Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/IQaieMRgjeYxQzpNHkcP-0z0RB8.roa
File:                     IQaieMRgjeYxQzpNHkcP-0z0RB8.roa (raw, json)
Hash identifier:          xDDVjcWSY/R/CGUtwvhBopdd27ZdJOh0Akh5On7mcc0=
Subject key identifier:   21:06:A2:78:C4:60:8D:E6:31:43:3A:4D:1E:47:0F:FB:4C:F4:44:1F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DB60EAC82C3F66C3AB06B1C82E74B9C05
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/IQaieMRgjeYxQzpNHkcP-0z0RB8.roa
Signing time:             Wed 22 Apr 2026 16:38:28 +0000
ROA not before:           Wed 22 Apr 2026 16:38:28 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209317
IP address blocks:        2.27.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b6:0e:ac:82:c3:f6:6c:3a:b0:6b:1c:82:e7:4b:9c:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 22 16:38:28 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=2106a278c4608de631433a4d1e470ffb4cf4441f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:c0:3b:d2:e2:a3:af:91:00:0a:87:b5:22:4f:
                    ad:ac:80:96:bf:58:72:74:cc:b0:78:51:bc:35:93:
                    e7:b9:a9:0c:d3:ef:80:71:f8:5d:27:71:37:f9:66:
                    05:c8:c3:9d:9e:9a:05:92:f8:ec:a8:9b:0c:27:ee:
                    59:69:bf:56:f0:e9:fc:89:a2:b1:fc:27:91:e2:6e:
                    6a:da:31:4f:aa:86:0a:f6:87:2a:20:84:f7:4d:e6:
                    8b:0f:53:c8:3a:41:f2:97:04:63:35:2a:85:d1:12:
                    8e:2e:6e:12:eb:7c:3b:06:17:5b:ea:97:e0:3d:b4:
                    18:d8:67:af:54:e4:9b:c7:dc:bf:c4:5a:b3:48:49:
                    ae:fd:af:3b:4f:e7:bc:d3:a3:84:0b:66:09:43:7e:
                    3c:e8:6d:4a:1e:9d:8e:65:ee:14:b6:05:3f:c9:34:
                    df:ea:76:21:97:69:d4:82:f6:2d:5a:4a:09:f1:e3:
                    ba:ce:7a:1c:0b:e6:f9:46:1f:f8:68:dc:02:c0:9d:
                    48:50:dc:4f:97:f3:78:67:ed:06:14:b8:a7:cd:5b:
                    a3:70:30:97:58:ea:21:08:84:5f:0c:34:6a:fc:f7:
                    d4:3c:96:d8:a4:c8:ed:e8:a3:98:e2:ec:f0:b9:3f:
                    f2:15:87:d8:90:18:5e:1a:bb:b0:3a:f4:da:a4:98:
                    f9:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:06:A2:78:C4:60:8D:E6:31:43:3A:4D:1E:47:0F:FB:4C:F4:44:1F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/IQaieMRgjeYxQzpNHkcP-0z0RB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ad:04:50:de:71:f0:19:69:c2:09:78:f2:36:7c:45:8f:f9:d8:
         28:ea:67:4c:28:b4:52:3d:98:95:ef:c1:e5:e9:99:5b:ab:12:
         13:e1:dd:70:34:56:c5:1d:98:c3:0c:bd:18:80:8d:03:86:44:
         cf:11:27:6e:87:12:2b:b8:a3:48:9e:4d:09:9a:97:a7:30:0d:
         26:3b:81:99:da:1e:37:0c:9d:ee:18:9d:ea:b9:a1:aa:12:48:
         d0:d4:e6:1a:e0:5b:62:b8:59:75:de:a5:bc:d8:98:bd:52:bf:
         36:96:db:1d:26:09:1b:78:5a:51:1e:3a:e9:83:c3:41:4e:e5:
         62:d8:78:60:19:0f:6e:d2:a5:33:b6:b1:73:13:4a:53:9c:05:
         df:9b:3f:f5:e8:c6:a8:1a:76:f6:e1:71:a8:4b:be:65:f7:e1:
         54:a1:25:ea:8b:e8:fe:f0:84:bd:01:68:15:9d:3e:f4:63:fd:
         9f:e9:03:3f:fc:f6:05:49:e4:67:e4:e9:55:d4:16:5a:f7:8b:
         f4:28:32:58:4f:5d:c6:9c:b7:47:77:23:85:bf:5f:29:2c:95:
         46:9e:9c:7f:e1:7a:51:fa:1e:13:ac:42:c0:d4:58:8a:4a:51:
         33:13:61:a9:34:56:c4:6d:f6:a7:1a:45:0c:8c:4f:23:e4:34:
         9e:ed:66:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ22DqyCw/ZsOrBrHILnS5wFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIyMTYzODI4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTA2YTI3OGM0NjA4ZGU2MzE0MzNhNGQxZTQ3MGZmYjRjZjQ0NDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0sA70uKjr5EACoe1Ik+trICWv1hy
dMyweFG8NZPnuakM0++AcfhdJ3E3+WYFyMOdnpoFkvjsqJsMJ+5Zab9W8On8iaKx
/CeR4m5q2jFPqoYK9ocqIIT3TeaLD1PIOkHylwRjNSqF0RKOLm4S63w7Bhdb6pfg
PbQY2GevVOSbx9y/xFqzSEmu/a87T+e806OEC2YJQ3486G1KHp2OZe4UtgU/yTTf
6nYhl2nUgvYtWkoJ8eO6znocC+b5Rh/4aNwCwJ1IUNxPl/N4Z+0GFLinzVujcDCX
WOohCIRfDDRq/PfUPJbYpMjt6KOY4uzwuT/yFYfYkBheGruwOvTapJj5fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCEGonjEYI3mMUM6TR5HD/tM9EQfMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSVFhaWVNUmdqZVl4UXpwTkhrY1AtMHowUkI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtlMA0G
CSqGSIb3DQEBCwUAA4IBAQCtBFDecfAZacIJePI2fEWP+dgo6mdMKLRSPZiV78Hl
6ZlbqxIT4d1wNFbFHZjDDL0YgI0DhkTPESduhxIruKNInk0JmpenMA0mO4GZ2h43
DJ3uGJ3quaGqEkjQ1OYa4FtiuFl13qW82Ji9Ur82ltsdJgkbeFpRHjrpg8NBTuVi
2HhgGQ9u0qUztrFzE0pTnAXfmz/16MaoGnb24XGoS75l9+FUoSXqi+j+8IS9AWgV
nT70Y/2f6QM//PYFSeRn5OlV1BZa94v0KDJYT13GnLdHdyOFv18pLJVGnpx/4XpR
+h4TrELA1FiKSlEzE2GpNFbEbfanGkUMjE8j5DSe7Wao
-----END CERTIFICATE-----