Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/wq8C3pfdMLC7TihWtlxzfRrLLps.roa
File:                     wq8C3pfdMLC7TihWtlxzfRrLLps.roa (raw, json)
Hash identifier:          NZrEZr2n6osbG6om78qOmrztSfZidWSAUefQNDkB3rg=
Subject key identifier:   C2:AF:02:DE:97:DD:30:B0:BB:4E:28:56:B6:5C:73:7D:1A:CB:2E:9B
Certificate issuer:       /CN=1c963e3d22847d466c262c20878c2780d8840003
Certificate serial:       019F05B94AA052CC917F8FE549FAEB1303CA
Authority key identifier: 1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/wq8C3pfdMLC7TihWtlxzfRrLLps.roa
Signing time:             Fri 26 Jun 2026 20:57:37 +0000
ROA not before:           Fri 26 Jun 2026 20:57:37 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     219393
IP address blocks:        2.26.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 Jul 2026 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9f:05:b9:4a:a0:52:cc:91:7f:8f:e5:49:fa:eb:13:03:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c963e3d22847d466c262c20878c2780d8840003
        Validity
            Not Before: Jun 26 20:57:37 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c2af02de97dd30b0bb4e2856b65c737d1acb2e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:23:57:67:5f:b3:80:95:de:0b:2b:bc:d6:8b:
                    1e:fe:58:e2:1d:f4:e1:7a:59:90:7b:9e:f6:1a:32:
                    2d:9d:ab:e9:f6:a4:ac:cb:53:38:a9:76:c9:64:b9:
                    99:9b:4a:e7:5d:50:7d:af:7a:8c:3a:6a:6b:9a:d4:
                    4d:b5:12:b0:7c:da:08:20:a9:94:44:4a:0c:56:3e:
                    36:8d:1d:04:7b:b8:c8:ad:ed:e1:6b:8b:bf:a0:2e:
                    c3:89:6f:7a:94:35:43:e8:3e:a0:6c:af:b8:1b:b2:
                    6f:4b:86:da:b8:98:0b:4a:f9:3b:95:ab:5a:ad:78:
                    d5:58:8f:00:58:3b:57:90:a3:61:d9:45:7e:6b:0d:
                    4f:f4:9b:d6:f6:fa:04:06:cb:8e:26:6d:ac:18:7f:
                    0e:95:6f:f3:bd:65:81:2e:55:8e:80:7d:a1:57:1f:
                    b9:68:dd:0d:99:a6:92:1f:1f:7f:b7:53:2d:3f:5a:
                    61:21:87:b1:14:24:c5:21:4d:a0:de:be:58:cc:28:
                    b3:5a:6e:ec:79:78:c0:66:80:33:e1:b1:a4:de:00:
                    b1:00:94:aa:fb:0b:2e:14:84:7a:c3:7a:b6:0d:3d:
                    d2:8b:22:6d:80:9f:30:ab:06:57:51:84:96:5a:2e:
                    5f:03:db:eb:ec:69:e4:ca:05:ce:2b:a4:28:51:9a:
                    c9:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:AF:02:DE:97:DD:30:B0:BB:4E:28:56:B6:5C:73:7D:1A:CB:2E:9B
            X509v3 Authority Key Identifier:
