Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kLimsk56JLk-YJPOy2rHlDTjwEU.roa
File:                     kLimsk56JLk-YJPOy2rHlDTjwEU.roa (raw, json)
Hash identifier:          IA/CKT7U4GUI4Z7mhPfRh1VUbP6137p5zdkvU8GLSWs=
Subject key identifier:   90:B8:A6:B2:4E:7A:24:B9:3E:60:93:CE:CB:6A:C7:94:34:E3:C0:45
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019EDB93FC918ED07017356A7FF6BF5F0F33
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kLimsk56JLk-YJPOy2rHlDTjwEU.roa
Signing time:             Thu 18 Jun 2026 16:32:49 +0000
ROA not before:           Thu 18 Jun 2026 16:32:49 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402187
IP address blocks:        2.27.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 20 Jun 2026 19:57:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:db:93:fc:91:8e:d0:70:17:35:6a:7f:f6:bf:5f:0f:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 18 16:32:49 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90b8a6b24e7a24b93e6093cecb6ac79434e3c045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b1:b4:57:80:fb:24:24:54:b2:89:35:db:87:
                    c3:b2:83:df:38:11:82:70:b4:7e:df:ad:c9:78:7f:
                    64:32:fa:6c:0c:61:12:70:24:54:69:08:86:ff:c4:
                    e7:9a:09:1f:a3:e1:59:1a:46:7f:f2:1a:bd:5e:8c:
                    b8:c4:51:ab:f1:ec:84:54:b3:90:bd:49:92:71:b7:
                    15:b0:cf:06:47:b8:ab:69:9f:ec:3d:05:f8:e4:c4:
                    88:f5:f2:f7:b1:fc:12:60:90:74:48:8d:13:0e:39:
                    85:8c:e0:91:97:a7:3a:4a:8a:72:b3:71:01:be:84:
                    5c:58:62:f2:70:fd:02:69:08:50:f4:8d:f9:80:c8:
                    2e:25:dd:e5:8f:e9:d1:a0:88:bc:9c:4e:72:1f:b2:
                    67:fe:52:82:4b:d7:dd:b0:90:7a:5e:c7:9f:42:77:
                    81:cc:53:44:35:4c:7f:38:77:f0:fd:a9:c6:f8:51:
                    59:3b:c8:a0:c4:99:6b:07:35:4b:f2:86:bc:8d:98:
                    e2:f5:d3:23:92:4a:88:01:6c:8d:c4:99:39:ac:e6:
                    48:99:db:7a:dd:4c:ea:a8:2c:f9:70:f6:2c:c4:03:
                    c7:0f:e2:87:2e:71:2d:07:b7:68:78:54:af:57:ce:
                    cd:8a:08:00:c5:92:a6:8e:17:7e:b3:43:43:dd:db:
                    96:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:B8:A6:B2:4E:7A:24:B9:3E:60:93:CE:CB:6A:C7:94:34:E3:C0:45
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kLimsk56JLk-YJPOy2rHlDTjwEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:05:2c:71:f5:6d:9f:e8:51:7d:29:c0:03:72:97:44:4a:39:
         3c:d2:7d:95:d0:4f:0f:50:c3:91:3b:6f:07:b3:42:2e:7f:22:
         9f:13:e5:f9:1f:a7:04:0d:70:38:b5:03:23:88:01:e9:cb:71:
         be:a3:5e:5c:08:a1:1f:fd:ac:ea:47:17:b7:65:98:52:4f:9c:
         92:b0:b5:f1:06:31:d4:dd:46:b2:ef:bd:01:10:28:82:6f:04:
         f5:9c:ff:a9:53:f3:cb:71:88:53:91:6a:96:55:7e:35:2d:4e:
         75:84:6c:cd:e9:2c:58:fe:3d:6e:86:a5:71:6f:4c:d4:f1:79:
         cb:0b:31:38:3f:76:a8:0c:56:4d:70:9b:ca:4e:1a:e5:60:a8:
         3b:a9:bb:7d:90:36:c3:ab:db:8a:4d:d2:55:ad:08:69:e2:e9:
         f2:01:02:1c:81:f2:71:95:1f:16:c1:a3:83:21:bc:f4:04:02:
         0e:d9:dd:2d:e0:e6:71:6d:f3:20:b4:a4:b5:54:83:ac:ca:2d:
         c3:39:74:c9:3c:2f:56:35:ec:90:9e:cc:50:07:6c:da:92:33:
         7e:2d:32:18:a2:5a:40:09:78:8f:5b:b2:56:9a:38:ff:f3:8d:
         92:49:78:2a:6e:f5:65:7c:68:26:67:d8:1a:27:a1:4a:d5:d2:
         d2:2a:49:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ7bk/yRjtBwFzVqf/a/Xw8zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjE4MTYzMjQ5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGI4YTZiMjRlN2EyNGI5M2U2MDkzY2VjYjZhYzc5NDM0ZTNjMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLG0V4D7JCRUsok124fDsoPfOBGC
cLR+363JeH9kMvpsDGEScCRUaQiG/8Tnmgkfo+FZGkZ/8hq9Xoy4xFGr8eyEVLOQ
vUmScbcVsM8GR7iraZ/sPQX45MSI9fL3sfwSYJB0SI0TDjmFjOCRl6c6Sopys3EB
voRcWGLycP0CaQhQ9I35gMguJd3lj+nRoIi8nE5yH7Jn/lKCS9fdsJB6XsefQneB
zFNENUx/OHfw/anG+FFZO8igxJlrBzVL8oa8jZji9dMjkkqIAWyNxJk5rOZImdt6
3UzqqCz5cPYsxAPHD+KHLnEtB7doeFSvV87NiggAxZKmjhd+s0ND3duWAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJC4prJOeiS5PmCTzstqx5Q048BFMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEva0xpbXNrNTZKTGstWUpQT3kyckhsRFRqd0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhukMA0G
CSqGSIb3DQEBCwUAA4IBAQABBSxx9W2f6FF9KcADcpdESjk80n2V0E8PUMORO28H
s0IufyKfE+X5H6cEDXA4tQMjiAHpy3G+o15cCKEf/azqRxe3ZZhST5ySsLXxBjHU
3Uay770BECiCbwT1nP+pU/PLcYhTkWqWVX41LU51hGzN6SxY/j1uhqVxb0zU8XnL
CzE4P3aoDFZNcJvKThrlYKg7qbt9kDbDq9uKTdJVrQhp4unyAQIcgfJxlR8WwaOD
Ibz0BAIO2d0t4OZxbfMgtKS1VIOsyi3DOXTJPC9WNeyQnsxQB2zakjN+LTIYolpA
CXiPW7JWmjj/842SSXgqbvVlfGgmZ9gaJ6FK1dLSKkn3
-----END CERTIFICATE-----