Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZp2O3xtA-LaT9Pe939VSi17KNo.roa
File:                     vZp2O3xtA-LaT9Pe939VSi17KNo.roa (raw, json)
Hash identifier:          N7nDgVOk0vX0B4+TWcQPYK3QiYfvoOeVOGWK85242rI=
Subject key identifier:   BD:9A:76:3B:7C:6D:03:E2:DA:4F:D3:DE:F7:7F:55:4A:2D:7B:28:DA
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019CF27883776BC052682E40B299EA1B64E9
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZp2O3xtA-LaT9Pe939VSi17KNo.roa
Signing time:             Sun 15 Mar 2026 17:08:30 +0000
ROA not before:           Sun 15 Mar 2026 17:08:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     397067
IP address blocks:        2.27.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:f2:78:83:77:6b:c0:52:68:2e:40:b2:99:ea:1b:64:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 15 17:08:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=bd9a763b7c6d03e2da4fd3def77f554a2d7b28da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:70:e8:ed:e1:b1:36:32:0b:4c:05:0b:29:72:
                    f2:73:4a:39:8e:3d:8f:9d:d0:dc:8f:2a:2d:7c:ea:
                    b3:63:46:a1:a2:97:e2:45:55:51:b6:1e:71:53:cb:
                    e4:3e:7a:11:51:5f:da:a5:24:f0:3b:b7:86:de:7f:
                    1c:cf:79:d0:34:02:fe:a9:52:5f:0c:bf:7c:aa:17:
                    91:fc:55:c3:f9:02:fe:d3:81:57:9a:96:c2:01:a3:
                    f6:bd:02:c7:28:15:72:05:b0:06:3e:4b:9d:22:4e:
                    f2:c6:86:17:13:6f:a5:e0:db:bb:a2:ca:5e:e8:cf:
                    35:33:c5:15:0c:d7:4e:ef:0d:97:75:d7:8e:56:85:
                    91:d0:07:09:fc:99:73:7a:18:c9:c4:31:40:cb:dc:
                    72:32:65:98:77:41:b5:9f:3d:27:44:66:ef:2a:49:
                    d8:f1:23:f8:c5:a9:4e:b9:9a:fd:fb:e3:de:b5:24:
                    7a:0b:da:31:dc:f0:68:bb:24:12:26:03:40:90:94:
                    44:cf:c6:f8:0e:1c:f0:3b:4e:0b:40:d7:f6:c2:ee:
                    6e:75:fe:1c:f6:d2:55:8b:91:4d:e2:1f:cc:ea:4b:
                    c1:a3:5b:b8:6f:6f:12:5a:d0:67:dd:61:f0:45:96:
                    89:e6:17:4f:a9:9f:14:53:f6:85:a4:89:3e:68:f7:
                    88:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:9A:76:3B:7C:6D:03:E2:DA:4F:D3:DE:F7:7F:55:4A:2D:7B:28:DA
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/vZp2O3xtA-LaT9Pe939VSi17KNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:d7:9c:56:66:b2:62:c6:87:f8:ab:0c:9f:9b:7c:e5:bb:b0:
         91:7b:07:57:65:82:aa:39:27:74:37:de:ca:e9:fb:4f:b7:c8:
         34:99:7a:fd:3d:a7:22:77:7b:38:d0:76:d7:7f:ec:f9:ac:88:
         73:e4:89:49:b7:21:cd:c4:37:22:82:99:4d:f5:03:d8:95:6f:
         cd:ff:9c:de:17:50:93:06:54:d3:95:65:e3:5d:fb:ef:c2:c6:
         03:f8:2e:eb:f9:a9:ba:bb:f8:46:b8:2f:21:1d:7a:8f:4b:b4:
         5f:52:f6:ec:22:25:5e:88:29:47:00:76:ae:ad:c5:46:20:ec:
         72:4d:56:09:3f:01:36:61:6e:a4:74:ce:59:4a:c7:5d:7d:2a:
         45:d0:43:c3:d3:19:88:a0:06:5a:ef:b8:81:9b:e6:ac:9a:cf:
         28:ad:3a:6f:6d:64:59:5d:96:7b:5e:0d:1b:ec:29:77:8a:56:
         b1:b2:46:ff:70:d4:6e:6f:37:e2:06:01:10:71:f6:a7:3d:46:
         08:6e:6f:c5:e3:4a:e3:53:52:19:70:2e:0f:69:0a:f4:9c:5c:
         a8:09:a5:c6:c7:bf:74:54:a8:6f:11:f7:e3:46:a4:2b:8d:61:
         73:a1:1c:d5:47:e5:d4:7c:e3:5a:86:8f:66:8f:7d:49:16:4c:
         8e:15:38:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZzyeIN3a8BSaC5AspnqG2TpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE1MTcwODMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDlhNzYzYjdjNmQwM2UyZGE0ZmQzZGVmNzdmNTU0YTJkN2IyOGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3Do7eGxNjILTAULKXLyc0o5jj2P
ndDcjyotfOqzY0ahopfiRVVRth5xU8vkPnoRUV/apSTwO7eG3n8cz3nQNAL+qVJf
DL98qheR/FXD+QL+04FXmpbCAaP2vQLHKBVyBbAGPkudIk7yxoYXE2+l4Nu7ospe
6M81M8UVDNdO7w2XddeOVoWR0AcJ/JlzehjJxDFAy9xyMmWYd0G1nz0nRGbvKknY
8SP4xalOuZr9++PetSR6C9ox3PBouyQSJgNAkJREz8b4DhzwO04LQNf2wu5udf4c
9tJVi5FN4h/M6kvBo1u4b28SWtBn3WHwRZaJ5hdPqZ8UU/aFpIk+aPeINwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2adjt8bQPi2k/T3vd/VUoteyjaMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdlpwMk8zeHRBLUxhVDlQZTkzOVZTaTE3S05vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhv6MA0G
CSqGSIb3DQEBCwUAA4IBAQBb15xWZrJixof4qwyfm3zlu7CRewdXZYKqOSd0N97K
6ftPt8g0mXr9Pacid3s40HbXf+z5rIhz5IlJtyHNxDcigplN9QPYlW/N/5zeF1CT
BlTTlWXjXfvvwsYD+C7r+am6u/hGuC8hHXqPS7RfUvbsIiVeiClHAHaurcVGIOxy
TVYJPwE2YW6kdM5ZSsddfSpF0EPD0xmIoAZa77iBm+asms8orTpvbWRZXZZ7Xg0b
7Cl3ilaxskb/cNRubzfiBgEQcfanPUYIbm/F40rjU1IZcC4PaQr0nFyoCaXGx790
VKhvEffjRqQrjWFzoRzVR+XUfONaho9mj31JFkyOFTi+
-----END CERTIFICATE-----