Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pgCRYRwLBhg9i9WiTTBvGp3XPTg.roa
File:                     pgCRYRwLBhg9i9WiTTBvGp3XPTg.roa (raw, json)
Hash identifier:          cXxWMosfbwu8J8zL0bB+4+cQ46ZvOLgP+9Ap22YasUk=
Subject key identifier:   A6:00:91:61:1C:0B:06:18:3D:8B:D5:A2:4D:30:6F:1A:9D:D7:3D:38
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CFD78AC29961E6EF02510DDEC4A8A6B6C
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pgCRYRwLBhg9i9WiTTBvGp3XPTg.roa
Signing time:             Tue 17 Mar 2026 20:24:29 +0000
ROA not before:           Tue 17 Mar 2026 20:24:29 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     203154
IP address blocks:        2.27.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fd:78:ac:29:96:1e:6e:f0:25:10:dd:ec:4a:8a:6b:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 17 20:24:29 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=a60091611c0b06183d8bd5a24d306f1a9dd73d38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:96:59:89:56:ed:0c:7d:9f:00:c6:7f:d6:27:
                    5f:45:c2:43:86:9e:fe:47:54:46:6e:7e:d0:c4:da:
                    e8:09:ef:62:17:70:bd:9c:a7:64:34:55:03:68:de:
                    99:a1:f7:aa:e3:c0:b0:55:c9:79:6f:ab:61:56:42:
                    1b:2c:e8:be:93:95:98:a9:d7:18:51:c4:f9:49:2f:
                    f2:d8:89:7c:c6:97:58:be:ae:ad:06:48:a9:8b:13:
                    10:0f:20:9d:af:d3:59:e5:23:ef:95:8f:7d:d7:9e:
                    ec:d3:a7:db:4f:c2:0f:ac:d9:0b:3d:4a:73:66:de:
                    14:b0:1b:82:4f:92:a5:03:a7:61:09:2e:1d:d1:b1:
                    64:1f:47:da:76:9e:cc:ea:35:70:c6:db:98:4b:13:
                    90:91:1a:41:41:63:24:6e:49:22:01:77:b9:23:e1:
                    3c:91:7b:d5:b6:5e:ba:39:4f:63:8a:9c:8c:7d:fd:
                    75:d5:9c:cc:e0:78:a0:c3:44:9a:90:a0:18:c5:1a:
                    ab:20:f3:e8:27:a7:38:a5:7d:b0:1e:7f:13:e7:7e:
                    62:0f:0b:9f:a1:47:0d:39:1f:ce:d2:de:b3:33:56:
                    71:33:49:e5:84:ea:b6:5f:0f:8e:12:0f:7a:45:9d:
                    2b:bb:60:bb:4e:19:d8:a0:55:08:77:3a:b4:58:1d:
                    b4:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:00:91:61:1C:0B:06:18:3D:8B:D5:A2:4D:30:6F:1A:9D:D7:3D:38
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/pgCRYRwLBhg9i9WiTTBvGp3XPTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:71:da:33:8c:b6:16:6f:70:d8:fc:dc:1f:21:87:2d:a9:b3:
         6e:37:6a:7c:ae:2c:96:11:7d:b3:d9:92:34:59:18:b0:aa:41:
         e6:e0:a7:c1:ce:ee:f4:ac:01:41:69:51:35:36:05:b7:dd:2b:
         d3:b0:b2:81:7b:02:e6:4e:ee:e3:bc:ab:b8:7d:cb:1d:cf:65:
         64:62:f1:83:4a:45:cd:a4:d8:e1:f7:aa:99:98:6e:81:71:25:
         16:a8:5e:cf:b3:6a:4d:06:12:78:5e:f2:5e:15:b7:e4:8b:b6:
         5a:a1:e8:ed:fc:bb:b6:85:c8:18:0e:a4:66:8c:83:0f:d5:da:
         8c:f5:8f:c0:22:d1:a7:70:d9:73:ae:e4:ae:da:51:1d:35:7c:
         2f:c3:14:87:07:1c:07:79:cc:e1:75:e7:2e:46:b2:95:e5:e8:
         2f:d4:24:e5:d3:e7:9f:b5:e9:fd:f4:fe:27:01:d6:90:eb:dc:
         2a:1c:b9:8e:20:fe:ec:d6:73:a1:32:b8:4f:e3:53:d9:11:62:
         f8:15:e1:e2:ee:4f:eb:ef:99:e0:4a:00:1a:fc:3e:88:f6:58:
         a6:3a:dc:cd:2d:83:46:8e:9f:f8:c5:33:a0:5f:b8:c9:61:85:
         13:77:cb:4b:ab:b7:99:cb:29:97:ba:5c:3b:1f:2c:2e:4d:20:
         d7:72:9c:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZz9eKwplh5u8CUQ3exKimtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE3MjAyNDI5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjAwOTE2MTFjMGIwNjE4M2Q4YmQ1YTI0ZDMwNmYxYTlkZDczZDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5ZZiVbtDH2fAMZ/1idfRcJDhp7+
R1RGbn7QxNroCe9iF3C9nKdkNFUDaN6Zofeq48CwVcl5b6thVkIbLOi+k5WYqdcY
UcT5SS/y2Il8xpdYvq6tBkipixMQDyCdr9NZ5SPvlY99157s06fbT8IPrNkLPUpz
Zt4UsBuCT5KlA6dhCS4d0bFkH0fadp7M6jVwxtuYSxOQkRpBQWMkbkkiAXe5I+E8
kXvVtl66OU9jipyMff111ZzM4Higw0SakKAYxRqrIPPoJ6c4pX2wHn8T535iDwuf
oUcNOR/O0t6zM1ZxM0nlhOq2Xw+OEg96RZ0ru2C7ThnYoFUIdzq0WB20QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKYAkWEcCwYYPYvVok0wbxqd1z04MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcGdDUllSd0xCaGc5aTlXaVRUQnZHcDNYUFRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhs4MA0G
CSqGSIb3DQEBCwUAA4IBAQCicdozjLYWb3DY/NwfIYctqbNuN2p8riyWEX2z2ZI0
WRiwqkHm4KfBzu70rAFBaVE1NgW33SvTsLKBewLmTu7jvKu4fcsdz2VkYvGDSkXN
pNjh96qZmG6BcSUWqF7Ps2pNBhJ4XvJeFbfki7Zaoejt/Lu2hcgYDqRmjIMP1dqM
9Y/AItGncNlzruSu2lEdNXwvwxSHBxwHeczhdecuRrKV5egv1CTl0+eften99P4n
AdaQ69wqHLmOIP7s1nOhMrhP41PZEWL4FeHi7k/r75ngSgAa/D6I9limOtzNLYNG
jp/4xTOgX7jJYYUTd8tLq7eZyymXulw7HywuTSDXcpz9
-----END CERTIFICATE-----