Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mjz_EsqiA4Y-jsRe1vnrSwHuQME.roa
File:                     mjz_EsqiA4Y-jsRe1vnrSwHuQME.roa (raw, json)
Hash identifier:          R2b4bD7+3rzOqzBAF5GiymQZ+9y1Fub/9p1VoQJLGbw=
Subject key identifier:   9A:3C:FF:12:CA:A2:03:86:3E:8E:C4:5E:D6:F9:EB:4B:01:EE:40:C1
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D68DA27CD81F8F85CFFFB6D47D185E41D
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mjz_EsqiA4Y-jsRe1vnrSwHuQME.roa
Signing time:             Tue 07 Apr 2026 16:50:20 +0000
ROA not before:           Tue 07 Apr 2026 16:50:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     40352
IP address blocks:        2.26.159.0/24 maxlen: 24
                          2.27.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 Apr 2026 17:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:68:da:27:cd:81:f8:f8:5c:ff:fb:6d:47:d1:85:e4:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Apr  7 16:50:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9a3cff12caa203863e8ec45ed6f9eb4b01ee40c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:3a:cd:fd:22:d8:22:57:b6:cc:a2:b1:f2:c9:
                    33:33:5b:86:82:24:ee:cd:f2:29:0d:6d:36:b9:2c:
                    6f:23:99:e6:1e:2a:ef:c0:9c:b7:62:47:97:e7:2f:
                    3a:88:c6:81:60:a8:16:9b:2f:9e:ff:5d:4c:30:27:
                    3f:50:88:5a:43:67:0d:3d:68:99:2f:3d:92:73:ac:
                    6b:c9:80:a4:f1:fc:3e:14:83:70:8d:a9:d3:38:36:
                    cd:e8:86:98:e9:61:28:bb:88:70:8d:7e:10:c9:68:
                    95:b5:66:34:7f:97:b3:fe:aa:48:24:fb:1a:35:5a:
                    3f:91:08:80:c7:71:62:98:39:2a:1f:09:02:17:ce:
                    14:79:7b:fc:b7:69:b9:99:8e:f2:5f:30:55:30:74:
                    29:91:af:f2:34:c7:0f:e7:d7:4e:f7:e9:48:9e:8a:
                    50:99:c0:f9:e4:d4:7a:0d:ed:1a:6c:3e:38:0d:f6:
                    6e:8d:9c:f5:86:9e:eb:ed:44:c8:4f:2f:3d:73:1e:
                    2e:16:48:69:66:72:c3:0c:b7:97:6d:66:b8:8a:75:
                    b3:ea:c2:24:b2:35:e5:3b:f9:36:53:92:bf:30:29:
                    38:ea:a6:80:9b:69:81:23:8f:17:58:c5:fe:9d:ef:
                    fe:77:68:97:20:6a:31:2d:6c:5d:c9:ed:e8:fb:43:
                    9d:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:3C:FF:12:CA:A2:03:86:3E:8E:C4:5E:D6:F9:EB:4B:01:EE:40:C1
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/mjz_EsqiA4Y-jsRe1vnrSwHuQME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.159.0/24
                  2.27.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:aa:40:e9:2d:ce:97:f0:28:2e:53:de:ff:85:2d:9a:f7:36:
         70:90:f9:b8:27:a6:c8:1f:c6:a4:11:fd:56:96:d1:6f:f0:5a:
         64:cc:fb:94:ef:df:5e:07:9f:89:1e:3d:61:b8:cd:f8:fb:6c:
         98:b3:e2:47:ce:bc:0c:51:62:37:14:14:a2:ff:22:3c:9f:89:
         2e:be:3a:6f:94:54:26:19:97:2f:75:fb:6c:d6:d3:f6:f4:46:
         2b:cb:46:fd:f0:7b:97:02:1d:b3:58:71:2d:cd:bb:ae:2f:6f:
         0b:8a:86:d5:3e:4b:b5:f3:29:02:fb:cb:63:44:41:14:d2:be:
         1b:c4:8f:6f:57:05:c3:f7:ed:61:20:a3:91:0d:3c:6f:b0:58:
         49:80:c0:ef:7a:27:ab:fd:d6:00:0e:86:0a:3f:25:c8:3a:2e:
         89:17:22:57:5a:c8:e2:ae:f3:1d:c9:bc:90:80:c0:4d:a0:c5:
         f2:6d:88:05:d6:c3:16:f4:12:64:94:07:08:3e:9e:b2:84:ff:
         a4:10:65:ba:6f:8d:61:3a:86:b0:34:a8:c2:d0:8b:18:05:30:
         fb:15:61:42:77:a7:6d:cb:1d:df:ad:a3:6a:d9:ec:d8:50:c3:
         21:3b:6f:bf:4c:71:84:47:4c:4b:56:78:94:4c:87:50:39:54:
         54:10:3e:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ1o2ifNgfj4XP/7bUfRheQdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNDA3MTY1MDIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTNjZmYxMmNhYTIwMzg2M2U4ZWM0NWVkNmY5ZWI0YjAxZWU0MGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTrN/SLYIle2zKKx8skzM1uGgiTu
zfIpDW02uSxvI5nmHirvwJy3YkeX5y86iMaBYKgWmy+e/11MMCc/UIhaQ2cNPWiZ
Lz2Sc6xryYCk8fw+FINwjanTODbN6IaY6WEou4hwjX4QyWiVtWY0f5ez/qpIJPsa
NVo/kQiAx3FimDkqHwkCF84UeXv8t2m5mY7yXzBVMHQpka/yNMcP59dO9+lInopQ
mcD55NR6De0abD44DfZujZz1hp7r7UTITy89cx4uFkhpZnLDDLeXbWa4inWz6sIk
sjXlO/k2U5K/MCk46qaAm2mBI48XWMX+ne/+d2iXIGoxLWxdye3o+0Od9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJo8/xLKogOGPo7EXtb560sB7kDBMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbWp6X0VzcWlBNFktanNSZTF2bnJTd0h1UU1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqfAwQA
AhuvMA0GCSqGSIb3DQEBCwUAA4IBAQA3qkDpLc6X8CguU97/hS2a9zZwkPm4J6bI
H8akEf1WltFv8FpkzPuU799eB5+JHj1huM34+2yYs+JHzrwMUWI3FBSi/yI8n4ku
vjpvlFQmGZcvdfts1tP29EYry0b98HuXAh2zWHEtzbuuL28LiobVPku18ykC+8tj
REEU0r4bxI9vVwXD9+1hIKORDTxvsFhJgMDveier/dYADoYKPyXIOi6JFyJXWsji
rvMdybyQgMBNoMXybYgF1sMW9BJklAcIPp6yhP+kEGW6b41hOoawNKjC0IsYBTD7
FWFCd6dtyx3fraNq2ezYUMMhO2+/THGER0xLVniUTIdQOVRUED4d
-----END CERTIFICATE-----