Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l3-EBWISzC2WFLYqxQylBYbTt4c.roa
File:                     l3-EBWISzC2WFLYqxQylBYbTt4c.roa (raw, json)
Hash identifier:          k1+1fQ5Si6V7N0PL+kNvMgRcBetx4/LDV5ww/pRwmv4=
Subject key identifier:   97:7F:84:05:62:12:CC:2D:96:14:B6:2A:C5:0C:A5:05:86:D3:B7:87
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D79D791187FC59BCD633AE5D6F4C25D92
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l3-EBWISzC2WFLYqxQylBYbTt4c.roa
Signing time:             Sat 11 Apr 2026 00:01:03 +0000
ROA not before:           Sat 11 Apr 2026 00:01:03 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     154361
IP address blocks:        2.26.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 Apr 2026 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:79:d7:91:18:7f:c5:9b:cd:63:3a:e5:d6:f4:c2:5d:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr 11 00:01:03 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=977f84056212cc2d9614b62ac50ca50586d3b787
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:88:5e:42:e8:31:5b:44:ce:a2:bd:ec:e5:dd:
                    9f:41:f3:b7:84:b4:67:16:b4:56:d0:d1:4a:92:6d:
                    44:9c:1d:29:fe:d2:7b:06:38:c0:c4:1c:3c:7f:89:
                    b2:4e:9b:5e:fd:bc:9b:cf:85:61:41:4f:35:c1:32:
                    42:20:fc:8f:f9:4b:9a:d3:40:c1:5e:cd:b1:4f:e9:
                    f6:88:82:eb:dd:08:a9:87:03:23:7c:8b:fd:f3:b0:
                    15:54:30:a4:0f:3b:51:38:4b:3d:d1:3c:00:7e:d0:
                    9c:38:97:dd:79:68:81:e3:72:01:35:4a:71:07:dc:
                    5a:db:26:a4:31:66:d8:50:be:86:ee:7b:82:8f:cf:
                    e1:bc:25:aa:e2:2d:3d:d9:fa:91:5a:19:e2:a3:80:
                    6e:d4:f3:e7:02:5d:81:c1:34:29:ef:84:67:ed:1d:
                    f7:d6:6e:6c:9e:ea:9c:53:d6:7f:d3:96:a7:f3:6b:
                    56:c5:13:ed:ec:97:74:3c:30:3c:1a:28:bf:53:ff:
                    d4:01:ae:2e:17:2c:ee:e7:55:23:03:b1:ca:36:46:
                    65:b6:d9:0c:e9:bb:8a:47:c8:49:d5:4b:a8:02:84:
                    66:8e:59:72:1e:be:37:ca:eb:49:ea:0b:3b:20:e9:
                    9a:1d:1c:5f:a6:6e:a6:41:e9:46:b3:64:f0:19:51:
                    e5:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:7F:84:05:62:12:CC:2D:96:14:B6:2A:C5:0C:A5:05:86:D3:B7:87
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/l3-EBWISzC2WFLYqxQylBYbTt4c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:20:b3:0b:d1:bf:e1:bc:e3:5a:77:01:d8:7b:31:71:5d:6b:
         83:25:37:88:f2:3f:64:02:0e:0f:81:1b:17:f3:17:04:68:25:
         72:b9:79:fd:4c:bd:78:a0:e9:2a:0b:cf:d3:f9:ce:b0:40:ad:
         11:bb:08:ba:f6:13:82:96:48:bd:1f:a7:7f:ba:58:58:a2:26:
         62:82:3e:22:6d:ba:9e:39:05:02:a7:b7:cd:83:93:8b:25:33:
         1a:51:81:a3:40:d5:40:90:41:29:1c:86:1d:f9:55:b5:67:4e:
         fd:5f:38:f5:c2:9d:b9:6f:8b:34:aa:ed:f6:fb:dd:f3:8b:54:
         f0:bc:82:d8:ce:c9:ab:0e:db:99:9e:ab:aa:4e:7a:cb:22:e8:
         32:60:42:4a:19:38:91:7c:02:e2:da:db:ef:d9:89:80:45:d7:
         ef:1e:e2:fa:e3:b0:26:4e:ea:e0:66:b9:63:96:b5:12:c4:fb:
         b6:75:5f:21:04:26:27:71:28:f9:50:60:e6:b9:4a:f9:32:4b:
         e7:e8:57:87:79:cb:3d:01:49:2b:a9:79:49:50:94:f5:c5:d5:
         36:cb:39:68:c7:51:db:de:f2:47:84:0b:37:fe:d7:dd:95:5f:
         08:10:33:b2:dd:b3:30:bc:c4:29:07:8a:2b:ba:22:a6:ad:64:
         21:6c:fe:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ1515EYf8WbzWM65db0wl2SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDExMDAwMTAzWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzdmODQwNTYyMTJjYzJkOTYxNGI2MmFjNTBjYTUwNTg2ZDNiNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoheQugxW0TOor3s5d2fQfO3hLRn
FrRW0NFKkm1EnB0p/tJ7BjjAxBw8f4myTpte/bybz4VhQU81wTJCIPyP+Uua00DB
Xs2xT+n2iILr3QiphwMjfIv987AVVDCkDztROEs90TwAftCcOJfdeWiB43IBNUpx
B9xa2yakMWbYUL6G7nuCj8/hvCWq4i092fqRWhnio4Bu1PPnAl2BwTQp74Rn7R33
1m5snuqcU9Z/05an82tWxRPt7Jd0PDA8Gii/U//UAa4uFyzu51UjA7HKNkZlttkM
6buKR8hJ1UuoAoRmjllyHr43yutJ6gs7IOmaHRxfpm6mQelGs2TwGVHlFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJd/hAViEswtlhS2KsUMpQWG07eHMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbDMtRUJXSVN6QzJXRkxZcXhReWxCWWJUdDRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhqeMA0G
CSqGSIb3DQEBCwUAA4IBAQAKILML0b/hvONadwHYezFxXWuDJTeI8j9kAg4PgRsX
8xcEaCVyuXn9TL14oOkqC8/T+c6wQK0Ruwi69hOClki9H6d/ulhYoiZigj4ibbqe
OQUCp7fNg5OLJTMaUYGjQNVAkEEpHIYd+VW1Z079Xzj1wp25b4s0qu32+93zi1Tw
vILYzsmrDtuZnquqTnrLIugyYEJKGTiRfALi2tvv2YmARdfvHuL647AmTurgZrlj
lrUSxPu2dV8hBCYncSj5UGDmuUr5Mkvn6FeHecs9AUkrqXlJUJT1xdU2yzlox1Hb
3vJHhAs3/tfdlV8IEDOy3bMwvMQpB4oruiKmrWQhbP4/
-----END CERTIFICATE-----