Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NZuOQGamwSKNyB9hXldt6vll08g.roa
File:                     NZuOQGamwSKNyB9hXldt6vll08g.roa (raw, json)
Hash identifier:          JIZqgEk/8lxvahm9FMjzIuPWEByYJWmM/yckzk5uADo=
Subject key identifier:   35:9B:8E:40:66:A6:C1:22:8D:C8:1F:61:5E:57:6D:EA:F9:65:D3:C8
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF010DCEA6B7BC8585F954579103CAD92
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NZuOQGamwSKNyB9hXldt6vll08g.roa
Signing time:             Sun 03 May 2026 22:58:50 +0000
ROA not before:           Sun 03 May 2026 22:58:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201136
IP address blocks:        2.27.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f0:10:dc:ea:6b:7b:c8:58:5f:95:45:79:10:3c:ad:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  3 22:58:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=359b8e4066a6c1228dc81f615e576deaf965d3c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:12:b1:55:ac:aa:6b:1d:36:f4:ee:66:f4:22:
                    ad:53:e8:57:f6:f2:04:04:13:ad:3b:6d:22:7a:81:
                    dc:0b:fd:b6:52:3e:5b:ab:d6:6e:2e:57:0a:2b:21:
                    c5:e3:6c:64:66:02:cd:be:7c:ad:54:5c:0b:0d:db:
                    48:39:86:51:96:80:d0:56:44:39:94:76:76:c6:48:
                    2f:ca:8d:43:b8:51:25:2d:b2:36:5c:42:44:4f:fe:
                    ae:97:91:fb:67:f2:29:e7:da:3b:a6:c6:4a:2e:ae:
                    9e:53:47:39:3d:4d:a1:08:7d:a4:1f:ec:92:1b:bf:
                    02:be:19:34:07:62:1c:9e:fa:a3:e5:4a:7d:39:fe:
                    29:49:c3:d9:c3:ec:d6:9a:0b:33:07:7f:55:24:f8:
                    c1:e4:04:72:4a:8e:1f:5d:07:84:ef:76:39:30:d0:
                    ed:ec:b0:e3:09:93:8e:6b:58:7b:8d:17:25:1c:69:
                    41:52:53:a3:24:78:bf:8f:1b:58:12:f1:78:5d:5d:
                    52:6d:d2:6f:56:da:47:25:19:ad:66:8d:da:61:45:
                    50:b8:04:a1:6e:42:d4:96:c7:ac:3b:8c:4c:c6:66:
                    8d:de:3e:31:e4:e0:d5:77:6f:48:5f:90:56:71:a3:
                    36:f7:8a:4f:db:cb:db:88:98:25:54:56:a3:62:03:
                    ba:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                35:9B:8E:40:66:A6:C1:22:8D:C8:1F:61:5E:57:6D:EA:F9:65:D3:C8
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/NZuOQGamwSKNyB9hXldt6vll08g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:f1:de:11:b1:95:15:af:e3:9c:fc:6e:70:16:4f:14:78:1f:
         32:71:2a:1c:fd:3f:bd:cc:cc:a6:f2:a2:6b:79:a4:02:ce:b1:
         ac:12:c9:c0:24:0c:df:ad:f5:81:90:fc:6a:17:88:f3:28:6f:
         26:db:07:84:2a:24:96:df:1f:f6:80:92:61:39:13:80:cf:ee:
         93:e1:29:42:17:28:b1:77:ab:86:95:1e:ec:10:8b:9f:d3:80:
         11:3d:c3:91:d7:df:06:aa:8c:d7:06:59:6b:b3:2a:cf:08:da:
         96:2d:52:bd:1a:e3:73:f3:63:66:ce:a4:56:a9:ba:a6:fc:64:
         1d:1c:5c:97:9b:e4:0c:5d:97:40:cc:41:e3:8a:b2:81:f1:93:
         f1:94:6c:8b:7a:72:dd:14:99:f3:8e:a1:cc:01:00:c6:9e:51:
         0f:12:81:9a:87:55:91:4e:6c:45:be:7b:ca:54:37:8f:fe:03:
         8b:dd:37:e9:5b:c0:a9:79:15:05:11:53:48:d4:64:ed:e2:51:
         e3:ad:f7:01:f8:21:f1:55:d0:dc:5f:97:2d:c1:6e:8a:8b:73:
         ed:62:eb:9e:25:9d:b5:e5:51:92:3c:50:46:d4:00:eb:8a:f9:
         98:a1:81:89:41:dd:a9:ac:c7:7a:92:3f:e3:0f:9c:5b:e4:ae:
         0e:a0:14:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3wENzqa3vIWF+VRXkQPK2SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAzMjI1ODUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNTliOGU0MDY2YTZjMTIyOGRjODFmNjE1ZTU3NmRlYWY5NjVkM2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2RKxVayqax029O5m9CKtU+hX9vIE
BBOtO20ieoHcC/22Uj5bq9ZuLlcKKyHF42xkZgLNvnytVFwLDdtIOYZRloDQVkQ5
lHZ2xkgvyo1DuFElLbI2XEJET/6ul5H7Z/Ip59o7psZKLq6eU0c5PU2hCH2kH+yS
G78Cvhk0B2Icnvqj5Up9Of4pScPZw+zWmgszB39VJPjB5ARySo4fXQeE73Y5MNDt
7LDjCZOOa1h7jRclHGlBUlOjJHi/jxtYEvF4XV1SbdJvVtpHJRmtZo3aYUVQuASh
bkLUlsesO4xMxmaN3j4x5ODVd29IX5BWcaM294pP28vbiJglVFajYgO6IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDWbjkBmpsEijcgfYV5Xber5ZdPIMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvTlp1T1FHYW13U0tOeUI5aFhsZHQ2dmxsMDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhttMA0G
CSqGSIb3DQEBCwUAA4IBAQBz8d4RsZUVr+Oc/G5wFk8UeB8ycSoc/T+9zMym8qJr
eaQCzrGsEsnAJAzfrfWBkPxqF4jzKG8m2weEKiSW3x/2gJJhOROAz+6T4SlCFyix
d6uGlR7sEIuf04ARPcOR198GqozXBllrsyrPCNqWLVK9GuNz82NmzqRWqbqm/GQd
HFyXm+QMXZdAzEHjirKB8ZPxlGyLenLdFJnzjqHMAQDGnlEPEoGah1WRTmxFvnvK
VDeP/gOL3TfpW8CpeRUFEVNI1GTt4lHjrfcB+CHxVdDcX5ctwW6Ki3PtYuueJZ21
5VGSPFBG1ADrivmYoYGJQd2prMd6kj/jD5xb5K4OoBTx
-----END CERTIFICATE-----