Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vIL5eKzQDDkKaOwPRQJKX6whKBI.roa
File:                     vIL5eKzQDDkKaOwPRQJKX6whKBI.roa (raw, json)
Hash identifier:          RPzNVgx1WRiW1aSFavI15oA3l9x7q+Q1Vg213LXV7gw=
Subject key identifier:   BC:82:F9:78:AC:D0:0C:39:0A:68:EC:0F:45:02:4A:5F:AC:21:28:12
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019DF03505AAB3179CE9E4AB69957B7CAB22
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vIL5eKzQDDkKaOwPRQJKX6whKBI.roa
Signing time:             Sun 03 May 2026 23:38:19 +0000
ROA not before:           Sun 03 May 2026 23:38:19 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     199783
IP address blocks:        2.26.164.0/24 maxlen: 24
                          31.77.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 May 2026 07:02:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:f0:35:05:aa:b3:17:9c:e9:e4:ab:69:95:7b:7c:ab:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: May  3 23:38:19 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bc82f978acd00c390a68ec0f45024a5fac212812
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:3d:9f:5a:fc:be:ba:d3:f6:45:59:f0:38:11:
                    df:dc:b1:96:40:35:9f:e7:a2:7c:d8:f3:a2:e8:2d:
                    cb:70:7b:2a:19:b6:27:59:49:2f:8a:09:60:3f:f4:
                    b4:33:97:a4:56:76:5a:19:44:aa:13:66:b8:cb:82:
                    a5:43:7a:36:55:7b:c3:45:54:ce:7d:d8:9c:ac:c3:
                    fc:c9:03:b3:cb:eb:0b:55:08:5b:c7:43:82:db:d6:
                    5d:c7:e9:b6:0f:32:ae:f3:44:99:46:b7:75:7b:da:
                    3a:7b:2e:36:7e:93:37:23:36:05:b7:16:05:d8:5f:
                    7c:ea:3e:1f:94:b0:af:23:2b:f4:b4:bd:07:9b:9b:
                    fe:5a:46:04:06:d0:ed:01:b7:d6:02:fb:18:ee:6e:
                    e5:da:eb:93:c0:c1:f6:f2:2f:5c:f5:c7:c0:d4:9f:
                    d3:1a:de:01:52:f8:2f:62:ef:d5:f6:c6:ad:d9:2c:
                    0a:65:0d:1f:a5:ef:54:17:13:e3:c7:45:58:d2:eb:
                    7b:b6:00:99:10:33:fa:aa:bf:8c:64:8c:83:f5:12:
                    08:59:21:20:b9:20:a1:88:3b:1c:52:c6:9f:99:b1:
                    9a:54:d5:0d:d8:df:63:36:64:98:4f:ca:01:56:93:
                    fe:bf:45:92:dc:bb:f8:c7:c6:f8:e6:40:16:60:4b:
                    ab:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:82:F9:78:AC:D0:0C:39:0A:68:EC:0F:45:02:4A:5F:AC:21:28:12
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vIL5eKzQDDkKaOwPRQJKX6whKBI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.164.0/24
                  31.77.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:3b:0d:c9:19:4a:85:6b:25:9a:1c:78:13:6c:aa:94:df:e5:
         8f:9f:f8:54:13:84:da:d9:de:df:1f:42:b4:9d:90:dc:cc:84:
         8e:03:8c:53:9e:5f:65:1f:53:f2:ac:63:26:8c:62:87:42:dc:
         2a:7e:24:0a:3c:70:75:f6:fc:fc:64:8d:7c:d9:a9:6f:6b:53:
         df:aa:9c:15:a6:c3:15:0a:84:c0:8c:a1:b0:0c:07:4e:63:87:
         f4:13:cd:7b:34:93:78:84:cc:f5:ac:00:69:88:ca:91:3a:82:
         9d:b5:d4:6d:35:ae:5a:e0:c2:5f:de:cb:52:33:42:b1:e9:47:
         ce:15:5a:7f:4e:d3:d8:35:03:cd:37:81:21:95:9c:3b:a1:b0:
         cb:2c:d5:4f:70:43:fe:07:84:a7:73:86:82:d9:32:ea:5a:99:
         be:85:2f:73:56:52:57:b2:fd:eb:3c:72:09:ff:c3:21:e7:88:
         ac:e1:63:ee:f0:17:3d:44:28:2f:af:cf:6e:b7:d7:54:52:22:
         17:b2:ca:82:37:ed:37:a1:01:2a:35:77:eb:60:5a:ed:0e:9d:
         3a:1f:64:6c:c5:af:95:dc:d7:91:7d:95:52:50:d2:a7:e5:4a:
         1c:81:41:58:7e:92:9d:f2:d7:3a:2e:00:df:08:dd:e3:68:c0:
         d6:89:dd:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ3wNQWqsxec6eSraZV7fKsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNTAzMjMzODE5WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzgyZjk3OGFjZDAwYzM5MGE2OGVjMGY0NTAyNGE1ZmFjMjEyODEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7D2fWvy+utP2RVnwOBHf3LGWQDWf
56J82POi6C3LcHsqGbYnWUkviglgP/S0M5ekVnZaGUSqE2a4y4KlQ3o2VXvDRVTO
fdicrMP8yQOzy+sLVQhbx0OC29Zdx+m2DzKu80SZRrd1e9o6ey42fpM3IzYFtxYF
2F986j4flLCvIyv0tL0Hm5v+WkYEBtDtAbfWAvsY7m7l2uuTwMH28i9c9cfA1J/T
Gt4BUvgvYu/V9sat2SwKZQ0fpe9UFxPjx0VY0ut7tgCZEDP6qr+MZIyD9RIIWSEg
uSChiDscUsafmbGaVNUN2N9jNmSYT8oBVpP+v0WS3Lv4x8b45kAWYEurRQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLyC+Xis0Aw5CmjsD0UCSl+sISgSMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdklMNWVLelFERGtLYU93UFJRSktYNndoS0JJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhqkAwQA
H03bMA0GCSqGSIb3DQEBCwUAA4IBAQCGOw3JGUqFayWaHHgTbKqU3+WPn/hUE4Ta
2d7fH0K0nZDczISOA4xTnl9lH1PyrGMmjGKHQtwqfiQKPHB19vz8ZI182alva1Pf
qpwVpsMVCoTAjKGwDAdOY4f0E817NJN4hMz1rABpiMqROoKdtdRtNa5a4MJf3stS
M0Kx6UfOFVp/TtPYNQPNN4EhlZw7obDLLNVPcEP+B4Snc4aC2TLqWpm+hS9zVlJX
sv3rPHIJ/8Mh54is4WPu8Bc9RCgvr89ut9dUUiIXssqCN+03oQEqNXfrYFrtDp06
H2Rsxa+V3NeRfZVSUNKn5UocgUFYfpKd8tc6LgDfCN3jaMDWid2w
-----END CERTIFICATE-----