Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/k8d2xL0LY80TiN_3Lbeer7GeN0g.roa
File:                     k8d2xL0LY80TiN_3Lbeer7GeN0g.roa (raw, json)
Hash identifier:          JJD3KvuvvbVM1z23GqMxtUAwcGJcpIplWpYIT2JC/k0=
Subject key identifier:   93:C7:76:C4:BD:0B:63:CD:13:88:DF:F7:2D:B7:9E:AF:B1:9E:37:48
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF3BA5F69BC30E37923DF4F0B3344CEAE
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/k8d2xL0LY80TiN_3Lbeer7GeN0g.roa
Signing time:             Mon 04 May 2026 16:02:50 +0000
ROA not before:           Mon 04 May 2026 16:02:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199863
IP address blocks:        2.27.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f3:ba:5f:69:bc:30:e3:79:23:df:4f:0b:33:44:ce:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  4 16:02:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=93c776c4bd0b63cd1388dff72db79eafb19e3748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:27:ca:fb:44:b9:71:3d:d9:c7:83:bc:40:4b:
                    88:ec:fb:a1:11:de:58:8e:d0:34:b9:93:89:c7:4c:
                    13:84:20:c1:f8:e5:8b:f3:8d:02:89:29:68:32:a2:
                    0e:9d:5a:d7:55:dc:5f:a7:4d:06:7a:08:6c:a6:ba:
                    3a:a5:20:1c:9e:35:53:b3:86:ce:4d:70:c4:8d:41:
                    ec:33:28:11:79:f3:98:d8:c2:ac:72:f4:61:27:77:
                    5e:28:bf:c6:c1:35:60:93:e7:a7:20:5d:59:9b:52:
                    e9:d1:bd:84:35:0a:13:a5:d4:f3:ab:d4:62:fa:7a:
                    0d:47:87:d0:c7:5c:b9:bf:27:48:d9:ac:b4:0a:4d:
                    40:62:de:81:16:cf:33:b9:d3:63:76:e9:41:f2:a3:
                    c8:9c:17:66:41:a0:4f:fd:57:81:30:dc:e8:7e:a1:
                    79:e9:9f:95:88:06:6e:f3:2d:cc:5c:7e:3e:c8:5d:
                    88:50:5f:8a:14:37:1d:c5:3f:92:53:d9:5f:da:e4:
                    e9:e1:d1:19:71:ee:77:13:21:75:f5:7f:3f:61:e8:
                    6b:f6:d1:84:7e:a5:84:f3:4c:48:79:41:56:e1:7c:
                    f3:8d:46:02:f2:46:d8:51:03:ef:f9:6b:fd:58:50:
                    46:99:4e:4e:34:dd:4f:d5:84:6a:34:56:25:5f:02:
                    af:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:C7:76:C4:BD:0B:63:CD:13:88:DF:F7:2D:B7:9E:AF:B1:9E:37:48
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/k8d2xL0LY80TiN_3Lbeer7GeN0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:f2:55:b6:9b:16:ff:ed:39:05:17:fb:89:c1:95:6b:d5:f9:
         75:69:1c:76:d4:97:ce:40:1a:e6:ca:99:d8:55:64:60:ad:92:
         71:1b:50:1f:8c:ae:fe:2d:21:62:0c:a8:74:14:a3:d9:01:0d:
         48:88:d3:9a:98:89:e2:18:d5:c1:cd:ba:b6:9a:b1:6a:64:a1:
         9a:fd:39:01:4c:0e:c5:cf:57:e8:0d:38:a8:26:53:e9:fa:13:
         a5:9a:bc:b2:cc:e4:e2:a5:a8:af:03:80:4f:75:dd:d5:5a:19:
         a8:f2:ae:e2:d7:4c:38:fa:64:5d:0f:95:e4:b1:a0:43:d0:d0:
         91:1a:9a:b3:b9:8f:df:ec:89:4c:1b:27:62:6a:74:1f:74:b0:
         a9:ab:d9:1c:e0:01:5b:ef:58:b0:ee:52:7b:72:e8:bc:77:9d:
         11:d5:30:3e:d0:84:66:f0:5a:1a:ee:4b:1b:04:9e:3a:a5:ad:
         f4:a1:98:45:74:b7:4a:2a:da:50:89:33:2a:15:18:d1:8f:f7:
         c4:83:71:e6:a6:e6:2e:a3:c8:1e:a3:31:34:15:fd:1d:d4:88:
         e0:39:7e:1e:5a:64:41:27:03:51:b9:ec:c3:f4:22:6e:ae:96:
         31:c2:7d:c7:bd:a4:18:e6:d7:16:1f:0b:be:aa:d7:c6:fe:89:
         09:d6:a8:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3zul9pvDDjeSPfTwszRM6uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA0MTYwMjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2M3NzZjNGJkMGI2M2NkMTM4OGRmZjcyZGI3OWVhZmIxOWUzNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtyfK+0S5cT3Zx4O8QEuI7PuhEd5Y
jtA0uZOJx0wThCDB+OWL840CiSloMqIOnVrXVdxfp00Geghspro6pSAcnjVTs4bO
TXDEjUHsMygRefOY2MKscvRhJ3deKL/GwTVgk+enIF1Zm1Lp0b2ENQoTpdTzq9Ri
+noNR4fQx1y5vydI2ay0Ck1AYt6BFs8zudNjdulB8qPInBdmQaBP/VeBMNzofqF5
6Z+ViAZu8y3MXH4+yF2IUF+KFDcdxT+SU9lf2uTp4dEZce53EyF19X8/Yehr9tGE
fqWE80xIeUFW4XzzjUYC8kbYUQPv+Wv9WFBGmU5ONN1P1YRqNFYlXwKv6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJPHdsS9C2PNE4jf9y23nq+xnjdIMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvazhkMnhMMExZODBUaU5fM0xiZWVyN0dlTjBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhuvMA0G
CSqGSIb3DQEBCwUAA4IBAQBM8lW2mxb/7TkFF/uJwZVr1fl1aRx21JfOQBrmypnY
VWRgrZJxG1AfjK7+LSFiDKh0FKPZAQ1IiNOamIniGNXBzbq2mrFqZKGa/TkBTA7F
z1foDTioJlPp+hOlmryyzOTipaivA4BPdd3VWhmo8q7i10w4+mRdD5XksaBD0NCR
GpqzuY/f7IlMGydianQfdLCpq9kc4AFb71iw7lJ7cui8d50R1TA+0IRm8Foa7ksb
BJ46pa30oZhFdLdKKtpQiTMqFRjRj/fEg3HmpuYuo8geozE0Ff0d1IjgOX4eWmRB
JwNRuezD9CJurpYxwn3HvaQY5tcWHwu+qtfG/okJ1qgI
-----END CERTIFICATE-----