Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/a_Vj2-v5T4X_nDiXqzE6N2ssxoo.roa
File:                     a_Vj2-v5T4X_nDiXqzE6N2ssxoo.roa (raw, json)
Hash identifier:          g9JypmStlyScH4xPgfqYMmsi5JgNxMdhBsqUZBRKp0U=
Subject key identifier:   6B:F5:63:DB:EB:F9:4F:85:FF:9C:38:97:AB:31:3A:37:6B:2C:C6:8A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DE5488C6665F5C7E2FA044FE1C7F29CC9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/a_Vj2-v5T4X_nDiXqzE6N2ssxoo.roa
Signing time:             Fri 01 May 2026 20:43:50 +0000
ROA not before:           Fri 01 May 2026 20:43:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        2.26.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:e5:48:8c:66:65:f5:c7:e2:fa:04:4f:e1:c7:f2:9c:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  1 20:43:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6bf563dbebf94f85ff9c3897ab313a376b2cc68a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:a1:18:c1:8f:0b:70:66:6d:b9:5e:95:50:1a:
                    20:75:74:fe:bd:4a:08:8c:ee:a3:cd:ba:a9:74:60:
                    67:6a:4e:18:2c:aa:b4:c2:dc:e0:9d:d1:b6:1e:62:
                    1a:ff:80:51:73:21:dc:92:9d:1a:b5:eb:25:6a:b1:
                    cd:43:ac:c2:9a:03:f6:06:7e:83:dd:25:aa:1b:fc:
                    99:6c:a1:04:d3:a7:d0:81:e7:a9:73:fc:4d:b7:d7:
                    1e:44:8c:31:d4:0d:69:ae:4d:f3:9d:b7:28:57:70:
                    12:71:02:30:39:28:11:08:98:50:e5:2d:b1:65:6d:
                    e9:b7:e0:10:e0:19:bd:c5:78:77:fc:6b:dd:56:f3:
                    b8:10:c2:69:30:07:e8:60:f3:66:7c:f0:47:b7:89:
                    37:93:f1:0d:61:10:52:7a:8a:36:3e:6d:20:b7:91:
                    2c:08:7c:ee:4c:ea:f5:d5:76:0f:fb:aa:18:ad:95:
                    96:d1:12:56:cf:e6:6a:1e:fe:c6:95:ef:a5:84:f3:
                    4c:f2:53:e3:f8:1a:bf:09:e6:e7:f8:9c:40:57:c7:
                    37:22:87:c5:63:86:33:07:4e:2c:4b:a6:3d:05:7e:
                    0f:62:9d:22:0a:7f:a6:7f:bb:b0:42:c5:80:db:66:
                    0d:c1:f3:9e:c6:a7:12:1a:d9:3f:c1:29:5e:75:58:
                    42:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F5:63:DB:EB:F9:4F:85:FF:9C:38:97:AB:31:3A:37:6B:2C:C6:8A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/a_Vj2-v5T4X_nDiXqzE6N2ssxoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:f8:76:71:49:a8:ea:50:b0:e4:5e:ce:7b:c0:fe:6d:4b:1f:
         e0:23:f4:40:5e:89:c6:6e:ab:8d:9d:cc:69:fc:79:b0:02:75:
         41:eb:ad:8c:13:5f:5c:65:e5:7c:d6:d0:8c:41:a2:3b:6a:4f:
         f3:79:89:29:bf:b7:8d:28:93:4c:9e:24:f7:7d:21:bd:f4:67:
         0a:db:aa:d5:1f:4e:ff:05:e0:88:f6:98:7d:7e:56:e5:e1:36:
         00:04:fb:ed:cd:04:c1:14:b6:7e:42:d0:83:0b:b4:1a:5b:52:
         09:13:a9:d0:79:5c:4b:83:ec:07:2a:fc:40:df:83:8f:c5:e4:
         c7:02:2f:f3:4e:73:9c:f5:4a:b6:a1:9a:bc:e4:42:1f:1b:15:
         5a:7d:c2:27:02:33:b6:30:56:3e:1a:0e:b9:4f:02:ff:7b:a0:
         a8:37:e7:75:41:48:21:c0:3f:fb:45:21:71:ee:9f:69:f5:d9:
         63:99:55:54:f0:c7:17:3d:82:bd:5f:5a:9e:5f:42:97:83:e2:
         9e:a1:b6:fd:62:04:b5:f7:b5:ca:7f:43:44:39:1f:bd:1f:7f:
         9a:a5:d5:5e:bf:de:4a:26:01:b4:5a:e7:4e:b6:08:a0:e1:fe:
         93:65:d9:a3:c5:ce:29:fe:63:54:84:61:27:8d:e8:b5:20:a2:
         0b:ca:6e:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3lSIxmZfXH4voET+HH8pzJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAxMjA0MzUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmY1NjNkYmViZjk0Zjg1ZmY5YzM4OTdhYjMxM2EzNzZiMmNjNjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5KEYwY8LcGZtuV6VUBogdXT+vUoI
jO6jzbqpdGBnak4YLKq0wtzgndG2HmIa/4BRcyHckp0ateslarHNQ6zCmgP2Bn6D
3SWqG/yZbKEE06fQgeepc/xNt9ceRIwx1A1prk3znbcoV3AScQIwOSgRCJhQ5S2x
ZW3pt+AQ4Bm9xXh3/GvdVvO4EMJpMAfoYPNmfPBHt4k3k/ENYRBSeoo2Pm0gt5Es
CHzuTOr11XYP+6oYrZWW0RJWz+ZqHv7Gle+lhPNM8lPj+Bq/Cebn+JxAV8c3IofF
Y4YzB04sS6Y9BX4PYp0iCn+mf7uwQsWA22YNwfOexqcSGtk/wSledVhCjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGv1Y9vr+U+F/5w4l6sxOjdrLMaKMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYV9WajItdjVUNFhfbkRpWHF6RTZOMnNzeG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqfMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ+HZxSajqULDkXs57wP5tSx/gI/RAXonGbquNncxp
/HmwAnVB662ME19cZeV81tCMQaI7ak/zeYkpv7eNKJNMniT3fSG99GcK26rVH07/
BeCI9ph9flbl4TYABPvtzQTBFLZ+QtCDC7QaW1IJE6nQeVxLg+wHKvxA34OPxeTH
Ai/zTnOc9Uq2oZq85EIfGxVafcInAjO2MFY+Gg65TwL/e6CoN+d1QUghwD/7RSFx
7p9p9dljmVVU8McXPYK9X1qeX0KXg+Keobb9YgS197XKf0NEOR+9H3+apdVev95K
JgG0WudOtgig4f6TZdmjxc4p/mNUhGEnjei1IKILym4U
-----END CERTIFICATE-----