Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/p3uM2c-XHIWGUPqpvC7y1tPl8G4.roa
File:                     p3uM2c-XHIWGUPqpvC7y1tPl8G4.roa (raw, json)
Hash identifier:          72N38KTj3W2TfxXSavpcgkCMstCD1lyidhOPNnabB6c=
Subject key identifier:   A7:7B:8C:D9:CF:97:1C:85:86:50:FA:A9:BC:2E:F2:D6:D3:E5:F0:6E
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019E9DFFDB4DC45484AE60ECC5376BC0CF52
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/p3uM2c-XHIWGUPqpvC7y1tPl8G4.roa
Signing time:             Sat 06 Jun 2026 17:34:11 +0000
ROA not before:           Sat 06 Jun 2026 17:34:11 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     41171
IP address blocks:        2.27.82.0/24 maxlen: 24
                          2.27.172.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 08 Jun 2026 12:28:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:9d:ff:db:4d:c4:54:84:ae:60:ec:c5:37:6b:c0:cf:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun  6 17:34:11 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a77b8cd9cf971c858650faa9bc2ef2d6d3e5f06e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:bb:0b:b5:18:05:0b:c7:39:1e:90:a0:86:df:
                    d4:75:49:bf:52:f2:0e:08:91:49:b6:bd:d4:db:5c:
                    f2:69:f9:fe:7e:f0:8c:d9:91:85:3c:65:c5:0b:fb:
                    d2:ba:ba:a5:bd:dc:54:35:99:10:c2:82:cb:8c:7e:
                    bc:e5:fc:2e:a5:41:36:8a:58:4d:a0:b9:71:6d:da:
                    67:49:8d:aa:da:a6:13:b7:d1:c7:41:3d:4e:f5:ca:
                    4c:0c:9f:80:47:31:b4:6b:96:98:99:2e:d7:46:be:
                    39:5d:7a:d5:fd:09:37:70:cf:13:07:d4:48:a4:8e:
                    19:e0:01:f7:95:3c:c6:5d:00:6f:35:56:2f:30:eb:
                    1f:05:6f:91:ea:e5:57:52:b5:d9:4d:b5:4e:d3:cb:
                    3f:2d:68:e5:41:52:18:6f:c0:90:77:8e:85:54:08:
                    dd:64:b1:60:9d:1b:f2:09:e8:7a:c9:d7:a8:02:b8:
                    70:03:bc:a3:6f:5d:f0:35:2f:cc:e1:64:21:ee:1e:
                    98:82:99:fd:b2:40:4b:66:ff:10:51:8b:6e:24:30:
                    f7:fc:0b:1a:fa:e7:8d:be:c9:12:81:fa:a1:6f:27:
                    fa:b6:ad:14:fd:07:de:6c:ee:31:97:c2:b8:2a:53:
                    7c:8c:de:96:5e:8f:cf:2a:1e:99:22:00:42:b0:38:
                    c8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:7B:8C:D9:CF:97:1C:85:86:50:FA:A9:BC:2E:F2:D6:D3:E5:F0:6E
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/p3uM2c-XHIWGUPqpvC7y1tPl8G4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.82.0/24
                  2.27.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ca:da:69:f0:01:56:f3:b3:b7:13:30:00:a1:5b:83:4c:4c:
         8d:f5:69:aa:bb:7e:b2:eb:d0:8e:08:c0:62:bb:f0:19:2c:cb:
         ea:33:ee:59:eb:a1:27:98:02:86:0c:0d:4a:5f:30:6a:a4:ca:
         89:76:fc:1b:38:27:1f:08:35:fe:a7:2f:25:54:05:bb:cd:9a:
         e9:1a:6b:f6:47:91:52:cb:73:72:24:93:78:0e:2b:51:bd:86:
         eb:87:63:9a:b5:68:46:42:1c:7c:15:67:2c:10:ca:ad:1e:a1:
         5c:c9:67:d2:c3:09:c9:42:72:dc:db:75:25:82:f9:71:bf:85:
         06:18:7e:3a:65:bc:a2:d4:1f:ec:a9:74:12:dc:66:a8:0e:c8:
         2e:aa:2e:42:bb:63:2d:19:02:9e:b8:b7:4c:46:61:6b:1a:05:
         e8:41:ae:a9:aa:23:22:68:33:1d:2f:41:9a:d0:24:de:ad:90:
         44:c7:da:4e:e0:2d:5a:55:a1:cc:0d:29:d5:4f:f9:c0:7c:a9:
         00:5c:84:2f:c6:6e:4c:95:82:fa:f2:10:49:a0:f9:fb:2f:da:
         e4:a8:c9:d0:4e:11:fc:f0:b7:64:9d:a6:10:49:2a:86:cb:fb:
         e2:42:5e:56:70:83:71:47:5e:d8:28:1f:79:dd:ba:12:20:b3:
         13:0a:40:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ6d/9tNxFSErmDsxTdrwM9SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjA2MTczNDExWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzdiOGNkOWNmOTcxYzg1ODY1MGZhYTliYzJlZjJkNmQzZTVmMDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7sLtRgFC8c5HpCght/UdUm/UvIO
CJFJtr3U21zyafn+fvCM2ZGFPGXFC/vSurqlvdxUNZkQwoLLjH685fwupUE2ilhN
oLlxbdpnSY2q2qYTt9HHQT1O9cpMDJ+ARzG0a5aYmS7XRr45XXrV/Qk3cM8TB9RI
pI4Z4AH3lTzGXQBvNVYvMOsfBW+R6uVXUrXZTbVO08s/LWjlQVIYb8CQd46FVAjd
ZLFgnRvyCeh6ydeoArhwA7yjb13wNS/M4WQh7h6Ygpn9skBLZv8QUYtuJDD3/Asa
+ueNvskSgfqhbyf6tq0U/QfebO4xl8K4KlN8jN6WXo/PKh6ZIgBCsDjI5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKd7jNnPlxyFhlD6qbwu8tbT5fBuMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcDN1TTJjLVhISVdHVVBxcHZDN3kxdFBsOEc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhtSAwQA
AhusMA0GCSqGSIb3DQEBCwUAA4IBAQBpytpp8AFW87O3EzAAoVuDTEyN9Wmqu36y
69COCMBiu/AZLMvqM+5Z66EnmAKGDA1KXzBqpMqJdvwbOCcfCDX+py8lVAW7zZrp
Gmv2R5FSy3NyJJN4DitRvYbrh2OatWhGQhx8FWcsEMqtHqFcyWfSwwnJQnLc23Ul
gvlxv4UGGH46Zbyi1B/sqXQS3GaoDsguqi5Cu2MtGQKeuLdMRmFrGgXoQa6pqiMi
aDMdL0Ga0CTerZBEx9pO4C1aVaHMDSnVT/nAfKkAXIQvxm5MlYL68hBJoPn7L9rk
qMnQThH88LdknaYQSSqGy/viQl5WcINxR17YKB953boSILMTCkDs
-----END CERTIFICATE-----