Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/H6GBaJyH6iZzVfHw_TJeVCG9mhw.roa
File:                     H6GBaJyH6iZzVfHw_TJeVCG9mhw.roa (raw, json)
Hash identifier:          uJY0D0g8iPud1xLXxQ+8g0SU6f8Zpxu5ySZYJuMdPNw=
Subject key identifier:   1F:A1:81:68:9C:87:EA:26:73:55:F1:F0:FD:32:5E:54:21:BD:9A:1C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DB0FD47452B40A7170A8FD148F8F0095D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/H6GBaJyH6iZzVfHw_TJeVCG9mhw.roa
Signing time:             Tue 21 Apr 2026 17:01:21 +0000
ROA not before:           Tue 21 Apr 2026 17:01:21 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     137235
IP address blocks:        2.27.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:fd:47:45:2b:40:a7:17:0a:8f:d1:48:f8:f0:09:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 21 17:01:21 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=1fa181689c87ea267355f1f0fd325e5421bd9a1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:53:f4:c0:8c:b5:24:d0:de:e4:8d:c1:1f:65:
                    c6:da:72:a8:38:ac:c9:b4:32:bb:03:69:33:6c:5f:
                    19:7f:21:f0:b6:41:8e:bc:2b:25:92:a0:88:8e:74:
                    fd:37:e0:1b:65:87:0d:a5:c0:f6:12:76:e5:c0:b5:
                    d2:7d:20:38:73:91:0c:c0:13:9c:be:b2:2f:5e:17:
                    b2:7a:e7:dd:53:a4:16:05:45:03:1c:3e:f4:5f:58:
                    78:01:7b:1a:bd:ad:ff:e3:e4:40:81:26:05:92:80:
                    2b:c4:75:2a:35:b6:bc:5c:be:5c:58:3b:46:c4:eb:
                    50:77:fb:7d:ef:6f:b8:76:37:2a:05:cf:a9:c2:d9:
                    7b:64:dc:7e:50:d1:c8:35:f5:df:66:df:b3:0f:7b:
                    0c:96:81:15:76:e2:34:96:ba:9a:6e:19:4b:4f:ba:
                    cb:57:2e:ec:f1:ec:8e:f0:28:5c:54:7b:0e:77:c4:
                    83:e2:26:45:03:47:94:ef:49:59:fb:84:9c:22:03:
                    0d:35:ee:da:0f:aa:77:fa:9e:df:33:ad:b2:76:09:
                    b2:9e:3a:44:6c:f9:16:d2:cb:4b:e0:00:0d:dd:da:
                    7a:23:f8:80:0f:04:bc:2f:5e:50:fb:63:d3:64:f9:
                    0d:a7:0e:06:ea:eb:9b:d0:4f:1b:2f:39:66:13:da:
                    36:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:A1:81:68:9C:87:EA:26:73:55:F1:F0:FD:32:5E:54:21:BD:9A:1C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/H6GBaJyH6iZzVfHw_TJeVCG9mhw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:b2:19:c4:db:5c:0e:44:4f:9f:5d:88:59:d6:2d:71:e0:63:
         d2:5e:be:79:f1:d5:be:ce:18:e5:65:97:25:e6:fd:dc:09:b7:
         f5:b7:09:da:61:eb:42:17:5f:c7:ee:b5:5e:25:ef:6b:aa:12:
         c5:05:53:70:1a:fb:af:46:19:87:09:09:45:9f:f6:60:59:94:
         16:5b:f4:be:81:a5:c0:6f:39:61:23:21:6e:03:9d:6e:6f:d9:
         5a:53:b7:56:b9:f9:93:72:e8:8f:65:f6:d7:26:d4:f0:7b:84:
         08:b3:a7:da:63:85:dd:1f:b7:87:4d:d0:5a:a0:b8:d9:ac:4a:
         82:bf:6e:be:5a:14:12:cb:cb:6b:34:1c:7a:bd:be:e2:16:38:
         3e:04:0f:6a:cc:8c:29:42:70:2f:34:52:11:4a:30:92:68:7a:
         af:11:fa:54:50:62:6c:15:e2:e5:f0:a7:e4:3f:42:02:78:bd:
         31:ec:01:52:4c:29:39:35:8a:61:f8:2a:3f:49:a2:79:77:35:
         b2:8a:1f:ed:06:3f:73:3f:37:1b:ff:50:dd:69:46:58:d3:db:
         f0:df:1a:1a:8b:26:16:7f:de:e3:3d:6b:a1:d2:5e:88:06:d2:
         b6:dd:14:fe:7b:89:f4:23:7c:ad:ae:3d:b9:b9:5a:6b:eb:5d:
         24:11:2e:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2w/UdFK0CnFwqP0Uj48AldMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIxMTcwMTIxWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmExODE2ODljODdlYTI2NzM1NWYxZjBmZDMyNWU1NDIxYmQ5YTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVP0wIy1JNDe5I3BH2XG2nKoOKzJ
tDK7A2kzbF8ZfyHwtkGOvCslkqCIjnT9N+AbZYcNpcD2EnblwLXSfSA4c5EMwBOc
vrIvXheyeufdU6QWBUUDHD70X1h4AXsava3/4+RAgSYFkoArxHUqNba8XL5cWDtG
xOtQd/t972+4djcqBc+pwtl7ZNx+UNHINfXfZt+zD3sMloEVduI0lrqabhlLT7rL
Vy7s8eyO8ChcVHsOd8SD4iZFA0eU70lZ+4ScIgMNNe7aD6p3+p7fM62ydgmynjpE
bPkW0stL4AAN3dp6I/iADwS8L15Q+2PTZPkNpw4G6uub0E8bLzlmE9o2+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+hgWich+omc1Xx8P0yXlQhvZocMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSDZHQmFKeUg2aVp6VmZId19USmVWQ0c5bWh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAht2MA0G
CSqGSIb3DQEBCwUAA4IBAQAashnE21wORE+fXYhZ1i1x4GPSXr558dW+zhjlZZcl
5v3cCbf1twnaYetCF1/H7rVeJe9rqhLFBVNwGvuvRhmHCQlFn/ZgWZQWW/S+gaXA
bzlhIyFuA51ub9laU7dWufmTcuiPZfbXJtTwe4QIs6faY4XdH7eHTdBaoLjZrEqC
v26+WhQSy8trNBx6vb7iFjg+BA9qzIwpQnAvNFIRSjCSaHqvEfpUUGJsFeLl8Kfk
P0ICeL0x7AFSTCk5NYph+Co/SaJ5dzWyih/tBj9zPzcb/1DdaUZY09vw3xoaiyYW
f97jPWuh0l6IBtK23RT+e4n0I3ytrj25uVpr610kES5E
-----END CERTIFICATE-----