Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UbDWkHIKI8Hicf85tKylD8FTRyQ.roa
File:                     UbDWkHIKI8Hicf85tKylD8FTRyQ.roa (raw, json)
Hash identifier:          ApR9i8ogBhgAmgTbv60g/UQTjfChhdOBvpjephu0MUo=
Subject key identifier:   51:B0:D6:90:72:0A:23:C1:E2:71:FF:39:B4:AC:A5:0F:C1:53:47:24
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E5E39AA1D2A5E237A26062D0B3C0DBCC1
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UbDWkHIKI8Hicf85tKylD8FTRyQ.roa
Signing time:             Mon 25 May 2026 08:21:37 +0000
ROA not before:           Mon 25 May 2026 08:21:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4766
IP address blocks:        2.27.212.0/23 maxlen: 24
                          31.77.182.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jun 2026 21:05:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:5e:39:aa:1d:2a:5e:23:7a:26:06:2d:0b:3c:0d:bc:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May 25 08:21:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=51b0d690720a23c1e271ff39b4aca50fc1534724
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:32:74:01:81:67:25:04:bd:93:f2:56:22:78:
                    3b:72:fd:69:cc:fd:25:6c:10:e9:43:bc:68:46:22:
                    67:a4:f3:0a:04:d9:fa:e9:bb:65:16:25:fd:41:4a:
                    53:f7:22:5b:3f:e4:6b:60:34:36:92:98:86:a0:69:
                    c5:dd:4f:b3:3b:7d:2c:03:87:cc:4d:88:97:14:05:
                    69:c4:9c:cb:fc:4b:cf:4b:5b:09:ca:78:54:d8:c0:
                    94:7e:b3:65:7a:a9:31:e9:26:1a:8f:ac:7a:fd:59:
                    98:ee:cd:26:f2:90:6b:b6:d3:50:8e:88:ad:a8:1a:
                    ec:ce:19:33:e3:0c:37:32:1c:57:3b:82:d5:bf:21:
                    e9:96:5e:49:1a:4b:5c:e1:28:ac:4e:cb:2f:67:bb:
                    e0:07:83:90:61:40:dc:ab:33:de:ad:58:66:a1:aa:
                    85:a0:67:92:b6:ea:c5:3a:bd:10:16:27:aa:66:fd:
                    6e:d9:6b:b1:36:cf:26:6f:18:22:17:40:cb:55:9c:
                    9d:d5:17:74:ed:3b:83:61:a8:7f:b7:98:7d:8e:da:
                    41:44:d0:55:95:a1:ac:3b:84:db:63:7d:92:2a:7a:
                    fb:d3:e2:b6:d4:59:e8:e1:96:2b:01:76:29:28:ef:
                    38:b9:21:35:7f:d3:0a:a3:0c:95:2a:bb:c9:b0:83:
                    d3:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:B0:D6:90:72:0A:23:C1:E2:71:FF:39:B4:AC:A5:0F:C1:53:47:24
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/UbDWkHIKI8Hicf85tKylD8FTRyQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.212.0/23
                  31.77.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:81:c1:27:69:38:d1:30:a9:96:5b:50:a3:e8:12:c8:98:08:
         4a:f5:ab:d9:b2:1e:f0:bb:7f:51:40:07:a9:eb:a4:7d:ef:d4:
         f5:33:98:d1:e4:b4:c0:64:0e:ff:d8:91:02:4d:a1:75:04:99:
         62:a1:2e:16:c7:3c:95:17:88:76:5e:3c:21:d1:f3:77:06:e1:
         ea:05:85:78:c6:b2:75:bf:74:12:13:ec:04:f8:a5:2e:cb:df:
         e2:17:c2:ae:34:16:dc:78:a9:73:90:1d:00:fc:41:d3:25:9c:
         4a:f9:02:b7:54:8b:ae:09:6d:57:ba:88:10:12:65:4e:24:c2:
         03:00:a8:12:bf:7e:a0:d9:fc:61:3b:90:14:c7:f1:bb:23:4d:
         b8:60:85:b5:7f:1c:f9:82:ba:bc:56:f7:d1:ea:f2:2e:63:a5:
         89:bc:85:bd:49:30:91:68:91:1e:be:64:b1:75:6b:2c:4c:d1:
         26:c6:d0:0b:b5:54:08:f3:58:59:8c:59:2b:70:b5:73:6e:ad:
         d5:e6:2a:de:0c:aa:f8:22:e7:f1:be:ed:61:93:1c:0f:8f:2e:
         49:47:12:00:2e:fc:38:ef:2c:f3:2d:a1:47:34:64:80:34:f1:
         25:d9:92:30:b7:12:93:98:39:57:33:64:fe:1a:43:5f:d3:bd:
         63:07:6e:cc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ5eOaodKl4jeiYGLQs8DbzBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTI1MDgyMTM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWIwZDY5MDcyMGEyM2MxZTI3MWZmMzliNGFjYTUwZmMxNTM0NzI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyTJ0AYFnJQS9k/JWIng7cv1pzP0l
bBDpQ7xoRiJnpPMKBNn66btlFiX9QUpT9yJbP+RrYDQ2kpiGoGnF3U+zO30sA4fM
TYiXFAVpxJzL/EvPS1sJynhU2MCUfrNleqkx6SYaj6x6/VmY7s0m8pBrttNQjoit
qBrszhkz4ww3MhxXO4LVvyHpll5JGktc4SisTssvZ7vgB4OQYUDcqzPerVhmoaqF
oGeSturFOr0QFieqZv1u2WuxNs8mbxgiF0DLVZyd1Rd07TuDYah/t5h9jtpBRNBV
laGsO4TbY32SKnr70+K21Fno4ZYrAXYpKO84uSE1f9MKowyVKrvJsIPTtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFGw1pByCiPB4nH/ObSspQ/BU0ckMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvVWJEV2tISUtJOEhpY2Y4NXRLeWxEOEZUUnlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBAhvUAwQB
H022MA0GCSqGSIb3DQEBCwUAA4IBAQCWgcEnaTjRMKmWW1Cj6BLImAhK9avZsh7w
u39RQAep66R979T1M5jR5LTAZA7/2JECTaF1BJlioS4WxzyVF4h2Xjwh0fN3BuHq
BYV4xrJ1v3QSE+wE+KUuy9/iF8KuNBbceKlzkB0A/EHTJZxK+QK3VIuuCW1XuogQ
EmVOJMIDAKgSv36g2fxhO5AUx/G7I024YIW1fxz5grq8VvfR6vIuY6WJvIW9STCR
aJEevmSxdWssTNEmxtALtVQI81hZjFkrcLVzbq3V5ireDKr4Iufxvu1hkxwPjy5J
RxIALvw47yzzLaFHNGSANPEl2ZIwtxKTmDlXM2T+GkNf071jB27M
-----END CERTIFICATE-----