Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fClrfrEDt98DbOKN51_8pN0Mh38.roa
File:                     fClrfrEDt98DbOKN51_8pN0Mh38.roa (raw, json)
Hash identifier:          iLitEeGiyXlwkC8qccZVf6gD/bgdQai3xQQOuwzlBLo=
Subject key identifier:   7C:29:6B:7E:B1:03:B7:DF:03:6C:E2:8D:E7:5F:FC:A4:DD:0C:87:7F
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D08199EB1A1B884460103B8A0CFB42559
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fClrfrEDt98DbOKN51_8pN0Mh38.roa
Signing time:             Thu 19 Mar 2026 21:56:29 +0000
ROA not before:           Thu 19 Mar 2026 21:56:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     209630
IP address blocks:        2.27.116.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:08:19:9e:b1:a1:b8:84:46:01:03:b8:a0:cf:b4:25:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 19 21:56:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=7c296b7eb103b7df036ce28de75ffca4dd0c877f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:9e:c2:b1:55:11:36:ab:4e:b1:4b:b3:6b:e3:
                    a5:a5:bb:04:1b:67:20:97:7b:40:cc:87:d6:2c:37:
                    f5:4b:3b:5f:db:f1:1d:ad:ba:bb:0e:02:fe:8f:5f:
                    60:45:13:a4:c0:dc:74:0a:4f:22:6a:74:6f:6f:df:
                    77:a3:c6:00:1b:a5:eb:82:af:4d:8e:29:d0:81:1e:
                    b3:49:e9:4a:7c:f4:63:f3:9e:eb:ee:5f:4f:7b:ce:
                    7a:d8:da:95:0b:e7:2e:4d:e3:ab:67:03:56:38:b2:
                    57:27:ca:9b:31:34:1c:d9:76:72:e6:6a:c5:01:6b:
                    62:85:7c:6f:ea:a1:95:d2:e2:16:0c:a7:57:fa:cb:
                    1c:d7:21:67:95:7e:b8:40:2c:d6:65:03:07:7f:8e:
                    e2:fb:cf:f4:84:51:00:39:97:8c:9d:04:bc:a9:f2:
                    ba:8f:8b:2f:21:92:38:a3:14:d3:64:d4:da:42:be:
                    ce:77:f2:4c:7e:e4:9e:62:0f:07:e4:1a:c0:39:8e:
                    b8:df:ec:6d:b0:03:60:88:58:c3:2c:67:71:c1:7c:
                    23:53:9d:27:39:52:07:61:23:e7:4a:4b:12:e0:90:
                    c4:78:f2:61:d9:f4:09:00:6c:d2:9d:07:d5:cc:94:
                    55:da:36:02:59:13:0b:ca:d0:c8:1b:ed:24:0f:c7:
                    66:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:29:6B:7E:B1:03:B7:DF:03:6C:E2:8D:E7:5F:FC:A4:DD:0C:87:7F
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/fClrfrEDt98DbOKN51_8pN0Mh38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:c8:f2:65:7f:76:25:59:2e:0f:57:a7:9c:a7:04:73:ca:8a:
         9d:94:46:d8:df:1a:a6:c9:63:0c:d0:fb:f7:42:cd:71:64:c6:
         4b:88:90:d3:ef:36:c3:01:53:87:83:1b:0d:39:5d:62:8d:7b:
         a0:45:70:4f:97:5c:4c:0c:43:76:4a:8b:20:c6:8b:38:fb:0d:
         a8:29:4d:60:91:c0:01:76:41:65:2b:a2:ee:f0:d0:f6:e2:d3:
         e5:b3:d2:59:ab:e4:02:4e:ef:14:65:c3:2b:a1:15:a3:ef:91:
         70:77:61:dc:db:38:b5:be:1a:a4:2c:5f:4c:50:ee:88:3d:74:
         13:68:0d:8a:6e:f7:a2:6e:0b:ee:fc:cc:33:a3:be:16:c5:5f:
         13:a2:35:52:67:39:72:e4:8e:5c:1f:fd:25:22:7b:59:e9:bc:
         83:11:ce:d7:78:e4:8c:1c:37:aa:b2:a6:17:32:04:ff:96:6b:
         a9:53:2f:e4:b8:e9:3b:f9:4d:f7:4b:8e:fa:13:ba:6e:a0:a9:
         12:72:7a:ac:f5:a8:d7:c3:c7:e2:4d:46:f4:e8:fc:7a:d2:ce:
         b5:ef:cf:5f:7c:42:fd:93:57:47:d5:d1:a5:68:93:44:b4:e2:
         3f:2d:8e:e4:f4:2a:41:7e:ab:17:fa:b1:25:a3:2d:ec:b5:fb:
         0a:14:60:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0IGZ6xobiERgEDuKDPtCVZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE5MjE1NjI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzI5NmI3ZWIxMDNiN2RmMDM2Y2UyOGRlNzVmZmNhNGRkMGM4NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArp7CsVURNqtOsUuza+OlpbsEG2cg
l3tAzIfWLDf1Sztf2/Edrbq7DgL+j19gRROkwNx0Ck8ianRvb993o8YAG6Xrgq9N
jinQgR6zSelKfPRj857r7l9Pe8562NqVC+cuTeOrZwNWOLJXJ8qbMTQc2XZy5mrF
AWtihXxv6qGV0uIWDKdX+ssc1yFnlX64QCzWZQMHf47i+8/0hFEAOZeMnQS8qfK6
j4svIZI4oxTTZNTaQr7Od/JMfuSeYg8H5BrAOY643+xtsANgiFjDLGdxwXwjU50n
OVIHYSPnSksS4JDEePJh2fQJAGzSnQfVzJRV2jYCWRMLytDIG+0kD8dmiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHwpa36xA7ffA2zijedf/KTdDId/MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvZkNscmZyRUR0OThEYk9LTjUxXzhwTjBNaDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAht0MA0G
CSqGSIb3DQEBCwUAA4IBAQA0yPJlf3YlWS4PV6ecpwRzyoqdlEbY3xqmyWMM0Pv3
Qs1xZMZLiJDT7zbDAVOHgxsNOV1ijXugRXBPl1xMDEN2Sosgxos4+w2oKU1gkcAB
dkFlK6Lu8ND24tPls9JZq+QCTu8UZcMroRWj75Fwd2Hc2zi1vhqkLF9MUO6IPXQT
aA2Kbveibgvu/Mwzo74WxV8TojVSZzly5I5cH/0lIntZ6byDEc7XeOSMHDeqsqYX
MgT/lmupUy/kuOk7+U33S476E7puoKkScnqs9ajXw8fiTUb06Px60s61789ffEL9
k1dH1dGlaJNEtOI/LY7k9CpBfqsX+rEloy3stfsKFGBa
-----END CERTIFICATE-----