Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ipPuS5VOcrh8Scna1rYzS5zK3mQ.roa
File:                     ipPuS5VOcrh8Scna1rYzS5zK3mQ.roa (raw, json)
Hash identifier:          RfDwdUJ6MhfTf+WI+AdiDgHYQtXhOKGX6X8hgxm3Rq4=
Subject key identifier:   8A:93:EE:4B:95:4E:72:B8:7C:49:C9:DA:D6:B6:33:4B:9C:CA:DE:64
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D9C561BA14AB65582B6A52D3E2364D53D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ipPuS5VOcrh8Scna1rYzS5zK3mQ.roa
Signing time:             Fri 17 Apr 2026 16:46:22 +0000
ROA not before:           Fri 17 Apr 2026 16:46:22 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     207590
IP address blocks:        2.26.216.0/24 maxlen: 24
                          144.31.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:9c:56:1b:a1:4a:b6:55:82:b6:a5:2d:3e:23:64:d5:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 17 16:46:22 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8a93ee4b954e72b87c49c9dad6b6334b9ccade64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:77:6e:04:2b:bf:3a:2b:4a:8a:e2:47:03:5b:
                    14:4c:35:95:f2:55:48:1f:fe:78:f0:58:a3:00:15:
                    d1:7e:b8:61:3e:94:a7:93:77:a5:ab:b3:81:90:b3:
                    b9:8d:d2:ad:76:4e:33:66:75:5c:07:6a:3f:6e:44:
                    d3:e3:ff:ee:f0:a2:c1:08:bc:4e:d2:95:27:46:7a:
                    9e:b9:34:a9:a9:dc:9e:b2:e1:7c:c3:81:80:41:78:
                    f4:e7:9a:8f:d6:1f:eb:5b:c4:9e:2e:c9:b0:03:4e:
                    d9:e3:b6:0f:a3:11:9f:82:c8:94:9a:6e:c3:fa:64:
                    c3:69:60:98:e9:06:90:78:cf:e1:61:07:b1:8b:9f:
                    d3:7f:32:f9:5e:8a:c3:92:19:15:53:41:67:24:43:
                    fa:cc:4d:55:55:b9:e1:ce:21:17:d3:59:6f:7d:da:
                    2d:09:b8:ce:85:87:99:d4:4f:16:5e:f0:69:79:12:
                    7e:10:02:3d:d0:3e:ca:36:87:c5:92:8f:ce:94:8b:
                    73:5d:d1:00:fe:77:4b:fa:32:56:ba:5f:33:60:12:
                    6b:82:83:5d:5d:3c:cc:8a:91:48:5a:2c:68:48:3b:
                    30:d6:87:4a:e9:27:3c:d0:ed:5c:5d:c0:a2:20:83:
                    aa:9e:05:cd:37:5b:b2:c6:53:e9:d2:07:2a:8d:1c:
                    a9:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:93:EE:4B:95:4E:72:B8:7C:49:C9:DA:D6:B6:33:4B:9C:CA:DE:64
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/ipPuS5VOcrh8Scna1rYzS5zK3mQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.216.0/24
                  144.31.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:e2:ff:4a:20:d6:8f:3e:fd:46:5b:b9:6b:04:5c:20:0f:7c:
         c4:59:ab:c1:ad:34:a0:9b:ad:0e:ca:2e:e2:e8:e0:dd:3c:c8:
         52:d6:19:c5:2b:35:11:e5:4e:12:f3:14:4b:5c:25:7a:0f:36:
         7d:18:80:c4:9d:8f:c9:d6:b3:ec:e2:11:08:a9:eb:53:95:22:
         74:6c:c2:d6:97:3f:47:75:e9:9a:96:6b:36:d3:41:dc:60:f5:
         6f:fa:d6:8b:da:ac:41:19:50:25:71:20:f2:33:9b:24:52:e8:
         2a:d9:6b:a8:1a:7f:a7:85:e0:73:ba:e2:0d:3b:65:dc:4f:31:
         ab:ee:c9:68:b7:0f:c6:f4:66:03:ca:76:c1:11:59:f9:9c:f8:
         d0:1b:a7:bd:06:14:5b:87:62:bd:eb:86:16:80:65:d0:3d:e0:
         d3:6c:2b:28:91:7f:1b:5b:c3:0f:a9:0c:c1:0d:f8:cb:87:40:
         2a:78:3b:77:e6:bc:dd:b9:ad:10:eb:82:db:98:a1:99:20:06:
         0e:58:ce:8e:48:56:3e:c6:92:b0:18:53:41:b8:cc:8a:b8:52:
         e6:6b:cf:1f:57:a9:ea:9d:82:66:1b:bb:bd:b0:da:0a:5f:7b:
         64:51:00:a6:e0:d1:11:04:d9:98:e9:62:5e:92:f0:96:d6:9b:
         fc:4d:e8:e9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2cVhuhSrZVgralLT4jZNU9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDE3MTY0NjIyWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTkzZWU0Yjk1NGU3MmI4N2M0OWM5ZGFkNmI2MzM0YjljY2FkZTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz3duBCu/OitKiuJHA1sUTDWV8lVI
H/548FijABXRfrhhPpSnk3elq7OBkLO5jdKtdk4zZnVcB2o/bkTT4//u8KLBCLxO
0pUnRnqeuTSpqdyesuF8w4GAQXj055qP1h/rW8SeLsmwA07Z47YPoxGfgsiUmm7D
+mTDaWCY6QaQeM/hYQexi5/TfzL5XorDkhkVU0FnJEP6zE1VVbnhziEX01lvfdot
CbjOhYeZ1E8WXvBpeRJ+EAI90D7KNofFko/OlItzXdEA/ndL+jJWul8zYBJrgoNd
XTzMipFIWixoSDsw1odK6Sc80O1cXcCiIIOqngXNN1uyxlPp0gcqjRypgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIqT7kuVTnK4fEnJ2ta2M0ucyt5kMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvaXBQdVM1Vk9jcmg4U2NuYTFyWXpTNXpLM21RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhrYAwQA
kB8lMA0GCSqGSIb3DQEBCwUAA4IBAQAS4v9KINaPPv1GW7lrBFwgD3zEWavBrTSg
m60Oyi7i6ODdPMhS1hnFKzUR5U4S8xRLXCV6DzZ9GIDEnY/J1rPs4hEIqetTlSJ0
bMLWlz9Hdemalms200HcYPVv+taL2qxBGVAlcSDyM5skUugq2WuoGn+nheBzuuIN
O2XcTzGr7slotw/G9GYDynbBEVn5nPjQG6e9BhRbh2K964YWgGXQPeDTbCsokX8b
W8MPqQzBDfjLh0AqeDt35rzdua0Q64LbmKGZIAYOWM6OSFY+xpKwGFNBuMyKuFLm
a88fV6nqnYJmG7u9sNoKX3tkUQCm4NERBNmY6WJekvCW1pv8Tejp
-----END CERTIFICATE-----