Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bvytCTcmtqNMzjPLk08_GpQcTMs.roa
File:                     bvytCTcmtqNMzjPLk08_GpQcTMs.roa (raw, json)
Hash identifier:          mFFY5kzC4pPtgFIAxdoHRgcOeOaJ4fnj+sTXVbLZ8V0=
Subject key identifier:   6E:FC:AD:09:37:26:B6:A3:4C:CE:33:CB:93:4F:3F:1A:94:1C:4C:CB
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DC08DBBFD88BF7CC6A32204A371703F84
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bvytCTcmtqNMzjPLk08_GpQcTMs.roa
Signing time:             Fri 24 Apr 2026 17:33:27 +0000
ROA not before:           Fri 24 Apr 2026 17:33:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     152491
IP address blocks:        2.27.144.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:c0:8d:bb:fd:88:bf:7c:c6:a3:22:04:a3:71:70:3f:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 24 17:33:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6efcad093726b6a34cce33cb934f3f1a941c4ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:1e:cd:28:cf:85:b4:82:a7:9c:b7:3b:bf:3e:
                    84:34:4a:e2:39:31:cb:d9:a7:90:6e:17:c4:ad:91:
                    2e:33:94:16:f2:6e:77:9c:e9:77:79:56:f6:80:bd:
                    11:13:27:83:6c:71:ac:d6:d3:b5:00:a0:83:7a:71:
                    7f:01:b5:80:ce:f0:30:5a:b5:52:dc:58:e8:f2:33:
                    db:07:bf:5e:96:20:ed:09:01:c4:fc:2d:fd:64:0d:
                    ae:e1:32:02:e7:e1:91:62:52:4e:4e:d4:f1:b9:4f:
                    33:2d:6c:34:7a:15:ca:49:07:88:9d:48:8b:47:e1:
                    ae:06:13:4c:06:72:c3:2f:00:20:9e:f4:92:12:df:
                    dd:c3:1f:e7:d3:ad:5e:b4:a7:f5:71:02:90:8b:21:
                    b3:31:e7:8e:f0:6c:13:fc:6e:53:b8:cd:6f:b7:5f:
                    e6:cb:74:dc:c5:2f:2f:c2:ea:16:c8:1b:10:33:b7:
                    c3:d8:a9:9a:21:64:6f:cb:f5:16:3f:77:00:45:22:
                    9b:4a:36:43:7b:28:a0:61:0c:6f:c2:3e:58:98:60:
                    3f:fa:71:38:d3:f9:73:eb:f8:95:e3:d2:79:4b:c5:
                    94:34:b4:27:2a:e6:35:cd:bd:35:3b:a6:04:4a:95:
                    db:69:29:08:04:6d:fb:2e:fe:3d:9f:b3:68:d4:3b:
                    09:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:FC:AD:09:37:26:B6:A3:4C:CE:33:CB:93:4F:3F:1A:94:1C:4C:CB
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/bvytCTcmtqNMzjPLk08_GpQcTMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.144.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6e:f9:aa:4d:71:ff:81:3b:9e:89:ca:d4:d0:a0:4c:c5:fc:47:
         c6:a5:37:84:a7:19:b1:67:54:4a:09:2c:7b:a7:0f:4b:49:8d:
         00:3b:84:bb:1f:4f:eb:88:b2:84:99:98:ba:09:63:8c:c2:f7:
         9b:58:77:81:58:3f:2e:2f:69:c9:d4:c2:6b:7d:e6:97:cf:60:
         a8:ee:c0:34:33:51:81:3a:52:eb:ce:ba:91:49:97:a5:b0:7f:
         ee:37:0d:b4:93:c1:39:49:94:64:19:ea:15:fc:dd:8a:30:90:
         2b:10:aa:0c:56:33:2a:3f:aa:12:00:39:1f:09:10:d2:10:30:
         ca:94:3d:53:a4:a7:69:50:dd:12:41:bf:45:84:da:a9:cb:3c:
         79:f1:4d:6c:3a:59:6a:16:a6:8d:15:0e:e8:69:4a:7c:3b:f8:
         40:5b:44:18:87:cf:b3:d5:1b:de:66:ff:9b:40:fc:80:bc:84:
         97:34:11:4a:76:5c:2a:68:ec:23:e4:a0:99:8f:f0:11:ce:1d:
         77:d1:58:69:66:4e:73:98:0a:55:c8:0f:1d:61:cb:90:23:ff:
         8f:81:9d:ef:29:16:6a:50:73:35:b9:50:5e:f7:99:7e:2e:03:
         de:eb:1a:9c:a2:31:11:63:b0:6c:f7:30:56:9d:05:a4:82:ec:
         84:81:77:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3Ajbv9iL98xqMiBKNxcD+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDI0MTczMzI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWZjYWQwOTM3MjZiNmEzNGNjZTMzY2I5MzRmM2YxYTk0MWM0Y2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzB7NKM+FtIKnnLc7vz6ENEriOTHL
2aeQbhfErZEuM5QW8m53nOl3eVb2gL0REyeDbHGs1tO1AKCDenF/AbWAzvAwWrVS
3Fjo8jPbB79eliDtCQHE/C39ZA2u4TIC5+GRYlJOTtTxuU8zLWw0ehXKSQeInUiL
R+GuBhNMBnLDLwAgnvSSEt/dwx/n061etKf1cQKQiyGzMeeO8GwT/G5TuM1vt1/m
y3TcxS8vwuoWyBsQM7fD2KmaIWRvy/UWP3cARSKbSjZDeyigYQxvwj5YmGA/+nE4
0/lz6/iV49J5S8WUNLQnKuY1zb01O6YESpXbaSkIBG37Lv49n7No1DsJ6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG78rQk3JrajTM4zy5NPPxqUHEzLMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvYnZ5dENUY210cU5NempQTGswOF9HcFFjVE1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhuQMA0G
CSqGSIb3DQEBCwUAA4IBAQBu+apNcf+BO56JytTQoEzF/EfGpTeEpxmxZ1RKCSx7
pw9LSY0AO4S7H0/riLKEmZi6CWOMwvebWHeBWD8uL2nJ1MJrfeaXz2Co7sA0M1GB
OlLrzrqRSZelsH/uNw20k8E5SZRkGeoV/N2KMJArEKoMVjMqP6oSADkfCRDSEDDK
lD1TpKdpUN0SQb9FhNqpyzx58U1sOllqFqaNFQ7oaUp8O/hAW0QYh8+z1RveZv+b
QPyAvISXNBFKdlwqaOwj5KCZj/ARzh130VhpZk5zmApVyA8dYcuQI/+PgZ3vKRZq
UHM1uVBe95l+LgPe6xqcojERY7Bs9zBWnQWkguyEgXcK
-----END CERTIFICATE-----