Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Yw6MOp19CF7PfSNiXASHppydhl0.roa
File:                     Yw6MOp19CF7PfSNiXASHppydhl0.roa (raw, json)
Hash identifier:          pdAzxWS4BlDr5VdO4ZBOIH/ljuszunVk/N7hSqkiTT4=
Subject key identifier:   63:0E:8C:3A:9D:7D:08:5E:CF:7D:23:62:5C:04:87:A6:9C:9D:86:5D
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CF580E0876B9BB4989E33917D3AB1C3C4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Yw6MOp19CF7PfSNiXASHppydhl0.roa
Signing time:             Mon 16 Mar 2026 07:16:29 +0000
ROA not before:           Mon 16 Mar 2026 07:16:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     30823
IP address blocks:        2.27.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f5:80:e0:87:6b:9b:b4:98:9e:33:91:7d:3a:b1:c3:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 16 07:16:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=630e8c3a9d7d085ecf7d23625c0487a69c9d865d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:07:8d:75:0b:61:c5:b6:5f:cf:99:15:3d:22:
                    15:93:45:e5:44:32:b7:42:b0:fe:b1:5c:cb:d0:03:
                    a1:e2:09:0f:98:85:7f:31:1a:63:33:a7:5a:db:8c:
                    42:b0:e2:c6:ba:ad:86:54:9f:83:9b:28:b9:c5:f4:
                    78:5c:f8:df:ff:b4:81:af:a9:e6:53:11:e8:01:d1:
                    5d:dd:67:e3:be:69:80:2a:1f:a5:e0:88:66:5f:d9:
                    26:8c:97:11:4c:16:d1:e6:c0:60:8b:cb:7f:69:38:
                    07:9a:e8:0b:c8:02:de:a1:4b:e5:7e:d1:7d:ab:fc:
                    ef:71:3d:97:02:a1:68:a1:bb:9f:53:50:11:87:eb:
                    91:02:87:ba:1e:77:b5:56:30:3e:95:a8:ce:c6:b0:
                    0a:44:ce:8b:a8:f6:6e:0c:2f:54:63:20:69:a8:b9:
                    ba:27:ac:35:42:ed:97:95:ce:57:41:a0:e9:83:85:
                    12:4c:85:c3:e1:dc:de:0e:5a:2a:a2:35:0a:c1:e6:
                    82:5d:de:4e:dd:61:ba:f3:1b:59:47:5a:12:5e:a7:
                    5f:75:79:54:92:89:fd:53:4c:ef:3a:56:37:06:aa:
                    b7:c5:a4:73:bc:c5:22:e6:db:10:af:28:69:1d:bc:
                    92:18:ff:1c:81:13:32:60:5a:e0:25:01:57:fb:d1:
                    e6:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:0E:8C:3A:9D:7D:08:5E:CF:7D:23:62:5C:04:87:A6:9C:9D:86:5D
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/Yw6MOp19CF7PfSNiXASHppydhl0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:fe:0d:d9:f6:35:51:54:6c:37:f5:6c:71:d4:2d:56:a1:22:
         17:c8:9c:27:04:17:25:bd:c3:69:1d:2f:a1:a2:bb:4e:3a:45:
         d0:c9:8e:27:3f:87:f2:7e:38:18:91:b8:ce:dc:b6:27:82:a6:
         c1:d8:2c:8c:f2:c5:b7:4e:de:74:9f:79:34:57:6d:c9:76:4b:
         c0:4b:a2:0d:42:74:34:8e:51:bf:66:ab:86:bc:91:7b:b2:c4:
         ca:c4:c6:83:1c:2f:93:7c:f3:1c:3d:57:6b:c5:d9:2b:dc:79:
         ce:3b:6b:be:f2:72:a7:ee:64:1c:cc:0f:b1:9f:bf:e8:3c:10:
         b7:68:24:e6:37:45:dd:0e:3a:7b:38:3d:1c:f2:70:3c:7d:7f:
         b1:02:87:52:1c:bd:18:74:0e:91:96:a6:05:56:86:6a:ec:55:
         32:88:07:78:61:63:3a:67:65:c6:88:6e:66:54:22:21:76:d8:
         fd:86:57:1e:70:89:de:34:ef:21:82:1e:51:ee:43:fa:25:5d:
         6c:da:16:1e:7a:ab:70:ba:68:b2:c0:39:66:a3:96:aa:2e:de:
         10:6e:1a:5f:3d:e8:71:bc:9d:07:0c:96:00:c7:8d:33:ff:51:
         ca:c1:ee:52:e0:43:c7:8c:bf:ba:80:02:3a:94:a8:2b:c9:28:
         58:db:fd:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz1gOCHa5u0mJ4zkX06scPEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE2MDcxNjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzBlOGMzYTlkN2QwODVlY2Y3ZDIzNjI1YzA0ODdhNjljOWQ4NjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqAeNdQthxbZfz5kVPSIVk0XlRDK3
QrD+sVzL0AOh4gkPmIV/MRpjM6da24xCsOLGuq2GVJ+Dmyi5xfR4XPjf/7SBr6nm
UxHoAdFd3WfjvmmAKh+l4IhmX9kmjJcRTBbR5sBgi8t/aTgHmugLyALeoUvlftF9
q/zvcT2XAqFoobufU1ARh+uRAoe6Hne1VjA+lajOxrAKRM6LqPZuDC9UYyBpqLm6
J6w1Qu2Xlc5XQaDpg4USTIXD4dzeDloqojUKweaCXd5O3WG68xtZR1oSXqdfdXlU
kon9U0zvOlY3Bqq3xaRzvMUi5tsQryhpHbySGP8cgRMyYFrgJQFX+9HmDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGMOjDqdfQhez30jYlwEh6acnYZdMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvWXc2TU9wMTlDRjdQZlNOaVhBU0hwcHlkaGwwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhs+MA0G
CSqGSIb3DQEBCwUAA4IBAQBr/g3Z9jVRVGw39Wxx1C1WoSIXyJwnBBclvcNpHS+h
ortOOkXQyY4nP4fyfjgYkbjO3LYngqbB2CyM8sW3Tt50n3k0V23JdkvAS6INQnQ0
jlG/ZquGvJF7ssTKxMaDHC+TfPMcPVdrxdkr3HnOO2u+8nKn7mQczA+xn7/oPBC3
aCTmN0XdDjp7OD0c8nA8fX+xAodSHL0YdA6RlqYFVoZq7FUyiAd4YWM6Z2XGiG5m
VCIhdtj9hlcecIneNO8hgh5R7kP6JV1s2hYeeqtwumiywDlmo5aqLt4QbhpfPehx
vJ0HDJYAx40z/1HKwe5S4EPHjL+6gAI6lKgryShY2/1O
-----END CERTIFICATE-----