Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FJ3HC4RMA0lYhaIniUyOYDQP1vI.roa
File:                     FJ3HC4RMA0lYhaIniUyOYDQP1vI.roa (raw, json)
Hash identifier:          nkg9XM6PoVDcd/jIb0965bIv13sGqsdPjAB7uJ8+Yj4=
Subject key identifier:   14:9D:C7:0B:84:4C:03:49:58:85:A2:27:89:4C:8E:60:34:0F:D6:F2
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D0BDDAD62D8221748F08EC50DEB140BBD
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FJ3HC4RMA0lYhaIniUyOYDQP1vI.roa
Signing time:             Fri 20 Mar 2026 15:29:30 +0000
ROA not before:           Fri 20 Mar 2026 15:29:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        2.27.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:dd:ad:62:d8:22:17:48:f0:8e:c5:0d:eb:14:0b:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 20 15:29:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=149dc70b844c03495885a227894c8e60340fd6f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:12:d2:8e:30:19:3c:9c:1e:a1:3e:fb:ac:ae:
                    8e:d4:58:22:6d:45:3e:b8:8d:d4:ee:17:df:c3:5e:
                    dc:30:9f:af:64:85:d8:5a:27:82:65:73:0d:0a:f3:
                    15:a6:35:81:b3:4d:6e:ee:a1:1b:ab:39:d0:e9:34:
                    ed:c5:88:d9:e2:53:94:6b:c9:60:b2:1a:2d:e2:02:
                    05:c0:39:b2:b9:71:71:e3:21:cc:4a:9b:45:c5:fd:
                    8a:fb:e6:1b:c2:55:b0:86:2b:54:8b:d7:7f:4f:5a:
                    55:62:8f:0d:30:e4:e1:b6:9c:a0:4c:a4:0e:7f:e1:
                    dc:69:89:23:9a:9c:d4:4c:c7:91:af:bc:c2:97:29:
                    38:78:ab:2d:ee:e7:b5:f8:29:29:86:e3:80:75:7d:
                    55:a8:29:c9:a3:82:40:66:41:79:c7:8d:59:28:2e:
                    7f:37:54:5d:6e:c0:3a:b1:98:9d:01:ee:32:1c:72:
                    96:f4:22:71:5e:7e:bc:89:66:37:95:4b:1a:90:6d:
                    27:c6:d9:e6:78:53:30:2e:4a:5a:64:ca:92:f4:46:
                    07:55:eb:c2:46:e3:aa:33:2e:39:cf:1d:1d:d1:65:
                    10:92:b6:8e:e1:d0:7b:42:31:79:6d:96:74:b9:40:
                    9d:be:97:63:2f:84:fd:2c:6c:c9:d1:9f:1a:ed:c5:
                    ae:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:9D:C7:0B:84:4C:03:49:58:85:A2:27:89:4C:8E:60:34:0F:D6:F2
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FJ3HC4RMA0lYhaIniUyOYDQP1vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:ba:7c:36:f2:fd:41:7e:ca:0d:84:bc:67:f0:80:56:69:ce:
         7b:e1:5e:f2:6a:5c:03:f1:d3:f8:a6:2a:2b:d6:c6:e5:fe:f6:
         d1:86:a7:48:f4:09:97:3d:f4:84:03:73:4e:88:55:2e:d9:39:
         78:c3:62:b9:32:11:f4:cd:32:68:8f:61:c0:8b:0d:72:02:c1:
         f0:a4:18:66:03:63:27:2c:17:b6:52:de:67:17:a0:a3:73:31:
         ee:33:16:d7:94:1c:18:a8:3e:82:8e:5d:18:52:e7:2a:ca:4e:
         d6:98:71:56:95:fa:d1:c6:92:39:e2:22:bd:d3:bc:1b:75:c3:
         67:ee:c6:ba:f6:95:ea:85:d2:75:31:05:09:df:56:f1:58:f6:
         04:40:e6:fb:ea:b5:db:8d:c8:3a:4a:0b:54:19:cc:34:4c:95:
         36:e0:a0:38:6d:a6:84:d4:ae:ef:93:b5:c8:79:7e:67:fa:76:
         bc:f3:8f:dd:bf:cc:16:6b:74:0b:ac:61:ef:d7:85:8b:65:dc:
         d6:e3:ab:71:1b:aa:80:0a:0b:d9:f1:20:cd:c2:da:18:5a:89:
         1d:77:e5:53:f1:24:dc:40:6f:84:ce:cf:7e:7c:35:d6:d4:aa:
         81:28:be:b5:f5:67:74:24:31:d3:e3:ce:c4:77:76:80:83:d1:
         f2:0f:a4:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0L3a1i2CIXSPCOxQ3rFAu9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIwMTUyOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDlkYzcwYjg0NGMwMzQ5NTg4NWEyMjc4OTRjOGU2MDM0MGZkNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhLSjjAZPJweoT77rK6O1FgibUU+
uI3U7hffw17cMJ+vZIXYWieCZXMNCvMVpjWBs01u7qEbqznQ6TTtxYjZ4lOUa8lg
shot4gIFwDmyuXFx4yHMSptFxf2K++YbwlWwhitUi9d/T1pVYo8NMOThtpygTKQO
f+HcaYkjmpzUTMeRr7zClyk4eKst7ue1+CkphuOAdX1VqCnJo4JAZkF5x41ZKC5/
N1RdbsA6sZidAe4yHHKW9CJxXn68iWY3lUsakG0nxtnmeFMwLkpaZMqS9EYHVevC
RuOqMy45zx0d0WUQkraO4dB7QjF5bZZ0uUCdvpdjL4T9LGzJ0Z8a7cWuOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBSdxwuETANJWIWiJ4lMjmA0D9byMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRkozSEM0Uk1BMGxZaGFJbmlVeU9ZRFFQMXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtwMA0G
CSqGSIb3DQEBCwUAA4IBAQCqunw28v1BfsoNhLxn8IBWac574V7yalwD8dP4pior
1sbl/vbRhqdI9AmXPfSEA3NOiFUu2Tl4w2K5MhH0zTJoj2HAiw1yAsHwpBhmA2Mn
LBe2Ut5nF6CjczHuMxbXlBwYqD6Cjl0YUucqyk7WmHFWlfrRxpI54iK907wbdcNn
7sa69pXqhdJ1MQUJ31bxWPYEQOb76rXbjcg6SgtUGcw0TJU24KA4baaE1K7vk7XI
eX5n+na884/dv8wWa3QLrGHv14WLZdzW46txG6qACgvZ8SDNwtoYWokdd+VT8STc
QG+Ezs9+fDXW1KqBKL619Wd0JDHT487Ed3aAg9HyD6Rv
-----END CERTIFICATE-----