Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XbO-vluNKuUNAwGC-9jMKZnrsr8.roa
File:                     XbO-vluNKuUNAwGC-9jMKZnrsr8.roa (raw, json)
Hash identifier:          ti7HfvxOi4zcImb0mEp8Op8iUWqPJpVOPrDFfBXu5pk=
Subject key identifier:   5D:B3:BE:BE:5B:8D:2A:E5:0D:03:01:82:FB:D8:CC:29:99:EB:B2:BF
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019ED7C14989665ACCE769C474A247C0B100
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XbO-vluNKuUNAwGC-9jMKZnrsr8.roa
Signing time:             Wed 17 Jun 2026 22:43:49 +0000
ROA not before:           Wed 17 Jun 2026 22:43:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     213711
IP address blocks:        2.27.111.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:d7:c1:49:89:66:5a:cc:e7:69:c4:74:a2:47:c0:b1:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 17 22:43:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5db3bebe5b8d2ae50d030182fbd8cc2999ebb2bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:c3:3d:50:c3:02:60:37:65:56:d1:c5:a2:34:
                    fa:cd:4b:41:77:7f:a1:88:45:3a:8b:31:99:1d:83:
                    c6:bf:b3:40:42:58:06:20:e9:8b:90:3d:b3:7b:0d:
                    11:5f:85:50:21:42:8a:40:b9:38:17:9b:67:c9:ca:
                    5a:ad:56:1a:98:49:55:65:3f:8a:68:ac:56:a0:58:
                    6e:19:1a:4a:a0:d2:08:87:c4:b5:15:ed:75:3a:7f:
                    6f:86:13:85:69:b3:19:fc:b8:b1:15:6b:49:6b:60:
                    eb:15:8c:a4:b8:81:fe:d5:75:ab:85:fa:0e:a7:3d:
                    9b:99:41:3a:18:e0:c3:59:2b:d7:9e:3a:d9:8d:04:
                    56:3d:e6:0c:92:2e:11:19:fe:b2:00:73:cb:cb:7d:
                    9c:1d:0b:26:3d:4d:e6:51:2e:d6:00:5d:ab:61:88:
                    21:da:61:d7:2e:f1:99:60:3f:3b:a2:4e:79:9d:92:
                    b0:32:67:05:ad:b2:b7:11:93:a3:51:3c:68:f9:b0:
                    8e:5b:59:ba:56:10:d3:85:cf:15:af:88:1b:5c:b1:
                    f8:00:4c:b0:d3:4a:a8:a7:94:f5:51:a6:ec:7b:43:
                    06:00:a3:50:e8:02:7a:15:a1:b2:4c:4e:3d:9d:58:
                    de:b8:77:5b:4d:63:62:9f:6a:e4:88:e1:fb:08:63:
                    06:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:B3:BE:BE:5B:8D:2A:E5:0D:03:01:82:FB:D8:CC:29:99:EB:B2:BF
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XbO-vluNKuUNAwGC-9jMKZnrsr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:60:66:8a:5e:46:61:d8:37:99:f2:76:43:c4:31:1c:74:9b:
         78:e8:7b:26:27:a7:47:48:69:98:b0:59:09:ec:1f:01:82:aa:
         ff:2e:01:63:cf:42:80:73:86:d4:1f:9a:f4:c4:dd:bb:01:aa:
         96:5a:27:8d:b5:5e:72:46:e9:da:67:36:15:c4:a6:12:d3:b3:
         7e:9c:c7:59:94:19:bb:57:01:79:04:df:82:13:16:98:6e:06:
         41:0c:3e:ea:1c:59:2a:73:70:c0:7d:5d:52:37:96:f3:f0:5f:
         9e:ce:05:c6:8c:8b:ed:15:c7:c3:f9:80:16:82:99:06:81:6e:
         06:eb:2f:ee:23:7c:c6:52:d7:8d:b1:08:e9:0c:e5:55:ed:2e:
         a3:8c:15:0e:f5:81:77:da:88:b7:1c:44:7e:73:bb:2f:7e:42:
         29:d2:81:59:94:d0:17:98:8a:16:49:05:a6:35:1e:74:80:5a:
         0e:be:c4:07:47:b1:f4:1f:d4:6c:51:14:e2:15:44:10:4e:e0:
         7c:5c:8e:63:79:d1:b2:76:0b:1b:b1:ce:cc:43:45:d5:4f:2c:
         a5:92:0a:23:b2:fc:78:dd:e3:8e:1f:2d:26:9b:26:d4:a5:20:
         e3:37:60:5b:1b:c6:78:6e:59:9a:00:10:76:da:79:a5:fd:4e:
         51:8f:c7:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7XwUmJZlrM52nEdKJHwLEAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjE3MjI0MzQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGIzYmViZTViOGQyYWU1MGQwMzAxODJmYmQ4Y2MyOTk5ZWJiMmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxcM9UMMCYDdlVtHFojT6zUtBd3+h
iEU6izGZHYPGv7NAQlgGIOmLkD2zew0RX4VQIUKKQLk4F5tnycparVYamElVZT+K
aKxWoFhuGRpKoNIIh8S1Fe11On9vhhOFabMZ/LixFWtJa2DrFYykuIH+1XWrhfoO
pz2bmUE6GODDWSvXnjrZjQRWPeYMki4RGf6yAHPLy32cHQsmPU3mUS7WAF2rYYgh
2mHXLvGZYD87ok55nZKwMmcFrbK3EZOjUTxo+bCOW1m6VhDThc8Vr4gbXLH4AEyw
00qop5T1Uabse0MGAKNQ6AJ6FaGyTE49nVjeuHdbTWNin2rkiOH7CGMGVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF2zvr5bjSrlDQMBgvvYzCmZ67K/MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWGJPLXZsdU5LdVVOQXdHQy05ak1LWm5yc3I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtvMA0G
CSqGSIb3DQEBCwUAA4IBAQAZYGaKXkZh2DeZ8nZDxDEcdJt46HsmJ6dHSGmYsFkJ
7B8Bgqr/LgFjz0KAc4bUH5r0xN27AaqWWieNtV5yRunaZzYVxKYS07N+nMdZlBm7
VwF5BN+CExaYbgZBDD7qHFkqc3DAfV1SN5bz8F+ezgXGjIvtFcfD+YAWgpkGgW4G
6y/uI3zGUteNsQjpDOVV7S6jjBUO9YF32oi3HER+c7svfkIp0oFZlNAXmIoWSQWm
NR50gFoOvsQHR7H0H9RsURTiFUQQTuB8XI5jedGydgsbsc7MQ0XVTyylkgojsvx4
3eOOHy0mmybUpSDjN2BbG8Z4blmaABB22nml/U5Rj8cX
-----END CERTIFICATE-----