Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kPPp7inSIW5jjFbbFN1GUUZiPiw.roa
File:                     kPPp7inSIW5jjFbbFN1GUUZiPiw.roa (raw, json)
Hash identifier:          5/2pl9yZzcGtFTHiXgCJ+lmiE1/xFpnVG4Pp8jWynco=
Subject key identifier:   90:F3:E9:EE:29:D2:21:6E:63:8C:56:DB:14:DD:46:51:46:62:3E:2C
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DB0FE4779B6E75FFAD3A9AAC72F035CC7
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kPPp7inSIW5jjFbbFN1GUUZiPiw.roa
Signing time:             Tue 21 Apr 2026 17:02:27 +0000
ROA not before:           Tue 21 Apr 2026 17:02:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     4593
IP address blocks:        2.26.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:b0:fe:47:79:b6:e7:5f:fa:d3:a9:aa:c7:2f:03:5c:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 21 17:02:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=90f3e9ee29d2216e638c56db14dd465146623e2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:1c:df:4e:70:c8:f5:91:81:c5:4e:38:59:c4:
                    ff:4d:f3:59:f2:92:82:db:fe:38:6d:cf:00:4b:d6:
                    f8:4b:a3:50:07:04:5d:e5:89:ab:76:03:3b:96:86:
                    cb:f1:a5:b6:c9:8c:2e:1b:a7:7f:60:70:b5:70:58:
                    c2:88:64:71:79:89:b2:ff:00:71:ff:63:e9:5d:e5:
                    bf:49:54:91:41:d6:9a:da:89:fc:19:aa:53:3d:77:
                    11:12:67:ba:b0:39:7a:f3:a4:37:e3:58:b3:f7:6b:
                    ca:f9:f9:f2:79:95:1c:44:ce:df:cd:9d:ee:f9:d7:
                    be:dc:ed:c4:11:3b:af:63:bc:fa:19:1f:92:16:33:
                    76:57:ef:bb:45:98:9e:ee:70:fd:06:67:ec:fa:ab:
                    13:21:b0:47:79:b3:94:ce:35:f5:f1:8f:81:b0:e6:
                    f8:f3:e9:d7:51:54:65:f0:a4:21:fb:65:f1:2d:d5:
                    8a:6f:b5:d8:75:6b:d8:57:7c:77:4b:a0:b2:5a:24:
                    1c:97:60:af:ff:84:1c:1f:29:57:6d:7f:e0:f9:b8:
                    12:7c:ed:d1:d1:ba:c5:93:7d:1c:1a:c5:b3:e5:a2:
                    71:a7:1e:81:cc:71:c7:ab:be:71:2a:b9:d4:23:a0:
                    25:5e:3b:0a:bf:6c:cf:b4:c3:c0:7d:3b:36:88:1d:
                    54:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:F3:E9:EE:29:D2:21:6E:63:8C:56:DB:14:DD:46:51:46:62:3E:2C
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/kPPp7inSIW5jjFbbFN1GUUZiPiw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:67:a3:8f:63:aa:80:65:f5:46:00:f7:1f:78:47:97:b4:d6:
         1d:77:ac:48:ff:c6:7d:8e:42:de:9c:8f:5a:1b:08:e5:cc:83:
         3e:63:77:09:84:d2:ed:d3:e1:ff:4c:1f:59:47:1f:1a:17:33:
         6d:53:77:4c:99:1c:04:e8:c2:b8:93:db:75:84:9e:1f:2c:fb:
         ac:ee:2b:5b:62:29:42:47:56:de:d3:3a:9d:35:7f:73:44:d2:
         f8:25:fa:41:4e:d5:a5:3b:c1:8e:bb:75:17:a4:4e:74:a5:a7:
         b7:fe:af:c2:d0:82:5d:f7:05:6f:19:4e:cd:74:e7:50:64:06:
         74:9f:08:b5:65:05:6d:1a:23:54:94:ac:60:b5:dc:1e:5f:f6:
         84:4c:90:8b:d2:51:ac:e7:60:bb:1a:cd:94:61:72:58:ef:e5:
         9e:d9:0e:06:a4:4f:89:13:5d:97:72:47:a6:e1:bf:2e:d4:51:
         97:23:fa:5b:e8:30:7b:57:b2:30:9d:ad:ee:9a:34:e2:c8:d6:
         28:32:4c:92:18:de:53:aa:3f:51:b2:36:44:32:3e:49:f9:fa:
         fc:7e:10:78:ca:39:57:ac:00:92:2e:9d:c0:7a:e7:71:2c:fb:
         fc:5c:f9:b2:fd:24:ea:31:d7:60:37:49:02:9a:8e:e7:80:c1:
         f5:7d:39:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ2w/kd5tudf+tOpqscvA1zHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDIxMTcwMjI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGYzZTllZTI5ZDIyMTZlNjM4YzU2ZGIxNGRkNDY1MTQ2NjIzZTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBzfTnDI9ZGBxU44WcT/TfNZ8pKC
2/44bc8AS9b4S6NQBwRd5YmrdgM7lobL8aW2yYwuG6d/YHC1cFjCiGRxeYmy/wBx
/2PpXeW/SVSRQdaa2on8GapTPXcREme6sDl686Q341iz92vK+fnyeZUcRM7fzZ3u
+de+3O3EETuvY7z6GR+SFjN2V++7RZie7nD9Bmfs+qsTIbBHebOUzjX18Y+BsOb4
8+nXUVRl8KQh+2XxLdWKb7XYdWvYV3x3S6CyWiQcl2Cv/4QcHylXbX/g+bgSfO3R
0brFk30cGsWz5aJxpx6BzHHHq75xKrnUI6AlXjsKv2zPtMPAfTs2iB1UCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDz6e4p0iFuY4xW2xTdRlFGYj4sMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEva1BQcDdpblNJVzVqakZiYkZOMUdVVVppUGl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhrbMA0G
CSqGSIb3DQEBCwUAA4IBAQCYZ6OPY6qAZfVGAPcfeEeXtNYdd6xI/8Z9jkLenI9a
GwjlzIM+Y3cJhNLt0+H/TB9ZRx8aFzNtU3dMmRwE6MK4k9t1hJ4fLPus7itbYilC
R1be0zqdNX9zRNL4JfpBTtWlO8GOu3UXpE50pae3/q/C0IJd9wVvGU7NdOdQZAZ0
nwi1ZQVtGiNUlKxgtdweX/aETJCL0lGs52C7Gs2UYXJY7+We2Q4GpE+JE12Xckem
4b8u1FGXI/pb6DB7V7Iwna3umjTiyNYoMkySGN5Tqj9RsjZEMj5J+fr8fhB4yjlX
rACSLp3AeudxLPv8XPmy/STqMddgN0kCmo7ngMH1fTk9
-----END CERTIFICATE-----