                keyid:1C:96:3E:3D:22:84:7D:46:6C:26:2C:20:87:8C:27:80:D8:84:00:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HJY-PSKEfUZsJiwgh4wngNiEAAM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/wq8C3pfdMLC7TihWtlxzfRrLLps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/38f128-ea82-4555-b514-143967a8fe08/1/HJY-PSKEfUZsJiwgh4wngNiEAAM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.26.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:26:eb:71:0c:c5:f2:80:43:e9:cf:ed:89:67:ba:5a:32:1b:
         a8:08:e4:63:62:bc:9e:b0:3c:f2:e7:a3:6f:47:03:ed:3a:f4:
         99:51:6d:a7:c2:43:d0:bb:e1:1f:87:2c:98:f7:84:d7:22:24:
         6e:6a:53:04:d9:9e:79:b3:2f:b6:b3:0d:c3:68:fd:5b:df:bb:
         e6:07:79:8b:a6:a2:72:e9:56:02:85:7c:5e:da:d2:39:1b:51:
         74:1a:19:83:6a:16:28:47:0b:0e:58:f3:28:7b:d1:35:dc:7d:
         c1:f8:74:a9:bb:18:98:48:1f:eb:b3:b1:cb:be:17:74:8f:88:
         d7:76:b4:c3:8a:2a:5d:30:d7:e7:59:96:45:70:b0:8a:e1:18:
         50:5e:f6:99:3d:5e:2e:c3:cb:6b:c2:70:7e:33:5d:5e:ba:37:
         02:7d:fb:b5:09:23:3d:51:86:0f:56:fd:f7:b0:99:59:85:21:
         36:0c:c1:cc:4e:00:40:f6:2c:cd:e7:22:30:eb:5c:23:89:f7:
         3a:26:87:14:0e:d2:da:f7:53:a5:9f:5a:4b:4a:61:4e:42:cc:
         05:64:f8:22:58:2e:48:f5:7c:0f:3c:17:c2:0f:84:3a:f8:f3:
         30:d6:ec:bb:2f:3d:a8:9c:af:82:83:77:dd:2c:33:a6:75:e1:
         ca:e3:c4:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ8FuUqgUsyRf4/lSfrrEwPKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjOTYzZTNkMjI4NDdkNDY2YzI2MmMyMDg3OGMyNzgwZDg4
NDAwMDMwHhcNMjYwNjI2MjA1NzM3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmFmMDJkZTk3ZGQzMGIwYmI0ZTI4NTZiNjVjNzM3ZDFhY2IyZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoyNXZ1+zgJXeCyu81ose/ljiHfTh
elmQe572GjItnavp9qSsy1M4qXbJZLmZm0rnXVB9r3qMOmprmtRNtRKwfNoIIKmU
REoMVj42jR0Ee7jIre3ha4u/oC7DiW96lDVD6D6gbK+4G7JvS4bauJgLSvk7lata
rXjVWI8AWDtXkKNh2UV+aw1P9JvW9voEBsuOJm2sGH8OlW/zvWWBLlWOgH2hVx+5
aN0NmaaSHx9/t1MtP1phIYexFCTFIU2g3r5YzCizWm7seXjAZoAz4bGk3gCxAJSq
+wsuFIR6w3q2DT3SiyJtgJ8wqwZXUYSWWi5fA9vr7GnkygXOK6QoUZrJJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMKvAt6X3TCwu04oVrZcc30ayy6bMB8GA1UdIwQY
MBaAFByWPj0ihH1GbCYsIIeMJ4DYhAADMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQt
MTQzOTY3YThmZTA4LzEvd3E4QzNwZmRNTEM3VGloV3RseHpmUnJMTHBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8zOGYxMjgtZWE4Mi00NTU1LWI1MTQtMTQzOTY3YThmZTA4
LzEvSEpZLVBTS0VmVVpzSml3Z2g0d25nTmlFQUFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhq9MA0G
CSqGSIb3DQEBCwUAA4IBAQBvJutxDMXygEPpz+2JZ7paMhuoCORjYryesDzy56Nv
RwPtOvSZUW2nwkPQu+EfhyyY94TXIiRualME2Z55sy+2sw3DaP1b37vmB3mLpqJy
6VYChXxe2tI5G1F0GhmDahYoRwsOWPMoe9E13H3B+HSpuxiYSB/rs7HLvhd0j4jX
drTDiipdMNfnWZZFcLCK4RhQXvaZPV4uw8trwnB+M11eujcCffu1CSM9UYYPVv33
sJlZhSE2DMHMTgBA9izN5yIw61wjifc6JocUDtLa91Oln1pLSmFOQswFZPgiWC5I
9XwPPBfCD4Q6+PMw1uy7Lz2onK+Cg3fdLDOmdeHK48Qv
-----END CERTIFICATE-----
Generated at Fri Jul 3 19:58:02 2026 by rpki-client