Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/MCMvuW65jqIt1m7O4s5Rpl2nVFY.roa
File:                     MCMvuW65jqIt1m7O4s5Rpl2nVFY.roa (raw, json)
Hash identifier:          EyQZPWfRJmxIBMeRI3tD39h5kiPnLMDJ+whhgJvkEhY=
Subject key identifier:   30:23:2F:B9:6E:B9:8E:A2:2D:D6:6E:CE:E2:CE:51:A6:5D:A7:54:56
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D01B852E3D9E31055BC1B24306B269C9C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/MCMvuW65jqIt1m7O4s5Rpl2nVFY.roa
Signing time:             Wed 18 Mar 2026 16:12:30 +0000
ROA not before:           Wed 18 Mar 2026 16:12:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     20326
IP address blocks:        2.27.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:01:b8:52:e3:d9:e3:10:55:bc:1b:24:30:6b:26:9c:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 18 16:12:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=30232fb96eb98ea22dd66ecee2ce51a65da75456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:cd:d3:2d:11:8d:02:13:1e:2d:a2:d9:f7:e5:
                    61:1c:eb:b8:d7:c1:d8:a6:2c:55:ad:ab:4f:f3:05:
                    da:67:95:d7:85:c3:ef:98:39:b6:3d:c0:4c:a0:ff:
                    7f:59:f1:42:6b:57:fc:65:ea:9f:1f:06:de:00:84:
                    d2:84:34:7c:bd:51:ca:23:6d:50:a1:e9:23:19:85:
                    ca:f1:f9:ad:28:07:23:9c:c1:8c:54:ee:0a:b5:7b:
                    ba:30:73:6c:9c:aa:ed:4c:c7:a5:2f:e1:9f:7d:41:
                    56:05:20:73:aa:3e:f3:e6:17:55:94:27:e0:a4:92:
                    6b:9a:f9:3f:d9:18:54:3c:8b:76:5b:3d:70:1b:7f:
                    62:03:fe:47:fa:99:f7:14:f6:04:c2:aa:cd:9b:81:
                    b7:7a:cf:ee:aa:2b:d7:40:6a:11:b6:78:aa:93:4a:
                    c5:49:22:5a:3c:33:89:77:3c:89:28:1c:cd:ca:aa:
                    b8:c6:95:b9:56:2d:63:45:c9:90:20:8c:55:c1:ca:
                    0a:37:f0:df:1a:54:6a:06:0e:8f:33:3f:37:8f:4f:
                    77:25:4e:79:7c:f4:03:67:29:21:9c:bd:83:8c:a0:
                    d4:37:6d:72:57:10:c9:53:a0:55:d2:40:a3:00:d9:
                    1c:56:b9:6f:dc:a5:a2:fb:ba:26:a9:b1:df:a5:ba:
                    80:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:23:2F:B9:6E:B9:8E:A2:2D:D6:6E:CE:E2:CE:51:A6:5D:A7:54:56
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/MCMvuW65jqIt1m7O4s5Rpl2nVFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         35:10:9b:ce:3f:6e:12:c6:98:ed:76:69:32:c2:f7:d5:b5:e4:
         16:88:41:38:8c:01:20:6f:2e:cc:12:2b:36:eb:4b:d3:cf:cb:
         3c:20:c7:b3:f6:e1:22:8c:7d:6d:37:a7:9e:92:da:b3:0a:fa:
         23:5d:e0:33:71:8f:ed:2d:c7:59:1f:9f:4f:50:e1:42:59:c5:
         80:8d:e6:76:53:b8:f9:32:bd:6d:0a:32:08:3f:81:e7:6e:34:
         6e:a6:4f:ef:d4:1b:07:41:ae:5f:bc:e8:ac:46:b7:1e:c2:8f:
         34:a5:cb:ab:ae:26:da:07:d2:76:ed:2b:c5:af:30:4d:b9:d9:
         f1:cd:c1:a5:c8:ec:4d:7c:25:49:8e:cb:97:30:71:20:da:58:
         2c:d3:70:a2:eb:f6:89:ee:d1:88:0d:bc:17:8e:17:51:ec:5f:
         4a:17:88:bd:64:be:40:47:db:2e:fb:1d:6a:c7:32:ae:7c:a8:
         d9:ac:ef:95:cf:97:6a:b9:a5:37:af:9d:49:f0:3c:40:e5:0d:
         19:5a:c3:52:a4:08:5b:b0:3e:1e:69:4c:ef:1f:d0:f0:5f:b4:
         d1:8d:48:77:b0:8f:74:6d:e2:83:8b:dd:ea:cd:8d:67:92:52:
         b6:49:98:b8:00:41:d9:c6:98:98:d4:07:7d:ba:e9:05:41:a1:
         da:e9:29:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0BuFLj2eMQVbwbJDBrJpycMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE4MTYxMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDIzMmZiOTZlYjk4ZWEyMmRkNjZlY2VlMmNlNTFhNjVkYTc1NDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhs3TLRGNAhMeLaLZ9+VhHOu418HY
pixVratP8wXaZ5XXhcPvmDm2PcBMoP9/WfFCa1f8ZeqfHwbeAITShDR8vVHKI21Q
oekjGYXK8fmtKAcjnMGMVO4KtXu6MHNsnKrtTMelL+GffUFWBSBzqj7z5hdVlCfg
pJJrmvk/2RhUPIt2Wz1wG39iA/5H+pn3FPYEwqrNm4G3es/uqivXQGoRtniqk0rF
SSJaPDOJdzyJKBzNyqq4xpW5Vi1jRcmQIIxVwcoKN/DfGlRqBg6PMz83j093JU55
fPQDZykhnL2DjKDUN21yVxDJU6BV0kCjANkcVrlv3KWi+7omqbHfpbqAtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDAjL7luuY6iLdZuzuLOUaZdp1RWMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTUNNdnVXNjVqcUl0MW03TzRzNVJwbDJuVkZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCAhvQMA0G
CSqGSIb3DQEBCwUAA4IBAQA1EJvOP24SxpjtdmkywvfVteQWiEE4jAEgby7MEis2
60vTz8s8IMez9uEijH1tN6eektqzCvojXeAzcY/tLcdZH59PUOFCWcWAjeZ2U7j5
Mr1tCjIIP4HnbjRupk/v1BsHQa5fvOisRrcewo80pcurribaB9J27SvFrzBNudnx
zcGlyOxNfCVJjsuXMHEg2lgs03Ci6/aJ7tGIDbwXjhdR7F9KF4i9ZL5AR9su+x1q
xzKufKjZrO+Vz5dquaU3r51J8DxA5Q0ZWsNSpAhbsD4eaUzvH9DwX7TRjUh3sI90
beKDi93qzY1nklK2SZi4AEHZxpiY1Ad9uukFQaHa6Sl0
-----END CERTIFICATE-----