Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qxfms4M_DTep4enXc1rv6_BHFmo.roa
File:                     qxfms4M_DTep4enXc1rv6_BHFmo.roa (raw, json)
Hash identifier:          Sfjc5rl9XIyUQuN1DNInSMzGe5+aBq36sj1WnOt2MV0=
Subject key identifier:   AB:17:E6:B3:83:3F:0D:37:A9:E1:E9:D7:73:5A:EF:EB:F0:47:16:6A
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF3BA5FEB4C98051FA6DBCAEDD47CCCF9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qxfms4M_DTep4enXc1rv6_BHFmo.roa
Signing time:             Mon 04 May 2026 16:02:50 +0000
ROA not before:           Mon 04 May 2026 16:02:50 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     402306
IP address blocks:        2.27.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f3:ba:5f:eb:4c:98:05:1f:a6:db:ca:ed:d4:7c:cc:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  4 16:02:50 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=ab17e6b3833f0d37a9e1e9d7735aefebf047166a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:94:97:8d:4a:cb:4d:38:92:7c:d8:7d:4e:51:
                    53:2f:6a:08:c8:80:64:c9:66:a2:b8:d8:28:74:7f:
                    ba:b9:78:93:b8:05:3e:94:57:0f:91:0e:11:09:ea:
                    95:d7:fe:80:45:0b:b3:d6:51:93:f0:fe:8c:0b:c0:
                    ae:d9:b1:7e:01:e9:cd:81:9f:c4:72:d4:bf:f7:f2:
                    c6:6c:ce:41:b5:50:58:c0:6f:bc:68:bf:b9:f1:34:
                    21:d9:79:0b:a3:e3:0e:ac:3e:2c:5f:09:33:52:fd:
                    7c:18:bf:2d:ff:62:04:0f:a8:da:1e:a1:84:fb:37:
                    59:08:c6:6c:71:49:32:be:53:e2:f8:ab:d4:d7:38:
                    06:91:fd:7b:ed:c9:e1:d8:9d:a5:95:0e:53:f2:f1:
                    33:bf:d7:dd:ae:09:37:d3:dc:bb:95:0a:32:dd:5e:
                    49:88:ff:44:a2:87:ef:ce:14:dd:0f:4b:30:05:d2:
                    04:65:a5:d6:fc:90:5b:30:51:0d:2a:fa:65:80:8e:
                    35:91:6b:1f:72:17:49:a0:4a:fd:0f:56:1c:88:15:
                    ca:7b:e8:4d:0a:f3:ec:19:bd:94:12:b2:6e:1e:57:
                    44:f8:ec:ec:bb:33:17:7b:20:f1:44:cc:66:32:34:
                    b8:8e:a3:e7:1d:ef:a2:dc:40:c4:66:d4:c3:7b:e4:
                    6c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:17:E6:B3:83:3F:0D:37:A9:E1:E9:D7:73:5A:EF:EB:F0:47:16:6A
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/qxfms4M_DTep4enXc1rv6_BHFmo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:3f:af:81:ef:2e:b8:70:43:cd:90:75:2a:64:ba:94:e4:ee:
         e3:af:23:c3:d2:fc:d8:ba:29:94:ad:a7:1a:3b:27:5e:1d:a1:
         14:93:7a:36:97:00:78:4e:aa:38:98:c1:03:a0:f0:28:b5:08:
         f7:15:fb:8b:2c:d7:60:a9:80:20:94:57:4f:0a:3e:bf:68:c0:
         41:73:cf:74:9b:f2:7c:4e:4f:03:65:94:3e:02:0e:45:3e:bb:
         35:f7:7a:26:47:c7:37:6b:ef:65:93:5f:39:66:c3:f4:b8:14:
         8b:1a:fa:dc:02:a4:c6:ed:2f:e9:26:8f:17:ce:ca:3d:14:26:
         c6:40:70:38:0c:75:7d:99:11:77:b1:83:ad:3f:ba:e7:57:e0:
         43:10:f3:18:2e:09:61:48:28:dc:73:4d:5a:89:71:31:83:16:
         c6:9b:d6:f8:7e:e2:83:bb:9a:84:48:31:9d:6b:db:da:62:ab:
         07:3f:f2:fa:ed:d3:3c:85:23:3f:87:38:3a:ed:8b:dc:18:48:
         30:54:b2:77:9a:69:67:f6:42:66:0b:8a:15:6d:4c:32:e3:e7:
         51:9d:f1:83:46:3d:66:14:eb:4c:5e:b4:ef:f2:58:7e:18:d3:
         3f:8c:17:ca:7e:67:1a:68:0d:3e:2f:fb:83:c6:5c:30:b0:eb:
         46:e8:b4:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ3zul/rTJgFH6bbyu3UfMz5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTA0MTYwMjUwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYjE3ZTZiMzgzM2YwZDM3YTllMWU5ZDc3MzVhZWZlYmYwNDcxNjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5SXjUrLTTiSfNh9TlFTL2oIyIBk
yWaiuNgodH+6uXiTuAU+lFcPkQ4RCeqV1/6ARQuz1lGT8P6MC8Cu2bF+AenNgZ/E
ctS/9/LGbM5BtVBYwG+8aL+58TQh2XkLo+MOrD4sXwkzUv18GL8t/2IED6jaHqGE
+zdZCMZscUkyvlPi+KvU1zgGkf177cnh2J2llQ5T8vEzv9fdrgk309y7lQoy3V5J
iP9EoofvzhTdD0swBdIEZaXW/JBbMFENKvplgI41kWsfchdJoEr9D1YciBXKe+hN
CvPsGb2UErJuHldE+OzsuzMXeyDxRMxmMjS4jqPnHe+i3EDEZtTDe+RspQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKsX5rODPw03qeHp13Na7+vwRxZqMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvcXhmbXM0TV9EVGVwNGVuWGMxcnY2X0JIRm1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBAhvYMA0G
CSqGSIb3DQEBCwUAA4IBAQC1P6+B7y64cEPNkHUqZLqU5O7jryPD0vzYuimUraca
OydeHaEUk3o2lwB4Tqo4mMEDoPAotQj3FfuLLNdgqYAglFdPCj6/aMBBc890m/J8
Tk8DZZQ+Ag5FPrs193omR8c3a+9lk185ZsP0uBSLGvrcAqTG7S/pJo8Xzso9FCbG
QHA4DHV9mRF3sYOtP7rnV+BDEPMYLglhSCjcc01aiXExgxbGm9b4fuKDu5qESDGd
a9vaYqsHP/L67dM8hSM/hzg67YvcGEgwVLJ3mmln9kJmC4oVbUwy4+dRnfGDRj1m
FOtMXrTv8lh+GNM/jBfKfmcaaA0+L/uDxlwwsOtG6LRz
-----END CERTIFICATE-----