Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XdYpHofH-SJUvEopG0IQhJoXQNA.roa
File:                     XdYpHofH-SJUvEopG0IQhJoXQNA.roa (raw, json)
Hash identifier:          dzOuN8iL64vlcPjs50cgG3J/PeS498qPUQ7bidabsvo=
Subject key identifier:   5D:D6:29:1E:87:C7:F9:22:54:BC:4A:29:1B:42:10:84:9A:17:40:D0
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DB0FE486E6D088127F3F965701101943E
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XdYpHofH-SJUvEopG0IQhJoXQNA.roa
Signing time:             Tue 21 Apr 2026 17:02:27 +0000
ROA not before:           Tue 21 Apr 2026 17:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44092
IP address blocks:        2.27.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 Apr 2026 17:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:fe:48:6e:6d:08:81:27:f3:f9:65:70:11:01:94:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 21 17:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=5dd6291e87c7f92254bc4a291b4210849a1740d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:7f:56:36:67:92:8e:3b:76:8e:0e:05:eb:b5:
                    e0:01:88:2e:45:f9:40:3f:46:8a:30:fd:6c:d3:45:
                    72:89:10:7f:73:cb:81:b3:70:85:76:d0:7e:66:f5:
                    ee:51:85:df:bf:3c:5b:95:a1:27:57:74:b6:b4:a8:
                    91:95:a3:ac:76:0d:25:b8:06:00:6d:c0:f6:d8:ba:
                    54:2f:47:2b:fc:d1:c9:bf:61:60:c9:10:83:1a:ac:
                    ff:74:d6:1e:05:fc:b3:4e:8a:b0:a8:5d:38:72:43:
                    6b:6a:8d:2e:c3:2e:3c:6f:78:41:61:ad:a1:78:90:
                    b8:df:46:14:b7:8f:e1:ec:8c:03:d9:d4:5f:6f:e2:
                    9f:5b:54:68:19:13:35:2e:a7:cd:4c:79:11:b9:e4:
                    3b:be:2b:8e:1e:1a:90:29:90:8d:ae:57:a0:70:ef:
                    85:78:c9:05:14:71:0c:47:de:36:b5:c1:8e:2f:5e:
                    c6:22:55:c9:2a:3e:54:35:dd:57:4d:2c:c1:1a:a3:
                    11:0d:57:59:66:99:dc:07:f1:2a:0e:7b:0c:30:57:
                    ae:58:61:73:a4:76:38:f2:b9:51:43:b1:b7:e3:75:
                    f8:87:c2:43:c7:0b:f6:c5:41:77:d4:be:86:a5:62:
                    81:16:88:be:4f:78:e2:7b:17:7c:46:c0:a0:b9:38:
                    6a:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D6:29:1E:87:C7:F9:22:54:BC:4A:29:1B:42:10:84:9A:17:40:D0
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/XdYpHofH-SJUvEopG0IQhJoXQNA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:c6:30:cf:91:ae:c4:0e:04:30:9e:28:00:8a:8b:99:f3:86:
         d0:fd:c8:10:e2:ab:0c:d8:a0:dd:2b:76:e3:34:ed:b5:6d:a4:
         23:bc:87:55:26:7c:7c:64:be:2c:4f:d4:b5:6a:8f:7f:9b:15:
         7d:c0:47:0b:4b:13:a2:7f:ea:c4:ce:c0:86:e4:b0:de:c4:be:
         14:38:0f:7a:9a:ed:e3:49:63:94:1f:e2:5b:19:24:a7:65:8b:
         04:b4:50:a1:59:ff:76:2c:52:b1:1d:70:2b:bd:99:15:93:3b:
         7a:ae:e8:96:06:8c:44:13:30:7e:9a:55:fc:8a:45:bb:a3:05:
         5a:05:ee:59:cf:36:e3:bd:e6:58:72:ce:a6:1c:10:1f:8b:12:
         c3:c4:92:0a:66:33:d2:c2:2f:12:3c:dd:24:c9:5d:36:79:c3:
         17:44:21:79:1b:eb:a1:3a:4b:2c:2b:58:23:49:49:a7:22:fa:
         1e:96:f9:10:69:b6:3b:f1:dd:85:1c:44:68:62:79:39:bc:1f:
         27:27:66:31:a9:e7:57:42:d7:d6:11:5b:de:e4:07:dd:fd:4a:
         0e:97:8c:85:8d:53:b4:d6:9d:e3:76:ef:14:1d:09:2a:ab:25:
         12:bd:12:eb:c2:24:b6:e8:b8:1d:9a:45:12:84:67:90:6d:f5:
         1f:5c:b4:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2w/khubQiBJ/P5ZXARAZQ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIxMTcwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ2MjkxZTg3YzdmOTIyNTRiYzRhMjkxYjQyMTA4NDlhMTc0MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq39WNmeSjjt2jg4F67XgAYguRflA
P0aKMP1s00VyiRB/c8uBs3CFdtB+ZvXuUYXfvzxblaEnV3S2tKiRlaOsdg0luAYA
bcD22LpUL0cr/NHJv2FgyRCDGqz/dNYeBfyzToqwqF04ckNrao0uwy48b3hBYa2h
eJC430YUt4/h7IwD2dRfb+KfW1RoGRM1LqfNTHkRueQ7viuOHhqQKZCNrlegcO+F
eMkFFHEMR942tcGOL17GIlXJKj5UNd1XTSzBGqMRDVdZZpncB/EqDnsMMFeuWGFz
pHY48rlRQ7G343X4h8JDxwv2xUF31L6GpWKBFoi+T3jiexd8RsCguThqeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF3WKR6Hx/kiVLxKKRtCEISaF0DQMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWGRZcEhvZkgtU0pVdkVvcEcwSVFoSm9YUU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtxMA0G
CSqGSIb3DQEBCwUAA4IBAQArxjDPka7EDgQwnigAiouZ84bQ/cgQ4qsM2KDdK3bj
NO21baQjvIdVJnx8ZL4sT9S1ao9/mxV9wEcLSxOif+rEzsCG5LDexL4UOA96mu3j
SWOUH+JbGSSnZYsEtFChWf92LFKxHXArvZkVkzt6ruiWBoxEEzB+mlX8ikW7owVa
Be5ZzzbjveZYcs6mHBAfixLDxJIKZjPSwi8SPN0kyV02ecMXRCF5G+uhOkssK1gj
SUmnIvoelvkQabY78d2FHERoYnk5vB8nJ2YxqedXQtfWEVve5Afd/UoOl4yFjVO0
1p3jdu8UHQkqqyUSvRLrwiS26LgdmkUShGeQbfUfXLTB
-----END CERTIFICATE-----