Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/nqZ7GhDSPgCGzLSuGDvs-3pw0oo.roa
File:                     nqZ7GhDSPgCGzLSuGDvs-3pw0oo.roa (raw, json)
Hash identifier:          blc3prvwN8OPZM2AQlrjbNiTHuRc0P8HVtTMfu4//lQ=
Subject key identifier:   9E:A6:7B:1A:10:D2:3E:00:86:CC:B4:AE:18:3B:EC:FB:7A:70:D2:8A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D0BDDAD234FAB3B9AC5DCAE2CB3D5F8E6
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/nqZ7GhDSPgCGzLSuGDvs-3pw0oo.roa
Signing time:             Fri 20 Mar 2026 15:29:30 +0000
ROA not before:           Fri 20 Mar 2026 15:29:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     201131
IP address blocks:        2.27.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:0b:dd:ad:23:4f:ab:3b:9a:c5:dc:ae:2c:b3:d5:f8:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 20 15:29:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=9ea67b1a10d23e0086ccb4ae183becfb7a70d28a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:12:48:31:d1:71:a0:34:4b:14:ec:0d:cf:a7:
                    a2:db:5d:f5:88:63:ac:b9:55:48:11:f7:aa:16:d0:
                    e0:7b:62:f5:26:d8:ff:6f:c7:4d:83:df:c6:76:df:
                    97:15:ed:02:64:0d:49:93:3e:d9:02:56:b8:29:63:
                    f7:dd:c0:4e:58:ef:c5:ce:a9:fb:6e:8f:66:d0:68:
                    0e:1c:ca:bd:2e:45:8a:29:dd:62:67:cc:3b:ff:e3:
                    75:16:d3:3c:b8:0e:df:6e:a0:91:49:a9:35:0b:9b:
                    a8:67:92:66:18:86:db:49:25:3a:dc:52:11:13:c0:
                    3b:49:a3:9c:31:b3:72:ca:13:3e:fc:c4:00:e1:f4:
                    f1:f7:bd:76:c9:84:7b:e9:61:1b:c7:72:5f:10:d1:
                    49:11:66:dc:c3:b3:af:16:c2:d0:7e:ef:c6:e0:30:
                    73:aa:53:4d:14:9c:8f:69:8d:73:65:78:1a:46:19:
                    f1:ff:5a:d3:f3:84:bc:7f:2b:d0:fa:5a:92:85:d7:
                    0f:d6:1b:19:5b:ba:2d:49:77:19:68:80:7f:12:1a:
                    07:99:a6:aa:76:ef:be:b2:7d:22:25:1b:79:d7:ea:
                    d0:f4:c5:c8:f5:27:0a:65:15:70:b6:f2:e8:34:a2:
                    c0:41:d8:95:f3:8d:b6:58:78:f6:52:9a:57:04:44:
                    94:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:A6:7B:1A:10:D2:3E:00:86:CC:B4:AE:18:3B:EC:FB:7A:70:D2:8A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/nqZ7GhDSPgCGzLSuGDvs-3pw0oo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:9d:5b:6f:20:86:69:7e:e4:88:e5:4d:e6:94:e3:e1:90:76:
         8d:91:ad:d9:1e:e2:8d:2c:8a:7b:ec:d3:eb:30:ce:78:45:de:
         21:50:51:cb:4a:27:13:a1:90:ad:0e:86:f9:8e:50:76:64:12:
         6e:03:80:d1:68:75:a2:58:67:a7:84:4b:ae:a8:d1:5f:f8:c0:
         57:d1:78:49:5f:13:79:99:b9:ae:84:bc:b0:bc:b0:a4:b5:39:
         db:66:96:fc:2c:63:6d:58:b1:15:94:4b:07:dd:02:e6:18:8d:
         b9:09:e4:7a:f7:8c:bb:bb:d0:78:60:95:50:61:36:58:34:43:
         ac:57:27:97:b4:a6:08:4c:65:98:ad:40:71:8d:24:16:71:ff:
         d1:b9:aa:8f:e4:f7:c6:41:ec:c8:5d:dd:63:65:d8:23:a8:be:
         21:4f:e8:fc:26:da:af:0a:a0:49:0a:b1:d5:82:00:e2:56:b7:
         c4:e7:d0:85:5d:54:c0:f9:61:d0:8b:73:2c:75:f0:55:6b:46:
         c5:59:63:9d:12:44:76:c6:8b:aa:ea:d2:61:8c:a5:85:71:93:
         3b:d3:9c:0f:a6:2c:2d:80:93:9b:22:16:8d:b3:32:9d:e3:a7:
         5e:96:eb:6c:28:46:d2:de:bb:0d:e4:57:0d:f6:c0:37:81:f1:
         4d:f4:84:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ0L3a0jT6s7msXcriyz1fjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzIwMTUyOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZWE2N2IxYTEwZDIzZTAwODZjY2I0YWUxODNiZWNmYjdhNzBkMjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsRJIMdFxoDRLFOwNz6ei2131iGOs
uVVIEfeqFtDge2L1Jtj/b8dNg9/Gdt+XFe0CZA1Jkz7ZAla4KWP33cBOWO/Fzqn7
bo9m0GgOHMq9LkWKKd1iZ8w7/+N1FtM8uA7fbqCRSak1C5uoZ5JmGIbbSSU63FIR
E8A7SaOcMbNyyhM+/MQA4fTx9712yYR76WEbx3JfENFJEWbcw7OvFsLQfu/G4DBz
qlNNFJyPaY1zZXgaRhnx/1rT84S8fyvQ+lqShdcP1hsZW7otSXcZaIB/EhoHmaaq
du++sn0iJRt51+rQ9MXI9ScKZRVwtvLoNKLAQdiV8422WHj2UppXBESU8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ6mexoQ0j4Ahsy0rhg77Pt6cNKKMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvbnFaN0doRFNQZ0NHekxTdUdEdnMtM3B3MG9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAht3MA0G
CSqGSIb3DQEBCwUAA4IBAQA1nVtvIIZpfuSI5U3mlOPhkHaNka3ZHuKNLIp77NPr
MM54Rd4hUFHLSicToZCtDob5jlB2ZBJuA4DRaHWiWGenhEuuqNFf+MBX0XhJXxN5
mbmuhLywvLCktTnbZpb8LGNtWLEVlEsH3QLmGI25CeR694y7u9B4YJVQYTZYNEOs
VyeXtKYITGWYrUBxjSQWcf/RuaqP5PfGQezIXd1jZdgjqL4hT+j8JtqvCqBJCrHV
ggDiVrfE59CFXVTA+WHQi3MsdfBVa0bFWWOdEkR2xouq6tJhjKWFcZM705wPpiwt
gJObIhaNszKd46delutsKEbS3rsN5FcN9sA3gfFN9IRk
-----END CERTIFICATE-----