Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FwtiIDF-xzmANZG1b4fSEUc01M8.roa
File:                     FwtiIDF-xzmANZG1b4fSEUc01M8.roa (raw, json)
Hash identifier:          ahB4MEyuPFJPdYZVGq6Q/VRO1TuqV65dJW9y9+d1dlc=
Subject key identifier:   17:0B:62:20:31:7E:C7:39:80:35:91:B5:6F:87:D2:11:47:34:D4:CF
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DAC30B8F028A0AC73788D5A2F70888ECF
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FwtiIDF-xzmANZG1b4fSEUc01M8.roa
Signing time:             Mon 20 Apr 2026 18:39:27 +0000
ROA not before:           Mon 20 Apr 2026 18:39:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199180
IP address blocks:        2.26.12.0/24 maxlen: 24
                          2.26.13.0/24 maxlen: 24
                          2.26.14.0/24 maxlen: 24
                          2.26.15.0/24 maxlen: 24
                          2.27.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 Apr 2026 23:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ac:30:b8:f0:28:a0:ac:73:78:8d:5a:2f:70:88:8e:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 20 18:39:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=170b6220317ec739803591b56f87d2114734d4cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:ef:ef:26:e0:65:5c:a7:73:86:99:d0:af:84:
                    f0:03:d1:9a:8b:27:ec:35:fa:70:7f:c4:ca:40:64:
                    c3:c8:91:f8:34:e4:15:8c:34:94:6e:1a:b3:f7:21:
                    76:b6:56:c4:a7:e6:67:d8:bf:b6:b1:51:8c:8d:a8:
                    e1:3b:8f:31:67:a4:a0:1a:fe:df:a7:b6:7e:b3:b2:
                    32:c9:07:dd:cc:77:e2:c9:6c:d5:98:2a:69:9d:50:
                    d0:a5:e9:41:b7:75:d3:3b:5b:05:fd:cb:ae:bd:10:
                    9f:06:98:7a:93:e5:32:dd:0b:24:0e:8e:b3:34:87:
                    0e:b3:08:f1:69:f2:de:68:e5:5f:ce:60:4d:87:2f:
                    ad:ff:b8:6a:be:e5:f9:70:30:85:e8:77:a3:bc:49:
                    40:06:49:88:ae:7a:c4:5e:eb:c7:4e:e6:75:80:f3:
                    98:35:23:af:20:c8:11:cb:37:78:ce:09:16:01:ae:
                    4a:ce:e1:76:19:80:a3:46:32:87:d9:1d:c0:d2:1e:
                    de:36:e0:ec:19:3a:83:9d:43:b5:6b:99:a4:d7:91:
                    45:a9:92:8b:2d:b5:d0:16:ee:16:a0:3c:15:f0:b0:
                    68:dc:5f:b0:3c:66:bd:1a:69:c0:23:85:c1:17:07:
                    5c:f5:6d:84:ff:dd:bc:b5:2a:66:05:1c:5b:9b:94:
                    d9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:0B:62:20:31:7E:C7:39:80:35:91:B5:6F:87:D2:11:47:34:D4:CF
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/FwtiIDF-xzmANZG1b4fSEUc01M8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.12.0/22
                  2.27.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:f8:e0:33:b9:be:bc:b1:a9:8f:8b:b1:5f:4f:dc:a7:e1:0c:
         37:3a:72:84:e1:16:08:9b:74:3e:d6:98:7c:7b:bc:f0:7a:d7:
         82:2a:db:d5:41:5a:64:69:9f:c1:d0:d6:c8:ba:0b:d5:5f:e2:
         ad:79:f7:86:93:85:d5:30:e3:57:30:ae:b6:7b:92:d5:40:a2:
         62:47:22:73:3b:74:85:92:09:18:c3:cb:36:e6:98:d7:67:cb:
         88:28:fa:31:4c:8b:42:11:45:c3:ba:1b:72:14:26:86:c9:3b:
         75:11:c8:16:9e:39:1e:00:aa:d0:1e:54:a6:59:0e:30:82:55:
         85:13:c6:98:28:c8:c4:c2:a6:27:6d:93:e1:d1:3a:a7:99:43:
         21:6f:7e:45:f7:e1:eb:27:f4:a1:07:9b:13:f0:d2:c1:2f:43:
         8d:37:e0:ee:43:1f:05:0b:0a:a2:a0:4c:64:f1:75:69:5d:39:
         fa:f4:69:9b:13:2e:39:31:89:c5:56:71:9a:0c:5f:c4:1e:84:
         e7:47:c4:02:2a:f4:5c:4c:d6:9a:a3:11:3e:b4:46:63:b1:0b:
         75:b7:7b:42:81:e8:70:32:6b:a3:96:27:46:72:2f:20:20:23:
         73:95:30:b5:09:9d:33:3a:98:b4:01:4d:0c:03:84:89:37:51:
         f3:8c:16:25
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2sMLjwKKCsc3iNWi9wiI7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIwMTgzOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzBiNjIyMDMxN2VjNzM5ODAzNTkxYjU2Zjg3ZDIxMTQ3MzRkNGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmu/vJuBlXKdzhpnQr4TwA9Gaiyfs
Nfpwf8TKQGTDyJH4NOQVjDSUbhqz9yF2tlbEp+Zn2L+2sVGMjajhO48xZ6SgGv7f
p7Z+s7IyyQfdzHfiyWzVmCppnVDQpelBt3XTO1sF/cuuvRCfBph6k+Uy3QskDo6z
NIcOswjxafLeaOVfzmBNhy+t/7hqvuX5cDCF6HejvElABkmIrnrEXuvHTuZ1gPOY
NSOvIMgRyzd4zgkWAa5KzuF2GYCjRjKH2R3A0h7eNuDsGTqDnUO1a5mk15FFqZKL
LbXQFu4WoDwV8LBo3F+wPGa9GmnAI4XBFwdc9W2E/928tSpmBRxbm5TZ0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBcLYiAxfsc5gDWRtW+H0hFHNNTPMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvRnd0aUlERi14em1BTlpHMWI0ZlNFVWMwMU04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAhoMAwQA
AhsGMA0GCSqGSIb3DQEBCwUAA4IBAQBK+OAzub68samPi7FfT9yn4Qw3OnKE4RYI
m3Q+1ph8e7zweteCKtvVQVpkaZ/B0NbIugvVX+KtefeGk4XVMONXMK62e5LVQKJi
RyJzO3SFkgkYw8s25pjXZ8uIKPoxTItCEUXDuhtyFCaGyTt1EcgWnjkeAKrQHlSm
WQ4wglWFE8aYKMjEwqYnbZPh0TqnmUMhb35F9+HrJ/ShB5sT8NLBL0ONN+DuQx8F
CwqioExk8XVpXTn69GmbEy45MYnFVnGaDF/EHoTnR8QCKvRcTNaaoxE+tEZjsQt1
t3tCgehwMmujlidGci8gICNzlTC1CZ0zOpi0AU0MA4SJN1HzjBYl
-----END CERTIFICATE-----