Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/coQuWB4JCup2Mu0DwZUSYP4nfKs.roa
File:                     coQuWB4JCup2Mu0DwZUSYP4nfKs.roa (raw, json)
Hash identifier:          FYNXsdNEzAWbvcMU2bG9/lNEBAclhrDPyO0rGsf4E8E=
Subject key identifier:   72:84:2E:58:1E:09:0A:EA:76:32:ED:03:C1:95:12:60:FE:27:7C:AB
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DABC170233A2B7163DE74066BDE5B43D6
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/coQuWB4JCup2Mu0DwZUSYP4nfKs.roa
Signing time:             Mon 20 Apr 2026 16:37:54 +0000
ROA not before:           Mon 20 Apr 2026 16:37:54 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     395470
IP address blocks:        2.27.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:ab:c1:70:23:3a:2b:71:63:de:74:06:6b:de:5b:43:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 20 16:37:54 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=72842e581e090aea7632ed03c1951260fe277cab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:a7:dd:f1:ac:a9:9e:7d:a0:f5:00:4b:f4:a6:
                    f2:b4:46:52:58:3a:ae:11:89:ed:bb:69:ed:d7:b2:
                    dd:59:ef:23:bc:d3:dc:b7:39:0a:9f:77:d9:ed:83:
                    0b:f5:fe:d7:99:f7:8a:30:eb:9a:42:b4:cd:94:83:
                    3c:79:45:d2:92:bb:e0:1d:5f:8e:2b:34:8a:0b:23:
                    b7:1a:22:13:8b:d6:32:b7:3e:35:94:8d:a3:95:e9:
                    6c:bd:99:94:a9:c9:94:86:e7:8e:37:80:cc:93:9e:
                    6a:8e:6c:03:f4:df:55:cb:90:d0:29:22:c4:75:a1:
                    ab:d1:de:ec:51:d6:ac:e1:25:ca:2b:50:15:30:68:
                    dd:cb:20:fd:c5:67:b6:19:9f:08:2e:e8:ee:5f:f1:
                    cb:43:c8:5b:7c:90:63:cd:26:ff:9e:b7:79:89:9c:
                    70:87:46:83:b0:c4:73:b4:00:31:2d:25:8c:50:d8:
                    14:91:93:f9:4d:2c:d2:ca:32:ed:3a:e6:e2:04:e2:
                    f9:80:cc:66:e6:51:c4:25:45:9f:95:43:ee:27:aa:
                    de:8a:5a:1b:d0:79:7d:88:99:bc:6b:40:d6:c4:6b:
                    b7:18:a7:a9:37:81:cf:5d:07:df:6c:43:f3:a5:d8:
                    c8:b9:9e:95:75:ac:db:bb:85:8e:38:9c:cc:b9:62:
                    60:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:84:2E:58:1E:09:0A:EA:76:32:ED:03:C1:95:12:60:FE:27:7C:AB
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/coQuWB4JCup2Mu0DwZUSYP4nfKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:3e:79:49:dc:d5:bc:dc:2c:20:0a:64:46:ce:02:e5:4d:61:
         e8:9f:f2:1f:ec:17:bf:e1:68:3b:d6:aa:00:e0:00:98:1f:7a:
         c1:86:84:08:5b:fe:71:42:1c:04:af:69:1e:9a:56:0b:61:61:
         e1:cd:8d:ed:d7:be:d8:2c:2e:a1:4b:cd:aa:0e:87:98:c8:b0:
         a1:38:0e:21:52:99:14:d3:0a:b2:ab:53:17:9d:af:65:a7:d1:
         f7:ff:14:a2:73:73:dd:0f:ab:f9:74:68:81:05:02:2d:fb:9a:
         db:d4:d7:04:d1:69:b0:9f:5c:4d:9f:6a:f6:eb:43:4e:16:00:
         ff:05:b0:9a:42:0d:3a:47:10:9c:46:ec:b5:c9:d0:ba:60:39:
         af:c2:de:29:6a:9c:8f:57:b0:55:ee:74:d6:57:5b:f3:4c:f8:
         8c:58:8f:ab:e6:81:72:20:7f:80:2f:f6:de:33:43:fe:f4:7c:
         0a:7f:e5:8b:c0:f1:07:b1:6a:cc:ec:0a:ce:ec:20:fd:2f:1b:
         fe:ee:18:cf:14:76:da:5c:15:ff:d8:66:1a:54:6a:13:e5:92:
         4d:eb:9d:c8:23:1b:26:f5:aa:70:11:74:88:1e:b5:b2:34:45:
         b7:61:0f:ad:2c:51:a1:0d:76:b1:f2:4e:77:ba:12:5b:0a:08:
         4f:1e:00:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2rwXAjOitxY950BmveW0PWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIwMTYzNzU0WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjg0MmU1ODFlMDkwYWVhNzYzMmVkMDNjMTk1MTI2MGZlMjc3Y2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqfd8aypnn2g9QBL9KbytEZSWDqu
EYntu2nt17LdWe8jvNPctzkKn3fZ7YML9f7XmfeKMOuaQrTNlIM8eUXSkrvgHV+O
KzSKCyO3GiITi9Yytz41lI2jlelsvZmUqcmUhueON4DMk55qjmwD9N9Vy5DQKSLE
daGr0d7sUdas4SXKK1AVMGjdyyD9xWe2GZ8ILujuX/HLQ8hbfJBjzSb/nrd5iZxw
h0aDsMRztAAxLSWMUNgUkZP5TSzSyjLtOubiBOL5gMxm5lHEJUWflUPuJ6reilob
0Hl9iJm8a0DWxGu3GKepN4HPXQffbEPzpdjIuZ6Vdazbu4WOOJzMuWJgDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHKELlgeCQrqdjLtA8GVEmD+J3yrMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvY29RdVdCNEpDdXAyTXUwRHdaVVNZUDRuZktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhv3MA0G
CSqGSIb3DQEBCwUAA4IBAQBdPnlJ3NW83CwgCmRGzgLlTWHon/If7Be/4Wg71qoA
4ACYH3rBhoQIW/5xQhwEr2kemlYLYWHhzY3t177YLC6hS82qDoeYyLChOA4hUpkU
0wqyq1MXna9lp9H3/xSic3PdD6v5dGiBBQIt+5rb1NcE0Wmwn1xNn2r260NOFgD/
BbCaQg06RxCcRuy1ydC6YDmvwt4papyPV7BV7nTWV1vzTPiMWI+r5oFyIH+AL/be
M0P+9HwKf+WLwPEHsWrM7ArO7CD9Lxv+7hjPFHbaXBX/2GYaVGoT5ZJN653IIxsm
9apwEXSIHrWyNEW3YQ+tLFGhDXax8k53uhJbCghPHgDu
-----END CERTIFICATE-----