Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TaJjlLdvlvv_fVgEy-PoJNOYfZU.roa
File:                     TaJjlLdvlvv_fVgEy-PoJNOYfZU.roa (raw, json)
Hash identifier:          mmAklv2Vp2vggUhMXHor2TIMJLDfiU9HsllsPKeb+MI=
Subject key identifier:   4D:A2:63:94:B7:6F:96:FB:FF:7D:58:04:CB:E3:E8:24:D3:98:7D:95
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CF2796D859A68ACD44636D476B51E538F
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TaJjlLdvlvv_fVgEy-PoJNOYfZU.roa
Signing time:             Sun 15 Mar 2026 17:09:29 +0000
ROA not before:           Sun 15 Mar 2026 17:09:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215468
IP address blocks:        2.27.88.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f2:79:6d:85:9a:68:ac:d4:46:36:d4:76:b5:1e:53:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 15 17:09:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4da26394b76f96fbff7d5804cbe3e824d3987d95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:f2:c0:3f:04:8b:e8:d7:a5:c5:1f:aa:11:56:
                    72:39:8e:2a:af:e0:30:1e:3d:d7:2a:16:0a:25:39:
                    e5:c9:0c:68:00:49:3b:4e:20:81:c9:60:60:53:81:
                    5b:63:f0:82:b6:ba:b6:70:41:32:4e:d3:1c:2b:41:
                    90:24:af:de:5a:df:bf:d6:13:fd:92:b3:ef:14:43:
                    f0:be:83:5c:b9:fb:32:36:84:6d:4c:f1:4b:ae:e1:
                    c6:82:b2:0f:33:ff:24:4a:8e:08:52:b0:1c:84:9b:
                    9c:39:2d:54:f9:0f:ab:3d:15:c7:24:05:36:60:6c:
                    33:d6:ca:e6:72:00:19:f1:c8:a3:12:12:7f:0b:96:
                    7a:e1:8c:4b:d4:69:58:b8:c6:8f:a4:b3:41:f7:bf:
                    c4:ad:34:35:6d:22:25:c6:41:bb:20:66:90:30:92:
                    d5:bf:f8:32:15:94:37:1c:47:82:8e:23:10:bb:64:
                    bb:c5:3e:0d:1f:66:63:a9:7d:3b:3c:30:0b:4e:71:
                    8d:07:09:50:3a:de:92:a7:3c:2b:51:d0:16:a8:1e:
                    8a:1e:97:38:d9:9d:05:84:17:1e:c6:fb:8c:97:89:
                    11:0f:79:f5:39:50:81:d1:47:5e:e7:20:e5:16:2f:
                    5c:39:80:e9:c6:55:3e:d8:4c:06:cc:13:b4:b7:b6:
                    bc:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:A2:63:94:B7:6F:96:FB:FF:7D:58:04:CB:E3:E8:24:D3:98:7D:95
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/TaJjlLdvlvv_fVgEy-PoJNOYfZU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:0c:59:a9:df:43:b8:d2:ed:ab:af:38:bf:c1:6b:47:02:35:
         f0:7f:82:6b:fd:3c:b1:db:22:f4:95:bf:47:dd:d2:d5:9b:10:
         75:27:80:97:92:86:06:3e:cd:32:55:a5:19:05:61:67:4e:c1:
         9b:45:49:14:3d:88:47:e7:7c:74:60:da:6c:e6:00:73:2e:d1:
         27:62:a7:51:4f:34:fc:6a:b9:05:ed:75:5c:1a:74:93:29:9c:
         19:e5:e6:cc:77:bf:55:b0:10:d3:8f:2a:fa:13:2b:0b:f1:91:
         bd:e3:18:76:2b:e8:d9:10:39:17:26:c1:53:53:e1:2a:14:c9:
         b2:8c:ed:37:06:c1:5d:58:73:e1:37:2c:bd:2f:19:10:c4:42:
         5b:b7:73:d2:06:e6:13:c6:96:9e:4f:bd:a3:14:0d:d6:1c:19:
         77:85:1d:57:8a:bd:e1:a7:71:fd:9b:85:a7:3e:6a:4a:ef:bc:
         3a:34:b0:56:c0:80:74:b7:75:8d:cf:b5:0d:77:3a:83:0e:a5:
         af:99:58:36:27:91:0e:f8:bf:76:08:e6:a5:50:54:ab:a4:a9:
         91:ea:4f:81:b2:de:b4:2b:54:84:27:b1:bf:57:c0:fa:90:60:
         c8:20:9d:1f:67:93:a0:71:5f:b5:4c:50:37:b8:ac:7f:2a:4f:
         c8:42:7e:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzyeW2Fmmis1EY21Ha1HlOPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE1MTcwOTI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGEyNjM5NGI3NmY5NmZiZmY3ZDU4MDRjYmUzZTgyNGQzOTg3ZDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2/LAPwSL6NelxR+qEVZyOY4qr+Aw
Hj3XKhYKJTnlyQxoAEk7TiCByWBgU4FbY/CCtrq2cEEyTtMcK0GQJK/eWt+/1hP9
krPvFEPwvoNcufsyNoRtTPFLruHGgrIPM/8kSo4IUrAchJucOS1U+Q+rPRXHJAU2
YGwz1srmcgAZ8cijEhJ/C5Z64YxL1GlYuMaPpLNB97/ErTQ1bSIlxkG7IGaQMJLV
v/gyFZQ3HEeCjiMQu2S7xT4NH2ZjqX07PDALTnGNBwlQOt6SpzwrUdAWqB6KHpc4
2Z0FhBcexvuMl4kRD3n1OVCB0Ude5yDlFi9cOYDpxlU+2EwGzBO0t7a82QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2iY5S3b5b7/31YBMvj6CTTmH2VMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVGFKamxMZHZsdnZfZlZnRXktUG9KTk9ZZlpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtYMA0G
CSqGSIb3DQEBCwUAA4IBAQBQDFmp30O40u2rrzi/wWtHAjXwf4Jr/Tyx2yL0lb9H
3dLVmxB1J4CXkoYGPs0yVaUZBWFnTsGbRUkUPYhH53x0YNps5gBzLtEnYqdRTzT8
arkF7XVcGnSTKZwZ5ebMd79VsBDTjyr6EysL8ZG94xh2K+jZEDkXJsFTU+EqFMmy
jO03BsFdWHPhNyy9LxkQxEJbt3PSBuYTxpaeT72jFA3WHBl3hR1Xir3hp3H9m4Wn
PmpK77w6NLBWwIB0t3WNz7UNdzqDDqWvmVg2J5EO+L92COalUFSrpKmR6k+Bst60
K1SEJ7G/V8D6kGDIIJ0fZ5OgcV+1TFA3uKx/Kk/IQn6+
-----END CERTIFICATE-----