Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/J2s_eHba63290wrz9-lnVdXm2NY.roa
File:                     J2s_eHba63290wrz9-lnVdXm2NY.roa (raw, json)
Hash identifier:          UWaLsOgyQ4doSj2XI8VMmNioRwjAosvKIPDeoCP3QCQ=
Subject key identifier:   27:6B:3F:78:76:DA:EB:7D:BD:D3:0A:F3:F7:E9:67:55:D5:E6:D8:D6
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DABC16F1226BF404897F5C92D92D4A0C5
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/J2s_eHba63290wrz9-lnVdXm2NY.roa
Signing time:             Mon 20 Apr 2026 16:37:53 +0000
ROA not before:           Mon 20 Apr 2026 16:37:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     206033
IP address blocks:        2.27.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:c1:6f:12:26:bf:40:48:97:f5:c9:2d:92:d4:a0:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 20 16:37:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=276b3f7876daeb7dbdd30af3f7e96755d5e6d8d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:b3:f1:1f:fe:f3:6b:ae:4d:79:f4:14:2f:41:
                    ba:c1:5a:21:48:4a:5f:36:7c:1f:45:74:f5:16:54:
                    54:7e:67:a4:47:69:00:31:06:b4:67:e2:7d:69:4f:
                    5d:c3:40:33:7a:b8:26:a4:bd:71:e5:d2:da:c3:4b:
                    09:10:4c:d0:6f:5a:77:e8:83:8f:9e:d6:c6:98:4f:
                    57:e5:7e:84:18:8a:4b:c7:2e:62:86:ce:11:71:f1:
                    a2:ec:b5:f5:05:8b:2b:53:b6:ad:17:5d:f7:b9:6f:
                    d2:6b:40:de:19:6b:28:dc:12:0a:ca:8c:e4:32:06:
                    c7:3c:8c:4b:bc:cc:ac:73:7e:ec:c3:0b:29:d4:25:
                    d5:13:4b:93:6c:3f:3d:fe:8c:5f:0b:62:9b:3d:0d:
                    fb:a9:da:59:ae:fb:8a:83:78:59:7d:db:75:48:63:
                    07:90:b0:30:cd:75:f7:88:09:d4:aa:d2:6a:9d:db:
                    63:47:04:3e:f2:48:ae:4a:d1:8e:1c:a5:1b:6c:78:
                    b1:6a:b8:b1:09:4f:04:13:a3:d5:2e:43:21:9c:3d:
                    0b:c6:85:9b:e1:52:55:1e:4c:7f:88:e2:dd:f3:5c:
                    29:49:53:7e:e1:f7:32:82:7c:d1:cd:2e:87:6a:d5:
                    e4:89:b3:a2:c2:66:da:64:6a:94:e9:6b:5d:2d:83:
                    71:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:6B:3F:78:76:DA:EB:7D:BD:D3:0A:F3:F7:E9:67:55:D5:E6:D8:D6
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/J2s_eHba63290wrz9-lnVdXm2NY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:f9:4d:c9:20:ea:af:40:e1:4f:7d:62:c6:26:eb:cc:9f:74:
         e0:6a:ff:35:01:d6:af:79:d6:c7:05:1e:9a:dd:aa:3a:3c:0b:
         00:6c:48:52:17:8f:ec:8b:94:fc:0c:2c:dc:bf:f8:84:e9:48:
         76:45:63:32:2f:e2:1f:e9:50:cc:5b:d1:2f:63:f9:f0:01:e4:
         cf:22:89:c8:ad:35:bf:d9:f9:67:c4:37:ab:56:37:d3:d5:7f:
         fc:ce:60:3e:18:d2:f7:0b:51:36:97:63:f2:89:0b:d2:13:b1:
         50:85:bb:7f:df:cf:a0:b9:61:ef:6b:6c:61:dc:79:4b:bb:de:
         90:9b:9b:32:44:2f:ba:43:09:a5:5d:f2:f8:60:93:6a:e4:b5:
         26:16:b3:5b:23:37:a3:5e:0f:d6:d3:47:75:79:e1:4b:37:d6:
         6a:d5:3c:db:5f:92:fa:fb:90:f4:e9:0b:ad:86:bb:39:13:bf:
         63:00:2e:87:5d:39:d0:62:75:99:d4:48:8b:84:2b:41:25:cd:
         23:a9:17:f0:e6:ec:66:b1:ed:72:bf:4b:95:d6:09:17:bd:36:
         ca:81:7f:32:e6:c3:1c:6a:3e:e8:b9:77:7c:d8:79:d1:d1:07:
         e8:68:cc:5d:12:64:95:da:7a:6b:e1:32:9f:d1:55:fc:84:23:
         13:bf:5a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rwW8SJr9ASJf1yS2S1KDFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIwMTYzNzUzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzZiM2Y3ODc2ZGFlYjdkYmRkMzBhZjNmN2U5Njc1NWQ1ZTZkOGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr7PxH/7za65NefQUL0G6wVohSEpf
NnwfRXT1FlRUfmekR2kAMQa0Z+J9aU9dw0AzergmpL1x5dLaw0sJEEzQb1p36IOP
ntbGmE9X5X6EGIpLxy5ihs4RcfGi7LX1BYsrU7atF133uW/Sa0DeGWso3BIKyozk
MgbHPIxLvMysc37swwsp1CXVE0uTbD89/oxfC2KbPQ37qdpZrvuKg3hZfdt1SGMH
kLAwzXX3iAnUqtJqndtjRwQ+8kiuStGOHKUbbHixarixCU8EE6PVLkMhnD0LxoWb
4VJVHkx/iOLd81wpSVN+4fcygnzRzS6HatXkibOiwmbaZGqU6WtdLYNxfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCdrP3h22ut9vdMK8/fpZ1XV5tjWMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvSjJzX2VIYmE2MzI5MHdyejktbG5WZFhtMk5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhv6MA0G
CSqGSIb3DQEBCwUAA4IBAQAi+U3JIOqvQOFPfWLGJuvMn3Tgav81AdavedbHBR6a
3ao6PAsAbEhSF4/si5T8DCzcv/iE6Uh2RWMyL+If6VDMW9EvY/nwAeTPIonIrTW/
2flnxDerVjfT1X/8zmA+GNL3C1E2l2PyiQvSE7FQhbt/38+guWHva2xh3HlLu96Q
m5syRC+6QwmlXfL4YJNq5LUmFrNbIzejXg/W00d1eeFLN9Zq1TzbX5L6+5D06Qut
hrs5E79jAC6HXTnQYnWZ1EiLhCtBJc0jqRfw5uxmse1yv0uV1gkXvTbKgX8y5sMc
aj7ouXd82HnR0QfoaMxdEmSV2npr4TKf0VX8hCMTv1pL
-----END CERTIFICATE-----