqavL3Rnn2AVM016tKNLYykBBeAuPrvZki6deG6Ydmi2YweyJiSKcP/7
u2FvosS/qUOE6OkkweKJzuXduEc4RL8GZ35aSHL3LRtp4WeMZCjSIsQRweu5KmT6
cbEenl5d0AWsiBhJ7NThd1k+xQkKHv9NF1CAIliWZbtrfIhufOBeCO5g5EUB
-----END CERTIFICATE-----