Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/scEkhyRB4kMlyQd_aQ0sz8eBUrU.roa
File:                     scEkhyRB4kMlyQd_aQ0sz8eBUrU.roa (raw, json)
Hash identifier:          NPY4u5r3CPcM56XOxACnlMSdDLMCAMS6pNYjpbkszd4=
Subject key identifier:   B1:C1:24:87:24:41:E2:43:25:C9:07:7F:69:0D:2C:CF:C7:81:52:B5
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CFC6D5787C175976801F657623DD4EB3A
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/scEkhyRB4kMlyQd_aQ0sz8eBUrU.roa
Signing time:             Tue 17 Mar 2026 15:32:30 +0000
ROA not before:           Tue 17 Mar 2026 15:32:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     16276
IP address blocks:        2.27.243.0/24 maxlen: 24
                          144.31.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:fc:6d:57:87:c1:75:97:68:01:f6:57:62:3d:d4:eb:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 17 15:32:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=b1c124872441e24325c9077f690d2ccfc78152b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:35:f5:b5:fb:47:53:40:ec:82:0e:a8:c3:07:
                    a6:51:b4:1f:1b:36:77:24:66:d8:44:e6:13:da:82:
                    92:e9:3a:1b:80:2f:fb:c9:0d:75:6c:eb:2c:b3:5e:
                    ba:69:02:0a:4f:2e:b3:71:b6:f2:fd:d1:02:51:03:
                    e4:13:4d:4a:ca:21:99:bc:ab:03:33:e2:07:e2:95:
                    23:c6:80:ef:69:7c:9c:8e:ab:8d:21:ae:7a:94:9e:
                    9e:64:8e:a3:b3:12:8b:aa:84:b4:cf:40:4a:a4:07:
                    58:64:72:33:df:c7:77:64:05:ee:1d:2f:1c:8e:cd:
                    27:c8:cb:07:e8:b8:97:52:b2:2e:24:43:25:ba:f3:
                    75:c4:c6:9d:e3:d5:5d:7c:bf:37:c1:b2:52:0f:12:
                    5a:0a:8e:77:42:36:db:7c:d1:56:e3:25:f8:37:bd:
                    ea:9d:bb:37:ab:32:66:e6:1d:78:4b:4a:0d:56:87:
                    5c:d1:0c:4c:87:c8:8b:cf:bc:14:54:d4:75:cb:7d:
                    12:75:7b:bd:61:76:53:be:7d:b7:71:a7:96:cb:c6:
                    d5:b8:30:3b:1d:02:3e:fd:d0:90:a0:e6:48:7d:5b:
                    1c:77:2b:b4:44:3a:76:75:29:85:75:dd:5f:16:e1:
                    1c:ac:31:85:d9:da:16:92:c5:7a:a4:72:c6:9b:7e:
                    15:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:C1:24:87:24:41:E2:43:25:C9:07:7F:69:0D:2C:CF:C7:81:52:B5
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/scEkhyRB4kMlyQd_aQ0sz8eBUrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.243.0/24
                  144.31.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:40:c2:41:a7:e9:38:52:65:aa:70:81:95:3c:80:f0:be:39:
         28:3e:72:d4:93:d1:37:21:d8:4c:8d:b2:ae:3c:5e:bb:33:e8:
         08:7b:57:65:b4:e7:91:eb:54:ff:aa:ac:ca:02:de:3e:c0:26:
         d1:9c:74:c2:b8:f9:6c:d1:06:24:88:56:2f:bd:a1:32:9a:a4:
         01:03:ef:ac:ed:19:4a:fc:46:e0:c8:7c:e1:79:11:bb:6c:89:
         8f:d2:09:fb:17:43:2e:92:59:1e:cd:4f:41:14:5f:bd:b4:10:
         70:a2:10:9b:da:84:8a:91:71:7d:ec:3e:8a:b7:12:b4:a3:ed:
         e3:3b:77:89:ff:cd:d3:89:05:ab:52:a5:92:44:71:6d:b3:8e:
         3a:6b:bc:4e:6c:b6:69:c0:c4:82:d2:9f:df:08:15:c5:76:77:
         c5:ba:46:ad:b4:90:8f:26:65:ff:02:cb:14:e5:41:49:0c:6c:
         55:3b:b2:8e:45:d7:94:97:0f:ec:41:85:0d:4f:b0:a6:4e:bb:
         11:8c:ee:bf:ad:cb:d2:df:8d:54:0c:b0:09:04:77:82:32:db:
         5d:cc:e0:67:40:7d:b2:21:9f:47:18:b9:0a:be:c9:de:e8:2a:
         ab:f3:b6:fd:80:4b:0c:69:44:47:06:fc:75:28:c2:1f:32:dc:
         f3:7d:07:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZz8bVeHwXWXaAH2V2I91Os6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE3MTUzMjMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWMxMjQ4NzI0NDFlMjQzMjVjOTA3N2Y2OTBkMmNjZmM3ODE1MmI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jX1tftHU0Dsgg6owwemUbQfGzZ3
JGbYROYT2oKS6TobgC/7yQ11bOsss166aQIKTy6zcbby/dECUQPkE01KyiGZvKsD
M+IH4pUjxoDvaXycjquNIa56lJ6eZI6jsxKLqoS0z0BKpAdYZHIz38d3ZAXuHS8c
js0nyMsH6LiXUrIuJEMluvN1xMad49VdfL83wbJSDxJaCo53QjbbfNFW4yX4N73q
nbs3qzJm5h14S0oNVodc0QxMh8iLz7wUVNR1y30SdXu9YXZTvn23caeWy8bVuDA7
HQI+/dCQoOZIfVscdyu0RDp2dSmFdd1fFuEcrDGF2doWksV6pHLGm34VxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLHBJIckQeJDJckHf2kNLM/HgVK1MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvc2NFa2h5UkI0a01seVFkX2FRMHN6OGVCVXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhvzAwQA
kB+VMA0GCSqGSIb3DQEBCwUAA4IBAQCGQMJBp+k4UmWqcIGVPIDwvjkoPnLUk9E3
IdhMjbKuPF67M+gIe1dltOeR61T/qqzKAt4+wCbRnHTCuPls0QYkiFYvvaEymqQB
A++s7RlK/EbgyHzheRG7bImP0gn7F0MuklkezU9BFF+9tBBwohCb2oSKkXF97D6K
txK0o+3jO3eJ/83TiQWrUqWSRHFts446a7xObLZpwMSC0p/fCBXFdnfFukattJCP
JmX/AssU5UFJDGxVO7KORdeUlw/sQYUNT7CmTrsRjO6/rcvS341UDLAJBHeCMttd
zOBnQH2yIZ9HGLkKvsne6Cqr87b9gEsMaURHBvx1KMIfMtzzfQc4
-----END CERTIFICATE-----