Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/dAJ2hNB8r9KtVikZXGTaxmcTXio.roa
File:                     dAJ2hNB8r9KtVikZXGTaxmcTXio.roa (raw, json)
Hash identifier:          IPACASio/Fh85Wf66PVTET1UNemNdhN6DVhb4q8pde8=
Subject key identifier:   74:02:76:84:D0:7C:AF:D2:AD:56:29:19:5C:64:DA:C6:67:13:5E:2A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CED2D8848C8021210D087D75D9CBDF1A4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/dAJ2hNB8r9KtVikZXGTaxmcTXio.roa
Signing time:             Sat 14 Mar 2026 16:28:29 +0000
ROA not before:           Sat 14 Mar 2026 16:28:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     25198
IP address blocks:        2.27.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:ed:2d:88:48:c8:02:12:10:d0:87:d7:5d:9c:bd:f1:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 14 16:28:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=74027684d07cafd2ad5629195c64dac667135e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:ad:59:5a:56:31:2c:ae:2f:51:6a:9a:9a:4f:
                    34:1d:94:69:94:7b:f7:73:6f:df:87:80:c3:d2:5a:
                    4a:88:3b:82:5e:b2:53:0d:7c:b0:44:5b:87:2f:1f:
                    7c:62:fd:79:9f:b3:45:a3:fe:d0:c4:81:eb:88:60:
                    b1:f2:69:9f:84:34:81:ed:29:ab:32:8e:d5:23:51:
                    f0:e7:c3:4f:45:e7:ee:19:e3:98:f6:4f:c9:1d:44:
                    3f:23:74:84:28:60:8b:81:20:49:0c:b1:8a:15:68:
                    7e:f1:b4:80:6f:3b:0a:6b:36:98:76:de:ef:9e:b7:
                    47:3d:bf:20:67:1f:a5:30:02:59:f7:78:4a:ca:b2:
                    a5:2f:85:ce:cd:7f:92:54:51:6d:6c:90:7f:42:b9:
                    59:24:d9:a4:3f:81:e6:65:8b:59:5a:23:da:8e:d5:
                    a9:e9:79:f5:1f:12:fc:4d:53:9f:cb:b1:bf:cb:0e:
                    51:3d:12:16:14:30:b1:97:21:b7:82:4b:3e:f4:c6:
                    d0:66:86:7c:5c:08:d2:1c:04:62:1a:24:24:0a:99:
                    10:8a:9f:f0:57:0c:28:37:0f:d2:ba:05:21:f6:28:
                    df:af:43:ae:9c:e6:5a:d3:95:be:c7:b9:b7:8a:b0:
                    07:29:5e:4b:95:7b:7a:5b:fc:99:83:96:4f:94:dd:
                    d1:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:02:76:84:D0:7C:AF:D2:AD:56:29:19:5C:64:DA:C6:67:13:5E:2A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/dAJ2hNB8r9KtVikZXGTaxmcTXio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:d2:78:60:88:8d:c3:4f:c7:d0:55:67:77:3d:6e:b9:da:b2:
         1b:bd:cc:76:75:1e:d9:39:67:b2:86:45:17:98:c5:02:8e:f2:
         f1:8f:74:0c:fd:96:52:87:d9:d3:5a:a3:38:40:dc:7e:12:6d:
         16:c5:1c:89:19:6b:50:08:b8:e2:84:9f:ce:f4:98:48:72:53:
         86:99:f3:6c:bc:40:30:fe:41:b6:14:bd:70:49:95:1b:81:d0:
         c2:08:d1:fc:38:ff:dc:ce:c8:9b:bd:0e:2a:9f:82:5f:58:86:
         a9:32:40:29:dd:ce:65:d4:ca:44:e5:74:41:4b:3c:72:81:9d:
         b7:6e:cb:74:e7:1e:73:96:53:e1:41:f7:ae:93:cc:f2:f5:8c:
         01:39:74:8d:2e:02:b4:fb:c3:a6:8a:f0:5d:01:b1:ba:57:84:
         4b:7b:70:16:7d:d2:c8:0c:b2:5f:c4:53:bb:59:3d:8f:16:6b:
         f0:21:fb:0c:cc:f3:f3:20:c3:c1:e2:16:08:4c:20:dc:c9:09:
         2e:10:a7:29:75:11:bd:3a:0e:63:c9:df:95:8e:a7:0e:88:aa:
         d4:6c:21:83:1c:29:55:64:a6:47:44:36:ff:e7:5e:83:10:f2:
         5c:cc:99:5d:8d:62:f1:39:4f:d3:2d:0c:38:05:c0:d0:31:90:
         a4:4c:94:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZztLYhIyAISENCH112cvfGkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE0MTYyODI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDAyNzY4NGQwN2NhZmQyYWQ1NjI5MTk1YzY0ZGFjNjY3MTM1ZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkK1ZWlYxLK4vUWqamk80HZRplHv3
c2/fh4DD0lpKiDuCXrJTDXywRFuHLx98Yv15n7NFo/7QxIHriGCx8mmfhDSB7Smr
Mo7VI1Hw58NPRefuGeOY9k/JHUQ/I3SEKGCLgSBJDLGKFWh+8bSAbzsKazaYdt7v
nrdHPb8gZx+lMAJZ93hKyrKlL4XOzX+SVFFtbJB/QrlZJNmkP4HmZYtZWiPajtWp
6Xn1HxL8TVOfy7G/yw5RPRIWFDCxlyG3gks+9MbQZoZ8XAjSHARiGiQkCpkQip/w
VwwoNw/SugUh9ijfr0OunOZa05W+x7m3irAHKV5LlXt6W/yZg5ZPlN3RJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHQCdoTQfK/SrVYpGVxk2sZnE14qMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZEFKMmhOQjhyOUt0VmlrWlhHVGF4bWNUWGlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhtcMA0G
CSqGSIb3DQEBCwUAA4IBAQB90nhgiI3DT8fQVWd3PW652rIbvcx2dR7ZOWeyhkUX
mMUCjvLxj3QM/ZZSh9nTWqM4QNx+Em0WxRyJGWtQCLjihJ/O9JhIclOGmfNsvEAw
/kG2FL1wSZUbgdDCCNH8OP/czsibvQ4qn4JfWIapMkAp3c5l1MpE5XRBSzxygZ23
bst05x5zllPhQfeuk8zy9YwBOXSNLgK0+8OmivBdAbG6V4RLe3AWfdLIDLJfxFO7
WT2PFmvwIfsMzPPzIMPB4hYITCDcyQkuEKcpdRG9Og5jyd+VjqcOiKrUbCGDHClV
ZKZHRDb/516DEPJczJldjWLxOU/TLQw4BcDQMZCkTJRV
-----END CERTIFICATE-----