Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/w3-ZJpDmNS83mld8lo_Ov_voDvk.roa
File:                     w3-ZJpDmNS83mld8lo_Ov_voDvk.roa (raw, json)
Hash identifier:          6bFrIXkHWFWjISkMSbsVh0BMFRhlsoPLcSHm3vKlMbA=
Subject key identifier:   C3:7F:99:26:90:E6:35:2F:37:9A:57:7C:96:8F:CE:BF:FB:E8:0E:F9
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019D06E5176A8B3082443B91479109EDD738
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/w3-ZJpDmNS83mld8lo_Ov_voDvk.roa
Signing time:             Thu 19 Mar 2026 16:19:30 +0000
ROA not before:           Thu 19 Mar 2026 16:19:30 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     63199
IP address blocks:        2.27.249.0/24 maxlen: 24
                          144.31.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 22 Mar 2026 05:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:06:e5:17:6a:8b:30:82:44:3b:91:47:91:09:ed:d7:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Mar 19 16:19:30 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c37f992690e6352f379a577c968fcebffbe80ef9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:cb:3c:42:07:7a:72:54:10:8e:c9:a3:1a:4f:
                    95:e4:ab:fb:9d:24:29:3e:f7:19:ac:36:88:d9:c2:
                    ef:48:f2:1f:15:b4:1c:35:d4:06:72:27:7f:a3:47:
                    42:df:41:72:09:a8:92:4e:a7:8f:04:90:2d:c4:9d:
                    7d:45:08:5e:8d:70:81:af:99:32:e1:ee:dd:ce:6c:
                    02:87:bf:46:f2:46:47:15:5f:a5:fd:44:bd:98:06:
                    53:ca:ba:d8:59:a0:ec:41:59:64:42:ae:9a:cd:ac:
                    65:f0:90:c0:c3:f5:97:c8:e0:f1:8a:55:5a:02:2d:
                    b7:c0:36:50:85:cc:21:53:33:f2:1d:ec:fe:3c:cb:
                    a8:4b:88:a0:ef:3c:1f:71:8a:22:d0:14:b3:cd:3b:
                    b8:ec:be:4c:0a:1f:ce:50:01:1d:48:34:7b:60:d9:
                    f3:98:81:17:da:a8:dd:b1:c6:aa:dd:68:c8:0c:6a:
                    e4:44:c2:e9:4e:fd:83:e1:02:d5:eb:0e:ff:9c:56:
                    b0:61:11:ce:09:49:46:3b:09:41:55:c5:f2:3e:68:
                    63:72:7b:6d:a5:3c:78:75:f9:a1:da:48:65:85:f0:
                    2b:43:87:cf:e2:48:e0:45:e1:af:68:0e:3b:6e:ee:
                    77:25:45:4a:e1:c3:98:e8:6e:66:11:03:e0:00:e2:
                    24:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:7F:99:26:90:E6:35:2F:37:9A:57:7C:96:8F:CE:BF:FB:E8:0E:F9
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/w3-ZJpDmNS83mld8lo_Ov_voDvk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.27.249.0/24
                  144.31.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:d7:67:15:db:08:dd:f2:f1:48:a3:9d:78:e3:9c:82:62:45:
         35:4b:8d:89:db:30:ff:f2:a8:92:18:94:1b:61:a9:50:f3:9e:
         dc:a3:ed:6b:a0:5b:9a:35:e3:bf:d3:14:97:38:76:e7:b9:fa:
         e9:82:f0:cd:50:06:f3:b3:36:1a:f3:91:eb:81:15:7b:60:78:
         97:3c:7c:08:32:fb:69:4f:74:4b:b4:8c:14:2c:7b:28:f0:29:
         7e:92:d6:9c:a3:66:7a:cb:fa:14:09:ed:0b:a5:3b:1a:2f:09:
         5d:ed:17:b1:a3:13:cd:93:35:ee:aa:21:4e:7b:cf:5d:f4:55:
         d8:6c:83:4b:c6:22:3c:d3:84:49:09:a7:e0:54:a7:6e:d1:e2:
         19:51:0f:2f:3d:8d:2e:03:c4:8b:84:10:04:22:8e:30:4b:86:
         a8:a5:0c:b0:53:c0:d7:01:b7:f4:46:da:77:ac:64:47:32:c9:
         9f:ea:61:87:29:57:21:5e:36:32:19:25:d4:0b:4d:4b:35:0c:
         5a:13:3f:bd:72:a0:3a:e0:f3:7b:09:39:16:e9:ae:d5:a2:32:
         5f:98:82:fa:af:15:5a:da:6f:2f:9a:51:48:96:a6:5b:54:fe:
         67:a2:36:16:a9:fc:09:f7:d6:70:75:0b:66:80:18:dd:87:0f:
         51:ec:2b:ca
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ0G5RdqizCCRDuRR5EJ7dc4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwMzE5MTYxOTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzdmOTkyNjkwZTYzNTJmMzc5YTU3N2M5NjhmY2ViZmZiZTgwZWY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx8s8Qgd6clQQjsmjGk+V5Kv7nSQp
PvcZrDaI2cLvSPIfFbQcNdQGcid/o0dC30FyCaiSTqePBJAtxJ19RQhejXCBr5ky
4e7dzmwCh79G8kZHFV+l/US9mAZTyrrYWaDsQVlkQq6azaxl8JDAw/WXyODxilVa
Ai23wDZQhcwhUzPyHez+PMuoS4ig7zwfcYoi0BSzzTu47L5MCh/OUAEdSDR7YNnz
mIEX2qjdscaq3WjIDGrkRMLpTv2D4QLV6w7/nFawYRHOCUlGOwlBVcXyPmhjcntt
pTx4dfmh2khlhfArQ4fP4kjgReGvaA47bu53JUVK4cOY6G5mEQPgAOIkywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMN/mSaQ5jUvN5pXfJaPzr/76A75MB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvdzMtWkpwRG1OUzgzbWxkOGxvX092X3ZvRHZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAAhv5AwQA
kB8uMA0GCSqGSIb3DQEBCwUAA4IBAQBU12cV2wjd8vFIo51445yCYkU1S42J2zD/
8qiSGJQbYalQ857co+1roFuaNeO/0xSXOHbnufrpgvDNUAbzszYa85HrgRV7YHiX
PHwIMvtpT3RLtIwULHso8Cl+ktaco2Z6y/oUCe0LpTsaLwld7RexoxPNkzXuqiFO
e89d9FXYbINLxiI804RJCafgVKdu0eIZUQ8vPY0uA8SLhBAEIo4wS4aopQywU8DX
Abf0Rtp3rGRHMsmf6mGHKVchXjYyGSXUC01LNQxaEz+9cqA64PN7CTkW6a7VojJf
mIL6rxVa2m8vmlFIlqZbVP5nojYWqfwJ99ZwdQtmgBjdhw9R7CvK
-----END CERTIFICATE-----