Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/jfAq2MiC1ZKW6TADOhRS5oSAWsc.roa
File:                     jfAq2MiC1ZKW6TADOhRS5oSAWsc.roa (raw, json)
Hash identifier:          Olp3w2vgRWFU2yK8ZXV4HIXPxnrw2JaZbRNq1roEeSw=
Subject key identifier:   8D:F0:2A:D8:C8:82:D5:92:96:E9:30:03:3A:14:52:E6:84:80:5A:C7
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CF7C5539EBDCDA95B7BFA3E85310C4EE5
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/jfAq2MiC1ZKW6TADOhRS5oSAWsc.roa
Signing time:             Mon 16 Mar 2026 17:50:30 +0000
ROA not before:           Mon 16 Mar 2026 17:50:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     7029
IP address blocks:        2.27.176.0/21 maxlen: 24
                          2.27.184.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f7:c5:53:9e:bd:cd:a9:5b:7b:fa:3e:85:31:0c:4e:e5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 16 17:50:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=8df02ad8c882d59296e930033a1452e684805ac7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ab:2c:81:03:6d:26:ed:f7:8f:a0:f1:eb:c3:
                    4c:a0:09:c7:ff:df:0b:59:bd:66:05:b7:41:43:95:
                    b1:67:d7:4b:65:2c:c9:e5:ea:66:9d:f0:72:8f:ed:
                    52:48:6f:6a:77:70:0a:f0:51:46:b8:43:7e:85:08:
                    28:c1:73:28:20:18:a0:c9:56:b7:e8:be:85:e6:62:
                    c3:fe:dc:74:55:fc:ba:c0:b3:24:4a:2a:72:18:36:
                    a4:11:65:1c:67:90:d2:19:47:1e:8e:f6:93:aa:96:
                    93:ac:ee:cb:82:3b:00:f1:12:b7:00:28:3b:6c:cf:
                    db:8b:f7:65:cf:aa:6f:a5:cb:20:90:00:7e:92:3c:
                    a7:86:33:d8:8f:28:0f:bc:08:cf:af:75:94:28:fb:
                    bc:91:cd:b3:7f:7f:ab:53:b3:32:0e:e5:13:08:e8:
                    2f:ee:4f:55:58:b9:47:5b:b0:ec:c1:ea:43:e2:11:
                    a9:67:b9:78:cf:77:4c:25:d3:d3:50:d4:bf:b5:0f:
                    4b:88:6c:45:a1:18:54:00:6b:3c:0e:5e:d2:9e:df:
                    68:06:1f:06:5f:2c:e7:b0:9e:7e:a6:8a:46:65:fb:
                    c8:24:57:ef:0c:59:0d:5b:db:01:e5:51:5b:86:9e:
                    34:89:98:f3:be:ca:b3:71:88:5a:06:26:b0:d4:d9:
                    92:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:F0:2A:D8:C8:82:D5:92:96:E9:30:03:3A:14:52:E6:84:80:5A:C7
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/jfAq2MiC1ZKW6TADOhRS5oSAWsc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         29:d8:7e:31:bd:29:67:ed:0d:9a:89:73:c6:b2:8b:5e:02:46:
         bf:7c:c1:8f:0c:c2:aa:be:d4:36:a1:6b:94:0e:c6:3d:68:77:
         51:92:05:1a:51:11:d3:8a:7a:bd:47:91:11:6e:95:b4:44:8e:
         85:4f:8d:51:e8:dd:56:2c:d3:01:2f:7c:05:d3:a6:c1:d9:46:
         88:cc:54:0d:08:d1:1a:7a:ea:e5:28:00:9d:a6:f1:0b:fe:0f:
         14:40:a8:33:6c:31:55:4c:58:8f:5a:1f:e8:94:f0:f7:57:80:
         d9:d7:79:fd:a5:60:66:a5:80:37:3d:68:15:3d:c3:96:ee:57:
         bf:ea:f5:7d:9d:ef:73:14:b8:85:d1:2e:88:c5:85:09:7d:54:
         dc:9d:4d:9f:f3:28:93:da:3b:89:53:65:5d:18:cf:1e:1c:16:
         69:bf:be:45:05:26:47:14:4c:5e:24:c5:e2:3c:01:e6:14:56:
         ca:b5:1e:1b:b6:ba:07:ba:b4:6c:6d:c0:da:66:8e:4a:75:ab:
         05:e8:35:55:8b:d5:aa:47:2a:4d:0f:39:7a:d4:76:58:ff:13:
         87:33:63:3b:8b:78:5c:2a:9c:29:5a:0b:95:bd:88:56:4f:74:
         ff:de:b0:b9:dd:d9:89:d6:a3:fb:8f:fc:c8:5c:c2:a2:55:6e:
         52:22:da:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz3xVOevc2pW3v6PoUxDE7lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE2MTc1MDMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGYwMmFkOGM4ODJkNTkyOTZlOTMwMDMzYTE0NTJlNjg0ODA1YWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6ssgQNtJu33j6Dx68NMoAnH/98L
Wb1mBbdBQ5WxZ9dLZSzJ5epmnfByj+1SSG9qd3AK8FFGuEN+hQgowXMoIBigyVa3
6L6F5mLD/tx0Vfy6wLMkSipyGDakEWUcZ5DSGUcejvaTqpaTrO7LgjsA8RK3ACg7
bM/bi/dlz6pvpcsgkAB+kjynhjPYjygPvAjPr3WUKPu8kc2zf3+rU7MyDuUTCOgv
7k9VWLlHW7DswepD4hGpZ7l4z3dMJdPTUNS/tQ9LiGxFoRhUAGs8Dl7Snt9oBh8G
XyznsJ5+popGZfvIJFfvDFkNW9sB5VFbhp40iZjzvsqzcYhaBiaw1NmSoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI3wKtjIgtWSlukwAzoUUuaEgFrHMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvamZBcTJNaUMxWktXNlRBRE9oUlM1b1NBV3NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEAhuwMA0G
CSqGSIb3DQEBCwUAA4IBAQAp2H4xvSln7Q2aiXPGsoteAka/fMGPDMKqvtQ2oWuU
DsY9aHdRkgUaURHTinq9R5ERbpW0RI6FT41R6N1WLNMBL3wF06bB2UaIzFQNCNEa
eurlKACdpvEL/g8UQKgzbDFVTFiPWh/olPD3V4DZ13n9pWBmpYA3PWgVPcOW7le/
6vV9ne9zFLiF0S6IxYUJfVTcnU2f8yiT2juJU2VdGM8eHBZpv75FBSZHFExeJMXi
PAHmFFbKtR4btroHurRsbcDaZo5KdasF6DVVi9WqRypNDzl61HZY/xOHM2M7i3hc
KpwpWguVvYhWT3T/3rC53dmJ1qP7j/zIXMKiVW5SItqo
-----END CERTIFICATE-----