Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FsJsgbNazaCkOj_hsPIyNsOCKAE.roa
File:                     FsJsgbNazaCkOj_hsPIyNsOCKAE.roa (raw, json)
Hash identifier:          GV/oGfPgUHZcmBIB9eVqomf6Ok42lVdRDTY/vx4oGjQ=
Subject key identifier:   16:C2:6C:81:B3:5A:CD:A0:A4:3A:3F:E1:B0:F2:32:36:C3:82:28:01
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E419AB2D81134486B726F167B9CC0AF20
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FsJsgbNazaCkOj_hsPIyNsOCKAE.roa
Signing time:             Tue 19 May 2026 18:58:37 +0000
ROA not before:           Tue 19 May 2026 18:58:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402415
IP address blocks:        2.26.171.0/24 maxlen: 24
                          31.77.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 07 Jun 2026 02:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:41:9a:b2:d8:11:34:48:6b:72:6f:16:7b:9c:c0:af:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 19 18:58:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=16c26c81b35acda0a43a3fe1b0f23236c3822801
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:7e:d0:e1:32:59:d2:41:ee:68:dd:b1:09:c2:
                    b9:3d:0f:0a:1c:c4:88:16:c0:d5:bd:04:e7:6b:8a:
                    45:fb:de:4e:a7:db:2f:31:9f:88:67:d6:ff:09:2b:
                    a5:8c:09:54:f2:63:05:f5:7e:b6:8f:cb:a3:18:e1:
                    51:da:32:32:8d:25:61:e8:a7:18:f0:83:d2:05:25:
                    8d:4d:d7:5c:6c:d8:26:1a:f2:34:8b:8b:4e:e0:17:
                    60:2d:e9:26:df:b8:dd:e2:86:ff:9c:05:a2:34:95:
                    e8:ba:ae:e0:61:98:f4:92:53:34:22:5a:ba:1c:85:
                    70:64:be:63:e2:f7:6a:ac:01:5f:31:64:e6:c2:c1:
                    df:76:78:7b:e0:8a:fd:ad:45:4a:bb:33:11:3f:9c:
                    98:e7:77:7b:b1:5e:fb:73:4a:2e:5c:f5:b8:26:e3:
                    9b:c3:bf:dc:e8:07:90:4d:56:09:0c:66:97:a5:d0:
                    d8:0c:d4:c2:d2:2c:1e:10:21:92:a3:62:a5:5b:23:
                    eb:a6:82:8b:0b:a6:aa:06:b0:86:b3:ed:d8:6d:4c:
                    42:b6:64:ae:16:45:88:cc:82:93:ae:90:f9:b9:f8:
                    d8:ff:72:76:02:60:f5:d3:ac:e0:5d:b6:36:e1:7f:
                    ca:d1:24:2c:d1:fa:f2:3f:ab:20:ba:09:1d:dc:35:
                    ba:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:C2:6C:81:B3:5A:CD:A0:A4:3A:3F:E1:B0:F2:32:36:C3:82:28:01
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FsJsgbNazaCkOj_hsPIyNsOCKAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.171.0/24
                  31.77.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:77:a9:9c:8a:f6:07:59:ba:e8:8b:89:e2:0d:12:62:da:d1:
         dc:4a:ae:74:08:b4:ce:cf:5d:6c:bb:b9:19:b2:49:17:15:47:
         a3:9f:1a:f2:6c:ed:39:5f:59:9e:f6:77:5a:f3:b2:09:e4:2f:
         a7:7f:b1:dd:12:45:83:ad:9c:75:bf:37:ff:41:7d:a4:2b:f1:
         49:70:57:0b:a0:12:84:75:dc:fd:1d:8e:5c:75:f9:83:f8:de:
         5f:c3:08:c1:32:42:93:4b:15:87:9d:d5:e1:1e:1d:f4:a6:40:
         a3:bf:84:db:0a:20:6e:72:e7:80:9f:e3:ea:86:5f:15:53:7d:
         c9:3b:71:71:35:9d:da:14:5f:16:9a:c1:74:ba:c7:f5:3c:40:
         88:99:aa:bb:f0:00:1d:ae:d5:ef:ee:0b:62:d5:b8:8d:c3:d4:
         ca:01:f4:42:50:41:ab:0f:b7:ec:f5:6f:e4:9e:12:21:eb:f0:
         24:46:51:87:e3:14:53:de:c2:f3:81:dd:6f:f4:9c:e8:8c:23:
         3c:58:38:f6:61:74:13:1e:e3:b6:2a:6f:4b:60:44:04:d4:e8:
         a3:06:45:f0:85:58:18:4c:67:62:ac:13:5a:08:94:9c:46:5b:
         21:7f:91:36:f2:c5:48:73:f1:7c:6c:7a:29:13:28:8e:4b:44:
         f0:ea:3f:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5BmrLYETRIa3JvFnucwK8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTE5MTg1ODM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmMyNmM4MWIzNWFjZGEwYTQzYTNmZTFiMGYyMzIzNmMzODIyODAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxH7Q4TJZ0kHuaN2xCcK5PQ8KHMSI
FsDVvQTna4pF+95Op9svMZ+IZ9b/CSuljAlU8mMF9X62j8ujGOFR2jIyjSVh6KcY
8IPSBSWNTddcbNgmGvI0i4tO4BdgLekm37jd4ob/nAWiNJXouq7gYZj0klM0Ilq6
HIVwZL5j4vdqrAFfMWTmwsHfdnh74Ir9rUVKuzMRP5yY53d7sV77c0ouXPW4JuOb
w7/c6AeQTVYJDGaXpdDYDNTC0iweECGSo2KlWyPrpoKLC6aqBrCGs+3YbUxCtmSu
FkWIzIKTrpD5ufjY/3J2AmD106zgXbY24X/K0SQs0fryP6sgugkd3DW67wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBbCbIGzWs2gpDo/4bDyMjbDgigBMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRnNKc2diTmF6YUNrT2pfaHNQSXlOc09DS0FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqrAwQA
H03uMA0GCSqGSIb3DQEBCwUAA4IBAQAsd6mcivYHWbroi4niDRJi2tHcSq50CLTO
z11su7kZskkXFUejnxrybO05X1me9nda87IJ5C+nf7HdEkWDrZx1vzf/QX2kK/FJ
cFcLoBKEddz9HY5cdfmD+N5fwwjBMkKTSxWHndXhHh30pkCjv4TbCiBucueAn+Pq
hl8VU33JO3FxNZ3aFF8WmsF0usf1PECImaq78AAdrtXv7gti1biNw9TKAfRCUEGr
D7fs9W/knhIh6/AkRlGH4xRT3sLzgd1v9JzojCM8WDj2YXQTHuO2Km9LYEQE1Oij
BkXwhVgYTGdirBNaCJScRlshf5E28sVIc/F8bHopEyiOS0Tw6j9k
-----END CERTIFICATE-----