Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/WCf6OkLKF4jzFB7wmYZ0Ftoxt4o.roa
File:                     WCf6OkLKF4jzFB7wmYZ0Ftoxt4o.roa (raw, json)
Hash identifier:          kNddAWgQQcMUTq3zUF5cytVX6vO8kprJ4BpjBbJyldk=
Subject key identifier:   58:27:FA:3A:42:CA:17:88:F3:14:1E:F0:99:86:74:16:DA:31:B7:8A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DABC16FCFB7AEACCA5E6F70AA06C10BB7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/WCf6OkLKF4jzFB7wmYZ0Ftoxt4o.roa
Signing time:             Mon 20 Apr 2026 16:37:54 +0000
ROA not before:           Mon 20 Apr 2026 16:37:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215240
IP address blocks:        2.26.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:c1:6f:cf:b7:ae:ac:ca:5e:6f:70:aa:06:c1:0b:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 20 16:37:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5827fa3a42ca1788f3141ef099867416da31b78a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:17:b4:70:86:bd:f0:3f:8e:ff:33:eb:0a:54:
                    01:3a:d5:61:5a:60:53:ce:e5:36:7d:03:7f:b7:61:
                    9e:86:0c:e5:30:f5:32:b8:35:a2:0d:9d:a5:17:10:
                    cc:70:fb:d6:f8:ac:74:4c:9b:8b:df:bf:c9:82:da:
                    b1:6c:de:f6:54:10:c7:5e:c0:00:af:b0:bd:86:28:
                    74:b8:0c:5a:9a:51:56:56:e8:9d:f7:2c:a0:f6:2f:
                    07:5f:c4:1e:61:14:3e:9f:88:64:09:c0:91:0f:4a:
                    5b:bb:75:af:82:8b:24:7c:72:bd:37:f1:03:84:6e:
                    b9:0f:0b:d4:7c:f0:d0:bd:ec:de:ae:71:25:bb:0a:
                    02:18:1d:0f:b7:81:10:fe:c4:8f:c8:32:d0:86:a9:
                    c3:f7:1a:52:c7:19:ce:36:54:70:47:b4:c4:af:0c:
                    26:9d:af:4f:21:8e:8d:b8:94:09:9f:ad:a9:a9:13:
                    8c:ed:b4:81:4f:c1:de:8d:8c:ff:42:f2:81:e0:8f:
                    c6:ce:03:13:ae:7a:df:e6:2a:b6:26:75:1d:d1:73:
                    55:46:f5:5b:6f:13:6b:b9:bc:ea:f6:b3:5c:78:44:
                    b1:02:97:80:eb:a3:dd:0c:c0:e9:3a:88:69:72:7b:
                    e0:f1:d4:65:2c:43:d8:c5:3d:48:92:d9:0e:98:31:
                    82:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:27:FA:3A:42:CA:17:88:F3:14:1E:F0:99:86:74:16:DA:31:B7:8A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/WCf6OkLKF4jzFB7wmYZ0Ftoxt4o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:1b:54:46:00:a6:77:77:2e:17:13:8c:35:1a:f9:58:e5:b2:
         62:ec:4e:53:4d:78:ef:1a:3f:01:37:53:0c:47:b4:0a:76:a7:
         a3:c3:b2:38:13:fb:c4:0c:c5:6c:84:68:e4:d9:f4:b0:86:4e:
         3b:70:08:a4:b3:04:dd:45:c4:3f:80:d3:ea:3e:04:0f:60:17:
         3e:7b:fe:9e:d8:c2:71:3e:bd:02:ed:d4:d7:a5:13:57:59:62:
         ec:ef:c7:b2:c5:b4:fd:c1:69:41:8f:48:ba:dd:a7:94:69:09:
         7f:24:8e:14:92:bf:f7:f8:50:82:90:4f:bc:a8:d2:df:11:b2:
         a3:de:20:74:2c:c5:ef:d8:d5:d9:c3:71:a3:8f:b6:ed:7c:be:
         41:c2:c3:01:8f:1b:56:58:2b:4a:91:74:f7:25:dd:70:78:8f:
         90:6f:64:8c:61:be:88:42:5a:42:e4:56:22:7e:01:23:3f:f7:
         e1:db:c7:57:43:cf:5e:35:21:bb:bd:9a:2a:55:e0:3e:61:ca:
         c1:b3:6c:83:14:8d:8e:2a:ef:c8:5a:c6:87:06:33:41:51:e2:
         32:57:22:e2:c9:0b:f4:96:44:a5:03:65:93:da:0c:5a:95:fb:
         6d:2d:8e:d5:1f:9f:45:8b:fa:57:d9:17:a2:af:fb:a7:0a:55:
         f6:c3:d2:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rwW/Pt66syl5vcKoGwQu3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIwMTYzNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODI3ZmEzYTQyY2ExNzg4ZjMxNDFlZjA5OTg2NzQxNmRhMzFiNzhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxhe0cIa98D+O/zPrClQBOtVhWmBT
zuU2fQN/t2GehgzlMPUyuDWiDZ2lFxDMcPvW+Kx0TJuL37/JgtqxbN72VBDHXsAA
r7C9hih0uAxamlFWVuid9yyg9i8HX8QeYRQ+n4hkCcCRD0pbu3WvgoskfHK9N/ED
hG65DwvUfPDQvezernEluwoCGB0Pt4EQ/sSPyDLQhqnD9xpSxxnONlRwR7TErwwm
na9PIY6NuJQJn62pqROM7bSBT8HejYz/QvKB4I/GzgMTrnrf5iq2JnUd0XNVRvVb
bxNrubzq9rNceESxApeA66PdDMDpOohpcnvg8dRlLEPYxT1IktkOmDGC+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgn+jpCyheI8xQe8JmGdBbaMbeKMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvV0NmNk9rTEtGNGp6RkI3d21ZWjBGdG94dDRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqwMA0G
CSqGSIb3DQEBCwUAA4IBAQACG1RGAKZ3dy4XE4w1GvlY5bJi7E5TTXjvGj8BN1MM
R7QKdqejw7I4E/vEDMVshGjk2fSwhk47cAikswTdRcQ/gNPqPgQPYBc+e/6e2MJx
Pr0C7dTXpRNXWWLs78eyxbT9wWlBj0i63aeUaQl/JI4Ukr/3+FCCkE+8qNLfEbKj
3iB0LMXv2NXZw3Gjj7btfL5BwsMBjxtWWCtKkXT3Jd1weI+Qb2SMYb6IQlpC5FYi
fgEjP/fh28dXQ89eNSG7vZoqVeA+YcrBs2yDFI2OKu/IWsaHBjNBUeIyVyLiyQv0
lkSlA2WT2gxalfttLY7VH59Fi/pX2Reir/unClX2w9Ig
-----END CERTIFICATE-----