Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YKvnHdWrKBJJc8sjJ7rdLDcToHw.roa
File:                     YKvnHdWrKBJJc8sjJ7rdLDcToHw.roa (raw, json)
Hash identifier:          d3XUjTSN7vOq9hzW2ksW4DSEIRwh0EMA/Weznthg2w0=
Subject key identifier:   60:AB:E7:1D:D5:AB:28:12:49:73:CB:23:27:BA:DD:2C:37:13:A0:7C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DE4D270DE348BF0491679DB6C1FD1CC47
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YKvnHdWrKBJJc8sjJ7rdLDcToHw.roa
Signing time:             Fri 01 May 2026 18:34:49 +0000
ROA not before:           Fri 01 May 2026 18:34:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199742
IP address blocks:        2.27.58.0/24 maxlen: 24
                          31.76.249.0/24 maxlen: 24
                          31.76.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e4:d2:70:de:34:8b:f0:49:16:79:db:6c:1f:d1:cc:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  1 18:34:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=60abe71dd5ab28124973cb2327badd2c3713a07c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:08:f6:c8:f6:d6:ff:28:c0:5f:03:d3:9c:7d:
                    18:39:00:63:ec:4c:e8:fb:0c:12:df:5e:56:24:f1:
                    cb:4a:91:fd:4e:50:f7:c1:52:ad:be:17:e4:f5:31:
                    d6:59:86:17:96:13:2d:11:6f:0c:e2:7b:41:46:45:
                    55:20:e5:4d:70:0f:73:03:97:db:67:1b:44:b9:44:
                    14:ab:35:93:5a:52:d5:f0:04:68:3d:aa:3f:b8:07:
                    a7:2d:81:ad:7d:76:d7:b3:9b:0c:7d:46:4f:d2:6c:
                    da:b2:06:21:2f:e9:1e:da:f6:0d:c7:59:6b:61:d7:
                    56:69:ca:eb:a4:60:da:c3:24:23:ef:ae:c0:17:39:
                    ad:ac:7f:63:72:f1:af:fb:43:2b:9a:71:45:b2:d4:
                    6b:d3:fe:2c:18:66:0d:b8:ec:8b:35:8f:76:fb:90:
                    54:b8:28:89:20:59:47:f8:f3:e1:3a:fc:12:58:ad:
                    b0:d0:c7:3c:d8:50:c0:db:6b:33:26:b7:d6:65:60:
                    85:17:30:33:d9:7f:75:93:eb:8a:bd:af:ab:4f:2b:
                    f9:1d:9a:cc:fb:55:49:6c:ab:b2:63:1c:b9:78:fc:
                    5b:10:e1:c5:9b:43:84:1d:2f:09:23:4d:94:f2:26:
                    7a:62:25:d8:ef:35:27:c4:5b:c2:93:dc:20:13:fc:
                    44:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:AB:E7:1D:D5:AB:28:12:49:73:CB:23:27:BA:DD:2C:37:13:A0:7C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/YKvnHdWrKBJJc8sjJ7rdLDcToHw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.58.0/24
                  31.76.249.0-31.76.250.255

    Signature Algorithm: sha256WithRSAEncryption
         87:46:00:d8:4a:27:df:83:73:49:23:bd:24:3a:4f:83:55:a9:
         d0:35:e9:3e:65:2b:61:15:e3:a6:35:57:0d:50:67:78:b0:a4:
         39:10:b1:df:e8:8f:37:ad:35:53:a5:c1:5c:24:7a:c5:10:eb:
         7b:29:37:61:14:47:ec:fc:bd:04:96:75:dd:d8:49:f1:3f:95:
         d9:f6:e7:26:13:8d:64:56:d9:d8:f0:2d:70:d1:bd:81:40:92:
         28:0d:f0:1d:be:15:a5:71:c9:9d:62:1a:72:ed:b3:58:6f:c6:
         3e:41:71:14:16:b0:20:aa:f8:1c:b7:d1:7c:6d:4a:0a:36:e9:
         e9:f1:ec:43:86:a5:03:d5:21:b9:5e:6c:a3:b4:e5:45:4c:bd:
         80:13:59:72:b6:33:9b:d3:d7:d3:06:8a:84:fd:8e:b9:94:b7:
         1a:22:92:33:f7:e6:a7:0a:6d:ac:52:07:ce:8a:1f:ec:87:99:
         13:07:a1:4c:32:24:ec:b8:fc:96:13:d9:e7:22:6b:4e:ea:fa:
         e0:79:63:3b:51:82:7a:a9:b5:43:eb:8b:a5:4b:d3:24:ff:d0:
         12:ef:71:78:87:d1:e9:b1:86:93:5a:ac:a6:ab:b6:db:33:eb:
         82:ea:01:8b:90:bd:cf:73:b2:c1:52:ff:5d:ec:c5:d6:1c:09:
         52:13:89:84
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZ3k0nDeNIvwSRZ522wf0cxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAxMTgzNDQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGFiZTcxZGQ1YWIyODEyNDk3M2NiMjMyN2JhZGQyYzM3MTNhMDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgj2yPbW/yjAXwPTnH0YOQBj7Ezo
+wwS315WJPHLSpH9TlD3wVKtvhfk9THWWYYXlhMtEW8M4ntBRkVVIOVNcA9zA5fb
ZxtEuUQUqzWTWlLV8ARoPao/uAenLYGtfXbXs5sMfUZP0mzasgYhL+ke2vYNx1lr
YddWacrrpGDawyQj767AFzmtrH9jcvGv+0MrmnFFstRr0/4sGGYNuOyLNY92+5BU
uCiJIFlH+PPhOvwSWK2w0Mc82FDA22szJrfWZWCFFzAz2X91k+uKva+rTyv5HZrM
+1VJbKuyYxy5ePxbEOHFm0OEHS8JI02U8iZ6YiXY7zUnxFvCk9wgE/xEmwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGCr5x3VqygSSXPLIye63Sw3E6B8MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWUt2bkhkV3JLQkpKYzhzako3cmRMRGNUb0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAAhs6MAwD
BAAfTPkDBAAfTPowDQYJKoZIhvcNAQELBQADggEBAIdGANhKJ9+Dc0kjvSQ6T4NV
qdA16T5lK2EV46Y1Vw1QZ3iwpDkQsd/ojzetNVOlwVwkesUQ63spN2EUR+z8vQSW
dd3YSfE/ldn25yYTjWRW2djwLXDRvYFAkigN8B2+FaVxyZ1iGnLts1hvxj5BcRQW
sCCq+By30XxtSgo26enx7EOGpQPVIblebKO05UVMvYATWXK2M5vT19MGioT9jrmU
txoikjP35qcKbaxSB86KH+yHmRMHoUwyJOy4/JYT2ecia07q+uB5YztRgnqptUPr
i6VL0yT/0BLvcXiH0emxhpNarKarttsz64LqAYuQvc9zssFS/13sxdYcCVITiYQ=
-----END CERTIFICATE-----