Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lVZbG_H3GvIRQZBGBtXdEp24m9U.roa
File:                     lVZbG_H3GvIRQZBGBtXdEp24m9U.roa (raw, json)
Hash identifier:          /gUDJCw8dms2O1720wsX7YYZhyQ3yiV6LoQG0HpGvK0=
Subject key identifier:   95:56:5B:1B:F1:F7:1A:F2:11:41:90:46:06:D5:DD:12:9D:B8:9B:D5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D3548384D08D52E28D315EA914BC82EF4
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lVZbG_H3GvIRQZBGBtXdEp24m9U.roa
Signing time:             Sat 28 Mar 2026 16:30:18 +0000
ROA not before:           Sat 28 Mar 2026 16:30:18 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     204942
IP address blocks:        2.27.82.0/24 maxlen: 24
                          2.27.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 Apr 2026 00:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:35:48:38:4d:08:d5:2e:28:d3:15:ea:91:4b:c8:2e:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 28 16:30:18 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=95565b1bf1f71af21141904606d5dd129db89bd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:fd:cb:82:da:e7:ae:92:a8:68:af:5e:fc:b2:
                    28:41:9a:eb:a1:2b:16:71:75:97:62:85:f6:18:34:
                    ce:34:ac:ed:85:0c:ad:e7:ec:c1:35:96:6b:a4:d8:
                    66:33:59:a5:33:f1:ce:6b:84:86:d7:cf:43:66:f7:
                    f1:b2:f6:a1:10:31:0f:ae:af:2d:52:20:98:3f:3d:
                    2b:5e:45:8c:c0:f1:49:a0:c4:c8:88:f3:c0:11:d7:
                    83:d8:ed:25:4e:34:bb:96:0d:15:33:57:9d:1b:76:
                    83:1d:80:2b:64:d6:1a:04:5b:18:13:fb:67:90:30:
                    f6:b7:ff:12:20:e8:7e:ed:25:40:af:b9:8e:ca:4a:
                    6d:af:2a:d7:36:87:7b:11:0c:1a:7e:f2:20:46:0a:
                    8a:69:8a:d0:08:f9:e3:79:23:b6:20:bc:96:28:3a:
                    f9:3f:fb:f3:e6:79:0d:bd:92:44:42:12:6b:9c:73:
                    53:b6:a6:61:e3:c4:d4:40:84:9a:36:5b:6d:4c:17:
                    12:c1:a6:b6:31:e2:3e:a4:9d:10:aa:b8:f6:98:00:
                    97:cb:34:c3:2d:58:65:aa:04:fa:f7:d6:36:99:74:
                    8b:bb:13:12:6f:5c:eb:0a:07:64:cf:d1:27:8c:b6:
                    d8:00:db:72:02:81:28:b5:d3:a9:78:3e:04:68:ef:
                    d0:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:56:5B:1B:F1:F7:1A:F2:11:41:90:46:06:D5:DD:12:9D:B8:9B:D5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/lVZbG_H3GvIRQZBGBtXdEp24m9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.82.0/24
                  2.27.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:c3:1a:32:7c:cc:6b:69:04:1d:a5:2d:e0:f0:0f:90:2a:2b:
         ea:15:44:2a:60:4f:95:53:2b:55:ce:77:e5:d5:85:ed:a3:88:
         7d:03:99:63:d5:12:a2:06:30:5c:bb:3d:ab:d5:ae:74:20:95:
         9d:f5:df:67:c7:7b:bf:89:e4:93:0d:3e:08:c0:9c:90:15:d1:
         a0:77:e0:6c:6f:46:57:2c:af:d1:e9:8a:56:18:2b:14:d6:d2:
         e6:20:87:1d:ff:fa:13:c4:42:2f:52:ff:c1:7a:04:54:49:11:
         75:c6:4e:a7:3b:f6:a0:23:e3:c4:5f:2e:15:f2:de:58:d2:7a:
         39:f9:b8:02:0b:b0:52:45:56:82:49:e0:81:f1:f6:6a:27:ad:
         c5:a8:e9:fe:54:24:27:2a:bb:0e:0c:d8:5c:b5:71:e1:4e:4f:
         0e:f2:fa:47:2e:e3:98:ec:fb:ff:af:ae:02:d7:c6:18:43:9a:
         3d:de:54:46:00:8a:3a:4b:cb:91:c9:42:fb:a3:c2:d3:9a:ff:
         6f:6d:8b:fe:bc:31:2d:fb:64:35:10:91:ff:fa:dc:61:06:c1:
         4d:c2:f8:28:24:f8:6b:33:f7:af:7e:52:c7:42:93:01:85:7a:
         85:09:3f:e2:99:67:f0:eb:d0:70:6d:68:9c:1d:6d:f2:8a:dc:
         b2:d3:20:fd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ01SDhNCNUuKNMV6pFLyC70MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzI4MTYzMDE4WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTU2NWIxYmYxZjcxYWYyMTE0MTkwNDYwNmQ1ZGQxMjlkYjg5YmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApP3LgtrnrpKoaK9e/LIoQZrroSsW
cXWXYoX2GDTONKzthQyt5+zBNZZrpNhmM1mlM/HOa4SG189DZvfxsvahEDEPrq8t
UiCYPz0rXkWMwPFJoMTIiPPAEdeD2O0lTjS7lg0VM1edG3aDHYArZNYaBFsYE/tn
kDD2t/8SIOh+7SVAr7mOykptryrXNod7EQwafvIgRgqKaYrQCPnjeSO2ILyWKDr5
P/vz5nkNvZJEQhJrnHNTtqZh48TUQISaNlttTBcSwaa2MeI+pJ0Qqrj2mACXyzTD
LVhlqgT699Y2mXSLuxMSb1zrCgdkz9EnjLbYANtyAoEotdOpeD4EaO/QmQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJVWWxvx9xryEUGQRgbV3RKduJvVMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbFZaYkdfSDNHdklSUVpCR0J0WGRFcDI0bTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtSAwQA
AhuaMA0GCSqGSIb3DQEBCwUAA4IBAQCMwxoyfMxraQQdpS3g8A+QKivqFUQqYE+V
UytVznfl1YXto4h9A5lj1RKiBjBcuz2r1a50IJWd9d9nx3u/ieSTDT4IwJyQFdGg
d+Bsb0ZXLK/R6YpWGCsU1tLmIIcd//oTxEIvUv/BegRUSRF1xk6nO/agI+PEXy4V
8t5Y0no5+bgCC7BSRVaCSeCB8fZqJ63FqOn+VCQnKrsODNhctXHhTk8O8vpHLuOY
7Pv/r64C18YYQ5o93lRGAIo6S8uRyUL7o8LTmv9vbYv+vDEt+2Q1EJH/+txhBsFN
wvgoJPhrM/evflLHQpMBhXqFCT/imWfw69BwbWicHW3yityy0yD9
-----END CERTIFICATE-----